This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • June 20th 2022: 4.1.15 release

  • March 10th 2022: 4.1.14 release

  • January 28th 2022: 4.1.13 release

  • November 5th 2021: 4.1.12 release

  • September 30th, 2021: 4.1.11 release

  • August 17th, 2021: 4.1.10 release

  • July 7th, 2021: 4.1.9 release

  • June 22nd, 2021: 4.1.8 release

  • April 15th, 2021: 4.1.7 release

  • March 19th, 2021: 4.1.6 release

  • February 25th, 2021: 4.1.5.1 release

  • January 27th, 2021: 4.1.5 release

  • December 10th, 2020: 4.1.4 release

  • November 5th, 2020: 4.1.3 release

  • October 1st, 2020: 4.1.2 release

  • August 28th, 2020: 4.1.1 release

  • July 21st, 2020: 4.1.0 release

About SUSE Manager Proxy 4.1

SUSE Manager Proxy provides mirroring proxy support for large and distributed environments.

Operation of the proxy is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server, and like a server to the managed clients. Managed clients talk to the proxy only, and the proxy in turn communicates to the SUSE Manager Server.

All software packages that pass the SUSE Manager Proxy are cached and subsequent client requests for these packages are resolved from the cache.

System Requirements

SUSE Manager Proxy is available for x86_64 architecture only. We recommend you have at least 8 GB main memory, and approximately 50 GB of disk space per distribution or channel.

Consider additional disk space required for storing images for retail terminals.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/4.1/.

SUSE Manager Proxy Distribution

SUSE Manager Proxy 4.1 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 SP2. No separate SUSE Linux Enterprise subscription is required.

Installation and Setup

Installation of SUSE Manager Proxy 4.1 is done with the SUSE Manager Server 4.1 Web interface.

For more details on installing and configuring SUSE Manager Proxy 4.1, see the Installation Guide on https://documentation.suse.com/suma/4.1/.

Upgrade from Version 4.0

To upgrade an existing SUSE Manager Proxy 4.0 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Upgrade from Version 3.2

To upgrade an existing SUSE Manager Proxy 3.2 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

SUSE Manager Server Versions

SUSE Manager Proxy 4.1 works only with SUSE Manager 4.1 Server.

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and later.

The combination of SUSE Manager 4.1 Server with SUSE Manager 3.2 Proxy or SUSE Manager 3.2 Retail Branch Server is not supported.

Major changes since SUSE Manager Proxy 4.1 GA

Features and changes

Version 4.1.15

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy, Retail Branch server and some Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11.10 is used).

Salt 3004 only works with Python 3.5+, therefore:

  • Salt 3004 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, Debian 10 and 11. There is no Python 2 version for Salt 3004.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CentOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided for Salt 3000.

  • Salt 2016.11.10 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details, see the Salt 3004 upstream release notes.

Version 4.1.14

Bugfix release.

Version 4.1.13

Bugfix release.

Version 4.1.12

Bugfix release.

Version 4.1.11

Prometheus available for SUSE Manager Proxy and Retail Branch Server

From this version and later, the Prometheus package will also be available for SUSE Manager Proxy and Retail Branch Server. In case you plan to use the branch server or proxy as a monitoring server with Prometheus, be aware that Prometheus demands additional hardware resources.

Version 4.1.10

Bugfix release.

Version 4.1.9

Bugfix release.

Version 4.1.8

This is a bugfix release which also introduces several features, backported from SUSE Manager 4.2.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  • Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux and SLES Expanded Support), Ubuntu 18.04 and 20.04, and Debian 10. Only a Python 3 version is provided.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux and SLES Expanded Support) and Debian 9. Only a Python 2 version is provided. SLE 12 additionally provides a Python 3 version.

  • Salt 2016.11 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details about changes in your manually-created Salt states, see the Salt 3001 and Salt 3002 upstream release notes.

Version 4.1.7

Bugfix release

New products enabled
  • MicroFocus Open Enterprise Server 2018 SP3

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.

Reactivation keys can be used to re-register a previously registered client and regain all SUSE Manager settings. This is useful for cases such as moving clients from directly registered to the SUSE Manager Server, to registered to a SUSE Manager Proxy (or Retail Branch Server), or when reinstalling, or in several other cases.

