This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • December 10th, 2020: 4.1.4 release

  • November 5th, 2020: 4.1.3 release

  • October 1st, 2020: 4.1.2 release

  • August 28th, 2020: 4.1.1 release

  • July 21st, 2020: 4.1.0 release

About SUSE Manager Proxy 4.1

SUSE Manager Proxy provides mirroring proxy support for large and distributed environments.

Operation of the proxy is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server, and like a server to the managed clients. Managed clients talk to the proxy only, and the proxy in turn communicates to the SUSE Manager Server.

All software packages that pass the SUSE Manager Proxy are cached and subsequent client requests for these packages are resolved from the cache.

System Requirements

SUSE Manager Proxy is available for x86_64 architecture only. We recommend you have at least 8 GB main memory, and approximately 50 GB of disk space per distribution or channel.

Consider additional disk space required for storing images for retail terminals.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/4.1/.

SUSE Manager Proxy Distribution

SUSE Manager Proxy 4.1 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 SP2. No separate SUSE Linux Enterprise subscription is required.

Installation and Setup

Installation of SUSE Manager Proxy 4.1 is done with the SUSE Manager Server 4.1 Web interface.

For more details on installing and configuring SUSE Manager Proxy 4.1, see the Installation Guide on https://documentation.suse.com/suma/4.1/.

Upgrade from Version 4.0

To upgrade an existing SUSE Manager Proxy 4.0 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Upgrade from Version 3.2

To upgrade an existing SUSE Manager Proxy 3.2 system to SUSE Manager Proxy 4.1, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

SUSE Manager Server Versions

SUSE Manager Proxy 4.1 works only with SUSE Manager 4.1 Server.

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and later.

The combination of SUSE Manager 4.1 Server with SUSE Manager 3.2 Proxy or SUSE Manager 3.2 Retail Branch Server is not supported.

Major changes since SUSE Manager Proxy 4.1 GA

Features and changes

Version 4.1.4

Bugfix release

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592. You should patch all your SUSE Manager Server, Proxy, Retail Branch Server and Salt minions as soon as possible.

DNSSEC enabled by default by bind update

With the update of ISC bind to version 9.16.6 on SLES 15 SP1 and SP2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.

The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of SUSE Manager. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind and set:

dnssec-enable no; dnssec-validation no;

Version 4.1.2

Bugfix release.

New products enabled

  • SUSE Linux Enterprise Real Time 15 SP2

Version 4.1.1

Bugfix release.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.4

mgr-daemon:

  • Fix removal of mgr-deamon with selinux enabled (bsc#1177928)

spacecmd:

  • Fix: make spacecmd build on Debian

spacewalk-backend:

  • Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)

  • Do not raise TypeError when processing SUSE products (bsc#1178704)

  • Fix spacewalk-repo-sync to successfully manage and sync ULN repositories

  • Fix errors in spacewalk-debug and align postgresql queries to new DB version

  • ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)

  • Re-enables possibility to use local repos with repo-sync (bsc#1175607)

  • Add 'allow_vendor_change' option to rhn clients for dist upgrades

spacewalk-certs-tools:

  • Improve check for correct CA trust store directory (bsc#1176417)

spacewalk-client-tools:

  • Update translations

spacewalk-web:

  • Update content sensitive help links

  • Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)

  • Fix the search panel in CLM filters page

  • Localize documentation links

  • Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)

  • Show cluster upgrade plan in the upgrade UI

  • Don’t allow selecting spice for Xen PV and PVH guests

supportutils-plugin-susemanager-client:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

supportutils-plugin-susemanager-proxy:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

Version 4.1.3

mgr-daemon:

  • Update translation strings

spacecmd:

  • Python3 fixes for errata in spacecmd (bsc#1169664)

  • Added support for i18n of user-facing strings

  • Python3 fix for sorted usage (bsc#1167907)

spacewalk-backend:

  • Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-client-tools:

  • Remove RH references in Python/Ruby localization and use the product name instead

spacewalk-web:

  • Enable to switch to multiple webUI theme

  • Only refresh the virtual storage list when pool events are received

  • Drop node-fetch to fix CVE-2020-15168

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

susemanager-build-keys:

  • Replace "SuSE" user-facing references with "SUSE"

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  • Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  • Update to 1.0.1

    • Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via osc service disabledrun

    • Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749

  • Update to 1.0.0

    • Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671

    • Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0

  • Update to 1.0.0-rc.0

    • The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279

    • The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393

    • Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".

    • Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417

    • Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510

    • Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

  • Add missing sysconfig file in rpm bsc#1151557

mgr-daemon:

  • Remove duplicate languages and update translation strings

patterns-suse-manager:

  • Change PostgreSQL requirements to require at least PostgreSQL 12

spacecmd:

  • Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)

spacewalk-backend:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Only regenerate bootstrap repositories when linking new packages (bsc#1174636)

  • Support installer_updates flag in ISS

  • Remove duplicate languages and update translation strings

spacewalk-certs-tools:

  • Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  • Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  • Remove duplicated languages and update translation strings

spacewalk-web:

  • Fix the jQuery selector in SP Migration page (bsc#1176500)

  • Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503)

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Add translation support for react t() function

  • Fix striping on react tables

  • Update translation strings

Version 4.1.1

mgr-osad:

  • Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)

patterns-suse-manager:

  • Add Recommends for golang-github-QubitProducts-exporter_exporter

spacecmd:

spacewalk-backend:

  • Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  • Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  • Adds basic functionality for gpg check

  • Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-certs-tools:

spacewalk-proxy:

  • Python3 fix for loading pickle file during kickstart procedure (bsc#1174201)

spacewalk-web:

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix JS linting errors/warnings

  • Enable Nutanix AHV virtual host gatherer.

  • Web UI: Implement managing maintenance schedules and calendars

  • Warn when a system is in multiple groups that configure the same formula in the system formula’s UI (bsc#1173554)

  • Add virtual network start, stop and delete actions

  • Add virtual network list page

  • Fix internal server error when creating module filters in CLM (bsc#1174325)

  • Fix VM creation page when there is no volume in the default storage pool

  • Refresh virtualization pages only on events

  • Product list in the Wizard doesn’t show SLE products first (bsc#1173522)

  • Cluster UI: return to overview page after scheduling actions

  • Changes in the logic to update the tick icon.

  • For the postgres localhost:5432 case, use the

  • Fix internal server errors by returning 0 instead of dying

  • Add missing dependency to spacewalk-base-minimal (bsc#678126)

  • Change kickstart to autoinstallation in navigation on pxt pages

  • Debranding

suseRegisterInfo:

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

uyuni-common-libs:

  • Fix issues importing RPM packages with long RPM headers (bsc#1174965)

Major Changes Since SUSE Manager Proxy 4.0

New products enabled

  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family

  • openSUSE Leap 15.2

  • MicroFocus Open Enterprise Server 2018 SP2

  • CentOS 6, 7, and 8

  • Oracle Linux 6, 7 and 8

  • Ubuntu 20.04 LTS

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete your existing channels, synchronize the channel information from SCC, and reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows in the product tree in the WebUI.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.

In addition to SUSE’s, SUSE Manager 4.1 now includes the GPG keys used to sign packages and/or metadata by other vendors whose products are available in the product tree in the WebUI:

  • openSUSE

  • CentOS

  • Oracle Linux

  • Ubuntu

  • MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still required for security reasons.

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with system type "Proxy".

Salt 3000

Salt has been upgraded to the 3000 release for the SUSE Manager Server, Proxy, and Client Tools. As part of this upgrade, the cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL).

We intend to regularly upgrade Salt to more recent versions.

For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 3000

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

New documentation guides

Two new books have been added to the SUSE Manager 4.1 documentation:

  • Large Deployments Guide. Everything related to architecture and configuration for large (thousands of clients) deployments is contained in this guide. It contains all the documentation for the SUSE Manager Hub component. Some parts of the Salt guide that dealt with parameter tuning for large deployments have now been moved here too.

  • Public Cloud QuickStart Guide. This new guide shows you the fastest way to get SUSE Manager up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

SLES 15 SP2 JeOS as a Base System

The SUSE Manager 4.1 Proxy and Retail Branch Server can now be installed on top of SLES 15 SP2 JeOS edition.

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is not feasible, it is now possible to use a Retail Branch Server running in a remote datacenter or public cloud.

Thanks to HTTP booting instead of PXE, branch servers no longer need to be on same physical network as the terminals.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting EFI terminals (systems) using HTTP in addition to TFTP.

Base System Upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Known issues

Proxy password

Do not use the '@' character in the SUSE Manager Proxy password, as it is not escaped correctly.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of SUSE Manager.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:

https://forums.suse.com/forumdisplay.php?22-SUSE-Manager

Documentation and Other Information

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Proxy and/or SUSE Manager Retail Branch Server in your business.

Your SUSE Manager Team.