This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.
Version Revision History
-
December 10th, 2020: 4.1.4 release
-
November 5th, 2020: 4.1.3 release
-
October 1st, 2020: 4.1.2 release
-
August 28th, 2020: 4.1.1 release
-
July 21st, 2020: 4.1.0 release
About SUSE Manager Proxy 4.1
SUSE Manager Proxy provides mirroring proxy support for large and distributed environments.
Operation of the proxy is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server, and like a server to the managed clients. Managed clients talk to the proxy only, and the proxy in turn communicates to the SUSE Manager Server.
All software packages that pass the SUSE Manager Proxy are cached and subsequent client requests for these packages are resolved from the cache.
System Requirements
SUSE Manager Proxy is available for x86_64 architecture only. We recommend you have at least 8 GB main memory, and approximately 50 GB of disk space per distribution or channel.
Consider additional disk space required for storing images for retail terminals.
For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/4.1/.
SUSE Manager Proxy Distribution
SUSE Manager Proxy 4.1 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 SP2. No separate SUSE Linux Enterprise subscription is required.
Installation and Setup
Installation of SUSE Manager Proxy 4.1 is done with the SUSE Manager Server 4.1 Web interface.
For more details on installing and configuring SUSE Manager Proxy 4.1, see the Installation Guide on https://documentation.suse.com/suma/4.1/.
Upgrade from Version 4.0
To upgrade an existing SUSE Manager Proxy 4.0 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.
For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.
Upgrade from Version 3.2
To upgrade an existing SUSE Manager Proxy 3.2 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.
For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.
SUSE Manager Server Versions
SUSE Manager Proxy 4.1 works only with SUSE Manager 4.1 Server.
SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and later.
The combination of SUSE Manager 4.1 Server with SUSE Manager 3.2 Proxy or SUSE Manager 3.2 Retail Branch Server is not supported.
Major changes since SUSE Manager Proxy 4.1 GA
Features and changes
Version 4.1.4
Bugfix release
Version 4.1.3
Recent Salt CVEs remediation
This release fixes CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592. You should patch all your SUSE Manager Server, Proxy, Retail Branch Server and Salt minions as soon as possible.
DNSSEC enabled by default by bind update
With the update of ISC bind to version 9.16.6 on SLES 15 SP1 and SP2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.
The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of SUSE Manager. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind
and set:
dnssec-enable no; dnssec-validation no;
Version 4.1.2
Bugfix release.
New products enabled
-
SUSE Linux Enterprise Real Time 15 SP2
Version 4.1.1
Bugfix release.
Patches
The SUSE Patch Finder is a simple online service to view released patches.
Version 4.1.4
mgr-daemon:
-
Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
spacecmd:
-
Fix: make spacecmd build on Debian
spacewalk-backend:
-
Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)
-
Do not raise TypeError when processing SUSE products (bsc#1178704)
-
Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
-
Fix errors in spacewalk-debug and align postgresql queries to new DB version
-
ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)
-
Re-enables possibility to use local repos with repo-sync (bsc#1175607)
-
Add 'allow_vendor_change' option to rhn clients for dist upgrades
spacewalk-certs-tools:
-
Improve check for correct CA trust store directory (bsc#1176417)
spacewalk-client-tools:
-
Update translations
spacewalk-web:
-
Update content sensitive help links
-
Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)
-
Fix the search panel in CLM filters page
-
Localize documentation links
-
Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)
-
Show cluster upgrade plan in the upgrade UI
-
Don’t allow selecting spice for Xen PV and PVH guests
supportutils-plugin-susemanager-client:
-
Remove checks for obsolete packages
-
Gather new configfiles
-
Add more important informations
supportutils-plugin-susemanager-proxy:
-
Remove checks for obsolete packages
-
Gather new configfiles
-
Add more important informations
Version 4.1.3
mgr-daemon:
-
Update translation strings
spacecmd:
-
Python3 fixes for errata in spacecmd (bsc#1169664)
-
Added support for i18n of user-facing strings
-
Python3 fix for sorted usage (bsc#1167907)
spacewalk-backend:
-
Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)
spacewalk-client-tools:
-
Remove RH references in Python/Ruby localization and use the product name instead
spacewalk-web:
-
Enable to switch to multiple webUI theme
-
Only refresh the virtual storage list when pool events are received
-
Drop node-fetch to fix CVE-2020-15168
-
Notify about missing libvirt or hypervisor on virtual host
-
Redesign maintenance schedule systems table to use paginated data from server
susemanager-build-keys:
-
Replace "SuSE" user-facing references with "SUSE"
Version 4.1.2
golang-github-QubitProducts-exporter_exporter:
-
Pin Golang version to 1.14
golang-github-prometheus-node_exporter:
-
Update to 1.0.1
-
Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via
osc service disabledrun
-
Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749
-
-
Update to 1.0.0
-
Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671
-
Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0
-
-
Update to 1.0.0-rc.0
-
The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279
-
The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393
-
Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".