SUSE Manager now supports the combination of reactivation keys and bootstrap scripts: you can specify a reactivation key in the bootstrap script to re-register systems. For example, this helps if your SUSE Manager Server has too many clients directly attached and you want to bulk move them to a SUSE Manager Proxy (or Retail Branch Server).

Version 4.1.6

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.

Since this kind of certificates are becoming popular amongst users with their own Certificate Authority, we have implemented support.

Version 4.1.5.1

Fixes for Salt security issues

You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Version 4.1.5

Bugfix release

Fixes for Salt security issues

You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Version 4.1.4

Bugfix release

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592. You should patch all your SUSE Manager Server, Proxy, Retail Branch Server and Salt minions as soon as possible.

DNSSEC enabled by default by bind update

With the update of ISC bind to version 9.16.6 on SLES 15 SP1 and SP2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.

The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of SUSE Manager. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind and set:

dnssec-enable no; dnssec-validation no;

Version 4.1.2

Bugfix release.

New products enabled
  • SUSE Linux Enterprise Real Time 15 SP2

Version 4.1.1

Bugfix release.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.15

golang-github-QubitProducts-exporter_exporter:

  • Adapted to build on Enterprise Linux.

  • Fix build for RedHat 7

  • Require Go >= 1.14 also for CentOS

  • Add support for CentOS

  • Replace %{?systemd_requires} with %{?systemd_ordering}

golang-github-lusitaniae-apache_exporter:

  • Require building with Go 1.15

  • Add %license macro for LICENSE file

golang-github-prometheus-node_exporter:

  • Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114)

  • Update to 1.3.0

    • [CHANGE] Add path label to rapl collector #2146

    • [CHANGE] Exclude filesystems under /run/credentials #2157

    • [CHANGE] Add TCPTimeouts to netstat default filter #2189

    • [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771

    • [FEATURE] Add darwin powersupply collector #1777

    • [FEATURE] Add support for monitoring GPUs on Linux #1998

    • [FEATURE] Add Darwin thermal collector #2032

    • [FEATURE] Add os release collector #2094

    • [FEATURE] Add netdev.address-info collector #2105

    • [FEATURE] Add clocksource metrics to time collector #2197

    • [ENHANCEMENT] Support glob textfile collector directories #1985

    • [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080

    • [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165

    • [ENHANCEMENT] Add flag to disable guest CPU metrics #2123

    • [ENHANCEMENT] Add DMI collector #2131

    • [ENHANCEMENT] Add threads metrics to processes collector #2164

    • [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169

    • [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189

    • [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208

    • [BUGFIX] ethtool: Sanitize metric names #2093

    • [BUGFIX] Fix ethtool collector for multiple interfaces #2126

    • [BUGFIX] Fix possible panic on macOS #2133

    • [BUGFIX] Collect flag_info and bug_info only for one core #2156

    • [BUGFIX] Prevent duplicate ethtool metric names #2187

  • Update to 1.2.2

    • Bug fixes Fix processes collector long int parsing #2112

  • Update to 1.2.1

    • Removed Remove obsolete capture permission denied error patch capture-permission-denied-error-energy_uj.patch: Already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092

  • Update to 1.2.0

    • Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203

    • Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062

    • Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067

  • Apply patch to capture permission denied error for "energy_uj" file (bsc#1190535)

patterns-suse-manager:

  • Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter

spacecmd:

  • Version 4.1.18-1

spacewalk-backend:

  • Version 4.1.31-1

    • Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238)

    • Fix virt_notify SQL syntax error (bsc#1199528)

    • Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142)

    • Improve parsing deb packages dependencies (bsc#1194594)

    • Fix reposync update notice formatting and date parsing (bsc#1194447)

    • implement more decompression algorithms for reposync (bsc#1196704)

spacewalk-web:

  • Version 4.1.33-1

    • Added support for end of life notifications

Version 4.1.14

spacecmd:

  • Version 4.1.17-1

    • Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363)

spacewalk-web:

  • Version 4.1.32-1

    • Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)

Version 4.1.13

mgr-custom-info:

  • Version 4.1.2-1

    • require python macros for building

mgr-osad:

  • Version 4.1.6-1

    • require python macros for building

spacecmd:

  • Version 4.1.16-1

    • require python macros for building

spacewalk-backend:

  • Version 4.1.30-1

    • Add headers to update proxy auth token in listChannels (bsc#1193585)

    • require python macros for building

    • Fix the IS_SUSE variable in spacewalk-debug

    • exchange zypp-plugin dependency to use the python3 version (bsc#1192514)

    • Minor spec update.

