This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • March 19th, 2021: 4.1.6 release

  • February 25th, 2021: 4.1.5.1 release

  • January 27th, 2021: 4.1.5 release

  • December 10th, 2020: 4.1.4 release

  • November 5th, 2020: 4.1.3 release

  • October 1st, 2020: 4.1.2 release

  • August 28th, 2020: 4.1.1 release

  • July 21st, 2020: 4.1.0 release

About SUSE Manager 4.1

SUSE Manager 4.1, the latest release from SUSE based on SLES 15 SP2 and the Uyuni Project, delivers a best-in-class open source infrastructure management and automation solution that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.1 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Expanded Operating System support and Cluster integration and management

Simplify management and regain control with SUSE Manager 4.1

You can now get even better control of complex heterogeneous IT environments with extended target operating system support now including: Red Hat Enterprise Linux 8 (including modular repositories flattening), CentOS 6, 7 and 8, Oracle Linux 6, 7 and 8, openSUSE Leap 15.2 and Ubuntu 20.04 LTS.

Only SUSE Manager combines software content lifecycle management (CLM) with a centrally staged repository, class leading configuration management and automation, plus optional state of the art monitoring capabilities, for all major Linux distributions.

You can also significantly simplify your patch and configuration management stacks by standardizing on SUSE Manager across all Linux distributions and deployment modes (physical, virtual, and public cloud).

Simplify cluster operations with the first cluster-aware version of SUSE Manager

As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with SUSE Manager 4.1 initially providing support for managing SUSE CaaS Platform clusters.

Lower costs and streamline management with enhanced usability, virtual machine management and monitoring capabilities

Operations and DevOps staff can now streamline the setup, daily use and maintenance of SUSE Manager simplifying and automating routine tasks; such as the mass on boarding of rootless or password-less clients.

With enhanced virtual machine management capabilities the management of highly distributed virtualized server infrastructures becomes a lot easier. If you run virtual machine environments at the edge such as telco, manufacturing or retail, SUSE Manager now enables the efficient management of tens to thousands of VMs across an entire estate.

If you run SAP workloads virtualized on SLES, with SUSE Manager 4.1 you can eliminate complexity and simplify deployments by reducing the number of vendors in your software defined infrastructure management stack (OS, virtualization and virtualization management and monitoring all come from SUSE). SUSE Manager also significantly simplifies your environments where the frequent setup of virtualized test deployments of SAP workloads are required.

Need to virtualize Kubernetes to best leverage your powerful hardware? You can accelerate and maximize implementations by gaining higher scale from your container platform while simplifying deployments (no need for separate VMware layer, high automation from bare metal deployment to VMs to cluster). You can now also use virtualization to securely separate multiple clusters/tenants in a Kubernetes environment.

To keep your infrastructure safe and healthy SUSE Manager 4.1 expands the new Prometheus/Grafana-based monitoring stack introduced with version SUSE Manager 4 with enhanced support for large federated and non-routable network environments. Allowing your Linux systems and devices to be monitored wherever they reside and irrespective of how they are network connected.

Scale SUSE Manager 4.1 to tens of thousands of client devices without compromise

With ever growing Linux footprints you need your management tool be able to scale to tens of thousands of Linux devices and beyond. With the performance and scalability enhancements in 4.1, your SUSE Manager deployment can easily scale in your environment in any direction, while providing better performance than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your business needs, with the peace of mind that SUSE Manager will be able to manage your large estate, and the cost implications of growing their footprint will not be exaggeratedly high.

With the "SUSE Manager Hub" multi-server architecture we are gradually introducing a framework that allows you to scale SUSE Manager deployments to hundreds of thousands of nodes using tiered management servers.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Installation

Requirements

SUSE Manager Server 4.1 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 2. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 is supported.

For SUSE Manager 3.2 Server users, the supported upgrade method is to migrate the data from your SUSE Manager Server 3.2 installation to SUSE Manager Server 4.1 and perform a clean installation. If your SUSE Manager Server 3.2 uses an older version of PostgreSQL, you will need to upgrade to PostgreSQL 10 before performing the migration.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager Server 4.1 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand clients, when deployed according to the instructions in the Installation Guide on https://documentation.suse.com/suma/4.1/. Scaling beyond that number needs special consideration.