-
Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417
-
Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510
-
Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.
-
-
Add missing sysconfig file in rpm bsc#1151557
mgr-daemon:
-
Remove duplicate languages and update translation strings
patterns-suse-manager:
-
Change PostgreSQL requirements to require at least PostgreSQL 12
spacecmd:
-
Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)
spacewalk-backend:
-
Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)
-
Only regenerate bootstrap repositories when linking new packages (bsc#1174636)
-
Support installer_updates flag in ISS
-
Remove duplicate languages and update translation strings
spacewalk-certs-tools:
-
Add option --nostricthostkeychecking to spacewalk-ssh-push-init
-
Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)
spacewalk-client-tools:
-
Remove duplicated languages and update translation strings
spacewalk-web:
-
Fix the jQuery selector in SP Migration page (bsc#1176500)
-
Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503)
-
Force disable SPA for non-navigation links (bsc#1175512)
-
Add translation support for react t() function
-
Fix striping on react tables
-
Update translation strings
Version 4.1.1
mgr-osad:
-
Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)
patterns-suse-manager:
-
Add Recommends for golang-github-QubitProducts-exporter_exporter
spacecmd:
-
Fix softwarechannel update for vendor channels (bsc#1172709)
-
Fix escaping of package names (bsc#1171281)
spacewalk-backend:
-
Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)
-
Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)
-
Adds basic functionality for gpg check
-
Verify GPG signature of Ubuntu/Debian repository metadata (Release file)
spacewalk-certs-tools:
-
Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
-
Fix centos detection (bsc#1173584)
spacewalk-proxy:
-
Python3 fix for loading pickle file during kickstart procedure (bsc#1174201)
spacewalk-web:
-
Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
-
Fix JS linting errors/warnings
-
Enable Nutanix AHV virtual host gatherer.
-
Web UI: Implement managing maintenance schedules and calendars
-
Warn when a system is in multiple groups that configure the same formula in the system formula’s UI (bsc#1173554)
-
Add virtual network start, stop and delete actions
-
Add virtual network list page
-
Fix internal server error when creating module filters in CLM (bsc#1174325)
-
Fix VM creation page when there is no volume in the default storage pool
-
Refresh virtualization pages only on events
-
Product list in the Wizard doesn’t show SLE products first (bsc#1173522)
-
Cluster UI: return to overview page after scheduling actions
-
Changes in the logic to update the tick icon.
-
For the postgres localhost:5432 case, use the
-
Fix internal server errors by returning 0 instead of dying
-
Add missing dependency to spacewalk-base-minimal (bsc#678126)
-
Change kickstart to autoinstallation in navigation on pxt pages
-
Debranding
suseRegisterInfo:
-
Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
uyuni-common-libs:
-
Fix issues importing RPM packages with long RPM headers (bsc#1174965)
Major Changes Since SUSE Manager Proxy 4.0
New products enabled
-
SUSE Linux Enterprise Real Time 12 SP5
-
SUSE Linux Enterprise 15 SP2 family
-
openSUSE Leap 15.2
-
MicroFocus Open Enterprise Server 2018 SP2
-
CentOS 6, 7, and 8
-
Oracle Linux 6, 7 and 8
-
Ubuntu 20.04 LTS
CentOS
Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in the product tree in the WebUI.