    • Added RHN config parameter httpd_config_dir.

spacewalk-certs-tools:

  • Version 4.1.20-1

    • Make bootstrap script to use bash when called with a different interpreter (bsc#1191656)

spacewalk-client-tools:

  • Version 4.1.11-1

    • require python macros for building

spacewalk-oscap:

  • Version 4.1.2-1

    • require python macros for building

spacewalk-proxy:

  • Version 4.1.7-1

    • Update the token in case a channel can’t be found in the cache. (bsc#1193585)

    • Fix traceback on handling sslerror (bsc#1187673)

spacewalk-remote-utils:

  • Version 4.1.2-1

    • require python macros for building

suseRegisterInfo:

  • Version 4.1.4-1

    • require python macros for building

uyuni-common-libs:

  • Version 4.1.10-1

    • Read modularity data from DISTTAG tag as fallback (bsc#1192487)

    • require python macros for building

Version 4.1.12

spacecmd:

  • Version 4.1.15-1

    • configchannel_updatefile handles directory properly (bsc#1190512)

spacewalk-backend:

  • Version 4.1.29-1

    • Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538)

    • handle download of metadata filesnames with checksums (bsc#1188315)

    • Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)

spacewalk-certs-tools:

  • Version 4.1.18-1

    • set key format to PEM when generating key for traditional clients push ssh (bsc#1189643)

spacewalk-proxy:

  • Version 4.1.6-1

    • remove SSLProtocol configuration which should be done in the ssl configuration file

spacewalk-proxy-installer:

  • Version 4.1.8-1

    • use system default for SSLProtocol

Version 4.1.11

spacecmd:

  • Add schedule_archivecompleted to mass archive actions (bsc#1181223)

  • Use proper ordering when listing activationkey

  • Remove whoami from the list of unauthenticated commands (bsc#1188977)

  • Make schedule_deletearchived to get all actions without display limit

  • Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-backend:

  • Fix typo "verfication" instead of "verification"

spacewalk-web:

  • Fix timezone offset shifted by JS Date Object (bsc#1187150)

susemanager-build-keys:

  • Add Debian 11 keys

susemanager-tftpsync-recv:

  • Adapt configure-tftpsync.sh to work on machines with multiple IP’s (bsc#1189263)

Version 4.1.10

spacecmd:

  • Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)

spacewalk-backend:

  • Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)

  • Show better error message when reposync failed

spacewalk-proxy-installer:

  • Add new refresh_pattern to the squid.conf to fix a case where the repodata was invalid due to being cached (bsc#1186026)

spacewalk-web:

  • Update web UI version to 4.1.10

uyuni-common-libs:

  • Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)

Version 4.1.9

spacecmd:

  • Enhance help for installation types when creating distributions (bsc#1186581)

spacewalk-backend:

  • Check if batch needs to be imported even after failure (bsc#1183151)

  • Fix downloading comps files by matching type in repomd.xml (bsc#1186653)

  • Added logging for dpkg repository detection

spacewalk-web:

  • Do not render the section toolbar if it is empty

Version 4.1.8

golang-github-prometheus-node_exporter:

  • Update to 1.1.2

    • Bug fixes + Handle errors from disabled PSI subsystem + Sanitize strings from /sys/class/power_supply + Silence missing netclass errors + Fix ineffassign issue + Fix some noisy log lines + filesystem_freebsd: Fix label values + Fix various procfs parsing errors + Handle no data from powersupplyclass + udp_queues_linux.go: change upd to udp in two error strings + Fix node_scrape_collector_success behaviour + Fix NodeRAIDDegraded to not use a string rule expressions + Fix node_md_disks state label from fail to failed + Handle EPERM for syscall in timex collector + bcache: fix typo in a metric name + Fix XFS read/write stats