For more information and instructions on large-scale deployments, see the Large Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific configuration and tuning for each use case is needed. Please get in touch with SUSE Consulting for the details.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red Hat Enterprise Linux, come with a very large number of packages that may cause taskomatic to run out of memory. If this occurs, we recommended that you increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If taskomatic continues to run out of memory, you can increase the number further. However, keep in mind that this will affect the total memory required by SUSE Manager Server.

Major changes since SUSE Manager Server 4.1 GA

Features and changes

Version 4.1.6

Performance improvements

A number of database queries and error conditions have been optimized, resulting in a faster experience in the WebUI, especially in all pages related to software installation and patching.

Redfish power management

Redfish is a suite of specifications that deliver an industry standard protocol for the management of servers, storage, networking, and converged infrastructure.

SUSE Manager now supports power management using Redfish, in addition to the existing IPMI power management.

OpenSCAP from SSM

Mass-auditing Salt clients with OpenSCAP is now possible from the System Set Manager.

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.

Since this kind of certificate is becoming popular amongst users with their own Certificate Authority, we have implemented support.

Prometheus Exporter Exporter for Debian

The reverse proxy exporter, which simplifies security and networking policies, is now also available on Debian 9 and Debian 10.

With this addition, the Exporter Exporter is available for almost all the operating systems SUSE Manager supports: SLES 12 and 15, RHEL 7 and 8 (and clones: CentOS 7 and 8, Oracle Linux 7 and 8, SLES ES 7 and 8) and Ubuntu 18.04 and 20.04.

Version 4.1.5.1

Fixes for Salt security issues

You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Version 4.1.5

New products enabled
  • SUSE Linux Enterprise Server 15 SP1 LTSS

  • SUSE Linux Enterprise 15 SP3 Beta

  • openSUSE Leap 15.3 Beta

  • Debian 9 and Debian 10

Debian

Starting with SUSE Manager 4.1.5, Debian 9 "Stretch" and Debian 10 "Buster" on the amd64 (also known as x86_64) architecture are supported as client operating systems. Debian clients are supported as a Salt clients (agentful with salt-minion or agentless with salt-ssh).

In addition to the Salt packages, the spacecmd tool is also provided, which makes it possible to remotely manage SUSE Manager from a Debian client.

SUSE-provided Prometheus exporters will be included in a future release of SUSE Manager. You may use the exporters provided by the operating system in the meanwhile.

The section in this release notes mentioning Debian was only L1-supported and only through Uyuni Client Tools has now been removed.

Ubuntu and Debian package version comparison

The package version comparison algorithm has been completely redone for Ubuntu and Debian clients, which fixes occasional problems with package updates on Debian and Ubuntu.

There is no need to re-mirror Ubuntu and Debian. The already-downloaded packages can be kept and their metadata will be updated in the database.

One-time database migration when Ubuntu and/or Debian are present

IMPORTANT: When updating to SUSE Manager 4.1.5, SUSE Manager deployments where Ubuntu and/or Debian channels were synchronized should expect the database migration time to take between 30 min and several hours, depending on how many Debian or Ubuntu operating system versions and how many clients were registered.

CPU mitigations formula

Unsupported clients are now handled gracefully and mitigations have been added for the Xen hypervisor.

Autoinstallation of older operating systems

Autoinstallation provisioning is now compatible with GRUB and ELILO in addition to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and clones) systems.

CentOS 6 URLs

CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project moved its repositories to the vault archive. URLs in the product wizard have been updated. If you were using CentOS 6, you must refresh your product list to receive the new URLs.

Other operating systems in the same class also reached end-of-life but require no change, since they will continue to work as-is: SUSE Linux Enterprise Server Expanded Support 6 (URLs not changed), Oracle Linux 6 (URLs not changed) and Red Hat Enterprise Linux 6 (URLs are provided by users).

New countries and timezones

The countries and timezones list have been refreshed, adapting to the latest timezone and geopolitical changes.

Monitoring updates
Prometheus 2.22.1

The core of our monitoring solution, Prometheus, has been updated from version 2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.

Notable improvements:

  • Web: Remove APIv2.

  • React UI: Implement missing TSDB head stats section.

  • UI: Add Collapse all button to targets page.

  • UI: Clarify alert state toggle via checkbox icon.

  • Gracefully handle unknown WAL record types.

  • Issue a warning for 64-bit systems running 32-bit binaries.