If you were using CentOS via spacewalk-common-channels
, you will need to delete your existing channels, synchronize the channel information from SCC, and reassign the channels to the clients.
Oracle Linux
Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows in the product tree in the WebUI.
Third-party GPG keys now included
Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.
In addition to SUSE’s, SUSE Manager 4.1 now includes the GPG keys used to sign packages and/or metadata by other vendors whose products are available in the product tree in the WebUI:
-
openSUSE
-
CentOS
-
Oracle Linux
-
Ubuntu
-
MicroFocus Open Enterprise Server
Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.
Manual acceptance of GPG keys for any other product or repository is still required for security reasons.
Proxy visibility in Systems Overview
SUSE Manager Proxy nodes are now included in the Systems Overview page, with system type "Proxy".
Salt 3000
Salt has been upgraded to the 3000 release for the SUSE Manager Server, Proxy, and Client Tools. As part of this upgrade, the cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL).
We intend to regularly upgrade Salt to more recent versions.
For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 3000
Content Lifecycle Management filters for AppStreams
RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.
New documentation guides
Two new books have been added to the SUSE Manager 4.1 documentation:
-
Large Deployments Guide. Everything related to architecture and configuration for large (thousands of clients) deployments is contained in this guide. It contains all the documentation for the SUSE Manager Hub component. Some parts of the Salt guide that dealt with parameter tuning for large deployments have now been moved here too.
-
Public Cloud QuickStart Guide. This new guide shows you the fastest way to get SUSE Manager up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.
Also:
-
A new section on how to configure Salt for GitFS to achieve GitOps has now been added to the Salt Guide
-
In-place automatic upgrade of SUSE Linux Enterprise clients is now documented, with a sample AutoYaST profile.
-
Lots of revised and updated content across all guides
SLES 15 SP2 JeOS as a Base System
The SUSE Manager 4.1 Proxy and Retail Branch Server can now be installed on top of SLES 15 SP2 JeOS edition.
SUSE Manager for Retail
SLEPOS 15 SP2 clients
Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is supported for 7.5 years since the release date.
Small stores
Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is not feasible, it is now possible to use a Retail Branch Server running in a remote datacenter or public cloud.
Thanks to HTTP booting instead of PXE, branch servers no longer need to be on same physical network as the terminals.
EFI HTTP booting
The DHCP, branch network, and PXE formulas have been updated to support booting EFI terminals (systems) using HTTP in addition to TFTP.
Base System Upgrade
The base system was upgraded to SUSE Linux Enterprise 15 SP2.
Known issues
Proxy password
Do not use the '@' character in the SUSE Manager Proxy password, as it is not escaped correctly.
Single Sign On, API and CLI tools
Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of SUSE Manager.
Providing feedback
If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:
Documentation and Other Information
Latest product documentation: https://documentation.suse.com/suma/4.1/.
Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/
These release notes are available online: https://www.suse.com/releasenotes
Visit https://www.suse.com for the latest Linux product news from SUSE.
Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.
Legal Notices
SUSE LLC Maxfeldstr. 5 D-90409 Nürnberg Tel: +49 (0)911 740 53 - 0 Email: feedback@suse.com Registrierung/Registration Number: HRB 36809 AG Nürnberg Geschäftsführer/Managing Director: Felix Imendörffer Steuernummer/Sales Tax ID: DE 192 167 791 Erfüllungsort/Legal Venue: Nürnberg
SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2012-2020 SUSE LLC.
This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.
Colophon
Thank you for using SUSE Manager Proxy and/or SUSE Manager Retail Branch Server in your business.
Your SUSE Manager Team.