    • Changes + Improve filter flag names + Add btrfs and powersupplyclass to list of exporters enabled by default

    • Features + Add fibre channel collector + Expose cpu bugs and flags as info metrics + Add network_route collector + Add zoneinfo collector

    • Enhancements + Add more InfiniBand counters + Add flag to aggr ipvs metrics to avoid high cardinality metrics + Adding backlog/current queue length to qdisc collector + Include TCP OutRsts in netstat metrics + Add pool size to entropy collector + Remove CGO dependencies for OpenBSD amd64 + bcache: add writeback_rate_debug status + Add check state for mdadm arrays via node_md_state metric + Expose XFS inode statistics + Expose zfs zpool state + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable

  • Do not include sources (bsc#1151558)

  • Remove rc symlink

patterns-suse-manager:

  • Add require for py27-compat-salt (Salt 3002 does not provide python2-salt anymore)

spacewalk-backend:

  • Fail traditional errata and package actions when they act on retracted items

  • Add advisory_status to reposync and ISS

  • Add minrate/timeout configuration values for downloading DEB/RPM packages

  • switch to www group for satellite logs (bsc#1185097)

  • Fix binary blob corruptions in tradidional config file deployment (bsc#1183864)

  • Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351)

spacewalk-certs-tools:

  • Fix typo: activaion -> activation

  • Add support of DISABLE_LOCAL_REPOS=0 for salt minions (bsc#1185568)

  • Add missing environment variable SALT_RUNNING for pkg module to the minion configuration

spacewalk-proxy:

  • prevent stopping publishing messages on XPUB socket of salt-broker (bsc#1182954)

  • using Loader=yaml.SafeLoader for yaml.load as using yaml.load without Loader is deprecated as the default Loader is unsafe

spacewalk-web:

  • Show the info about unsynced patches in the Content Lifecycle Management screens

Version 4.1.7

golang-github-boynux-squid_exporter:

  • Build requires Go 1.15

  • Add %license macro for LICENSE file

golang-github-lusitaniae-apache_exporter:

  • Build with Go 1.15

rhnlib:

  • Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959)

spacecmd:

  • Handle SIGPIPE without a user-visible exception (bsc#1181124)

spacewalk-backend:

  • Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197)

  • Fixing improper exception handling causing another exception in ThreadedDownloader

  • Avoid race condition due multiple reposync import threads (bsc#1183151)

  • Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274)

spacewalk-certs-tools:

  • Add reactivation key support to bootstrap script (bsc#1181580)

spacewalk-client-tools:

  • Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603)

  • Log an error when product detection failed (bsc#1182339)

spacewalk-web:

  • Fix flow-bin runtime issues that were breaking the tests

Version 4.1.6

mgr-osad:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

rhnlib:

  • Change SSL implementation to Python SSL for better SAN and hostname matching support (bsc#1181807)

spacewalk-backend:

  • Open repomd files as binary (bsc#1173893)

  • Fix requesting release file in Debian repositories (bsc#1182006)

  • Reposync: Fixed Kickstart functionality.

  • Reposync: Fixed URLGrabber error handling.

  • Reposync: Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-client-tools:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-proxy:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-proxy-installer:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-web:

  • Replace CRLF in SSH private key when bootstrapping (bsc#1182685)

  • Upgrade immer to fix CVE-2020-28477

  • Default to preferred items per page in content lifecycle lists (bsc#1180558)

  • Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)

Version 4.1.5.1

salt:

  • VUL-0: salt: February 2021 release (bsc#1181550)

  • VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory (bsc#1181556)

  • VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate (bsc#1181557)

  • VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted web requests to the Salt API via SSH client (bsc#1181558)

  • VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the wheel_async client (bsc#1181559)

  • VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is vulnerable to directory traversal (bsc#1181560)

  • VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks (bsc#1181561)

  • VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration (bsc#1181562)

  • VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the “error” log level (bsc#1181563)

  • VUL-0: CVE-2021-3197: salt: Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument (bsc#1181564)

  • VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL certificates (bsc#1181565)

Version 4.1.5

mgr-osad:

  • Change the log file permissions as expected by logrotate (bsc#1177884)

spacecmd:

  • Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)

  • Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566)

  • Fix: internal: workaround for future tee of logs translation

spacewalk-backend:

  • Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)

  • Prevent tracebacks on missing mail configuration (bsc#1179990)

  • Fix pycurl.error handling in suseLib.py (bsc#1179990)

  • Harden extratag key import by execute_values to ignore conflicts

  • Fix Debian package version comparison

  • Use sanitized repo label to build reposync repo cache path (bsc#1179410)

  • Quote the proxy settings to be used by Zypper (bsc#1179087)

  • Add the VirtualPC as virtualization type (bsc#1178990)

  • Truncate author name in the changelog (bsc#1180285)

spacewalk-proxy:

  • Fix package manager string compare - python3 porting issue

spacewalk-web:

  • Fix Package States page display error (bsc#1180580)

  • Fix incorrect password autocompletions (bsc#1148357)

  • Migrate CommonJS based React components to ES6

  • Prevent deletion of CLM environments if they’re used in an autoinstallation profile (bsc#1179552)

  • Fix loading indicator for tables using SimpleDataProvider (bsc#1177756)

  • Fix question mark explanations for Recurring States (bsc#1179485)

  • Allow specifying both name and label of new Content Environment (bsc#1176411)

susemanager-tftpsync-recv:

  • Fix option parsing in configure-tftpsync (bsc#1180017)

uyuni-common-libs:

  • Section in Debian packages in now treated as optional (bsc#1179555)

Version 4.1.4

mgr-daemon:

  • Fix removal of mgr-deamon with selinux enabled (bsc#1177928)

spacecmd:

  • Fix: make spacecmd build on Debian

spacewalk-backend:

  • Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)

  • Do not raise TypeError when processing SUSE products (bsc#1178704)

  • Fix spacewalk-repo-sync to successfully manage and sync ULN repositories

  • Fix errors in spacewalk-debug and align postgresql queries to new DB version

  • ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)

  • Re-enables possibility to use local repos with repo-sync (bsc#1175607)

  • Add 'allow_vendor_change' option to rhn clients for dist upgrades

spacewalk-certs-tools:

  • Improve check for correct CA trust store directory (bsc#1176417)

spacewalk-client-tools:

  • Update translations

spacewalk-web:

  • Update content sensitive help links

  • Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)

  • Fix the search panel in CLM filters page

  • Localize documentation links

  • Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)

  • Show cluster upgrade plan in the upgrade UI

  • Don’t allow selecting spice for Xen PV and PVH guests

supportutils-plugin-susemanager-client:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

supportutils-plugin-susemanager-proxy:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

Version 4.1.3

mgr-daemon:

  • Update translation strings

spacecmd:

  • Python3 fixes for errata in spacecmd (bsc#1169664)

  • Added support for i18n of user-facing strings

  • Python3 fix for sorted usage (bsc#1167907)

spacewalk-backend:

  • Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-client-tools:

  • Remove RH references in Python/Ruby localization and use the product name instead

spacewalk-web:

  • Enable to switch to multiple webUI theme

  • Only refresh the virtual storage list when pool events are received

  • Drop node-fetch to fix CVE-2020-15168

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

susemanager-build-keys:

  • Replace "SuSE" user-facing references with "SUSE"

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  • Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  • Update to 1.0.1

    • Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via osc service disabledrun

    • Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749

  • Update to 1.0.0

    • Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671

    • Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0

  • Update to 1.0.0-rc.0

    • The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279

    • The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393

    • Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".

    • Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417

    • Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510

    • Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

  • Add missing sysconfig file in rpm bsc#1151557

mgr-daemon:

  • Remove duplicate languages and update translation strings

patterns-suse-manager:

  • Change PostgreSQL requirements to require at least PostgreSQL 12

spacecmd:

  • Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)

spacewalk-backend:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Only regenerate bootstrap repositories when linking new packages (bsc#1174636)

  • Support installer_updates flag in ISS

  • Remove duplicate languages and update translation strings

spacewalk-certs-tools:

  • Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  • Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  • Remove duplicated languages and update translation strings

spacewalk-web:

  • Fix the jQuery selector in SP Migration page (bsc#1176500)

  • Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503)

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Add translation support for react t() function

  • Fix striping on react tables

  • Update translation strings

Version 4.1.1

mgr-osad:

  • Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)

patterns-suse-manager:

  • Add Recommends for golang-github-QubitProducts-exporter_exporter

spacecmd:

spacewalk-backend:

  • Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  • Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  • Adds basic functionality for gpg check

  • Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-certs-tools:

spacewalk-proxy:

  • Python3 fix for loading pickle file during kickstart procedure (bsc#1174201)

spacewalk-web:

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix JS linting errors/warnings

  • Enable Nutanix AHV virtual host gatherer.

  • Web UI: Implement managing maintenance schedules and calendars

  • Warn when a system is in multiple groups that configure the same formula in the system formula’s UI (bsc#1173554)

  • Add virtual network start, stop and delete actions

  • Add virtual network list page

  • Fix internal server error when creating module filters in CLM (bsc#1174325)

  • Fix VM creation page when there is no volume in the default storage pool

  • Refresh virtualization pages only on events

  • Product list in the Wizard doesn’t show SLE products first (bsc#1173522)

  • Cluster UI: return to overview page after scheduling actions

  • Changes in the logic to update the tick icon.

  • For the postgres localhost:5432 case, use the

  • Fix internal server errors by returning 0 instead of dying

  • Add missing dependency to spacewalk-base-minimal (bsc#678126)

  • Change kickstart to autoinstallation in navigation on pxt pages

  • Debranding

suseRegisterInfo:

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

uyuni-common-libs:

  • Fix issues importing RPM packages with long RPM headers (bsc#1174965)

Major Changes Since SUSE Manager Proxy 4.0

New products enabled

  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family

  • openSUSE Leap 15.2

  • MicroFocus Open Enterprise Server 2018 SP2

  • CentOS 6, 7, and 8

  • Oracle Linux 6, 7 and 8

  • Ubuntu 20.04 LTS

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete your existing channels, synchronize the channel information from SCC, and reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows in the product tree in the WebUI.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.

In addition to SUSE’s, SUSE Manager 4.1 now includes the GPG keys used to sign packages and/or metadata by other vendors whose products are available in the product tree in the WebUI:

  • openSUSE

  • CentOS

  • Oracle Linux

  • Ubuntu

  • MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still required for security reasons.

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with system type "Proxy".

Salt 3000

Salt has been upgraded to the 3000 release for the SUSE Manager Server, Proxy, and Client Tools. As part of this upgrade, the cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL).

We intend to regularly upgrade Salt to more recent versions.

For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 3000

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

New documentation guides

Two new books have been added to the SUSE Manager 4.1 documentation:

  • Large Deployments Guide. Everything related to architecture and configuration for large (thousands of clients) deployments is contained in this guide. It contains all the documentation for the SUSE Manager Hub component. Some parts of the Salt guide that dealt with parameter tuning for large deployments have now been moved here too.

  • Public Cloud QuickStart Guide. This new guide shows you the fastest way to get SUSE Manager up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

SLES 15 SP2 JeOS as a Base System

The SUSE Manager 4.1 Proxy and Retail Branch Server can now be installed on top of SLES 15 SP2 JeOS edition.

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is not feasible, it is now possible to use a Retail Branch Server running in a remote datacenter or public cloud.

Thanks to HTTP booting instead of PXE, branch servers no longer need to be on same physical network as the terminals.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting EFI terminals (systems) using HTTP in addition to TFTP.

Base System Upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Known issues

Proxy password

Do not use the '@' character in the SUSE Manager Proxy password, as it is not escaped correctly.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of SUSE Manager.

Support

Future deprecation of the traditional stack

This version of SUSE Manager is compatible with Salt and traditional clients. SUSE will deprecate traditional clients and traditional proxies in the next SUSE Manager 4.3 release. The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:

Documentation and Other Information

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Proxy and/or SUSE Manager Retail Branch Server in your business.

Your SUSE Manager Team.