  • TSDB: Memory-map full chunks of Head (in-memory) block from disk. This reduces memory footprint and makes restarts faster.

  • TSDB: Reduced contention in isolation for high load.

  • Discovery: Added discovery support for Triton global zones.

  • Remote Read: Added prometheus_remote_storage_remote_read_queries_total counter to count the total number of remote read queries.

  • Added time range parameters for label names and label values API.

For details on what changed in each version between 2.18.0 and 2.22.1, see:

Grafana 7.3.1

Grafana Server has been updated to version 7.3.1 which brings a number of bugfixes and improvements.

Notable improvements:

  • Add monitoring mixing for Grafana.

  • New Cloudwatch metrics

  • Elasticsearch: Support multiple pipeline aggregations for a query.

  • Support request cancellation properly for PostgreSQL, Loki and Prometheus

  • Postgres: Support Unix socket for host

  • Loki: Re-introduce running of instant queries

  • Prometheus: Support request cancellation properly. Add $__rate_interval variable

  • API improvements

  • Variables: enables cancel for slow query variables queries

  • Table: Adds column filtering

Breaking changes:

  • CloudWatch: The AWS CloudWatch data source’s authentication scheme has changed. See the upgrade notes for details and how this may affect you.

  • Units: The date time units YYYY-MM-DD HH:mm:ss and MM/DD/YYYY h:mm:ss a have been renamed to Datetime ISO and Datetime US respectively.

A detailed changelog is available upstream.

Prometheus Exporter Exporter for Ubuntu 18.04 LTS

The reverse proxy exporter, which simplifies security and networking policies, is now also available on Ubuntu 18.04.

More operating systems will be added in future releases of SUSE Manager.

Resolved known issues

Enabling the Development Tools Module 15 SP2 on the SUSE Manager Server 4.1 system is now supported.

Version 4.1.4

New products enabled
  • SUSE Linux Enterprise 15 SP3 family (beta)

  • SUSE Linux Enterprise HPC 15 SP2 LTSS

  • SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)

  • RHEL and CentOS 7 and 8 ppc64le clients (see RHEL on ppc64le)

SAP content

SUSE Manager is the best tool to manage your Linux workloads.

SUSE Linux Enterprise Server for SAP applications is the best operating system to run your SAP workloads.

In order to make SUSE Manager the best tool to manage your SUSE Linux Enterprise Server for SAP applications, this release of SUSE Manager includes content which provides added value to SLES for SAP users:

  • Documentation: SAP QuickStart Guide

  • Formulas:

    • saphanabootstrap-formula: SAP HANA deployment Salt formula. This formula can install SAP HANA nodes, enable system replication and configure SLE-HA cluster with the SAPHanaSR resource agent, using standalone Salt or via SUSE Manager formulas with forms.

    • sapnwbootstrap-formula: SAP Netweaver deployment Salt formula. This formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and perform some basic actions to optimize their usage.

    • drbd-formula: DRBD deployment Salt formula (requires drbd-utils)

    • habootstrap-formula: HA cluster salt deployment formula. This formula can boostrap an HA cluster ((init, join, remove) using standalone Salt or via SUSE Manager formulas with forms.

  • Salt state modules:

    • salt-shaptools: Salt modules and states for SAP Applications and SLE-HA components management

  • Grafana dashboards:

    • grafana-sap-hana-dashboards: Grafana Dashboards displaying metrics about SAP HANA databases.

    • grafana-sap-netweaver-dashboards: Grafana Dashboards displaying metrics about a SAP NetWeaver landscape.

    • grafana-ha-cluster-dashboards: Grafana Dashboards displaying metrics about a Pacemaker/Corosync High Availability Cluster.

    • grafana-sap-providers: Automated configuration provisioners leveraged by other packages to enable a zero-config installation of Grafana dashboards.

The formulas and Salt state modules are included in the SUSE Manager Server channel. The Grafana dashboards are included in the SUSE Manager Client Tools for SLE 12 and SLE 15 channels.

Vendor change on SP migration

Vendor change (changing the repository where a package comes from) can now be optionally enabled during service pack migration.

This feature is useful where the client system is using unofficial packages and you want to move back to official packages, or to switch from an official package to a third-party version of a package. Instead of performing the SP migration within the same vendor and then manually installing the package from the new vendor, you can now do everything in a single action.

RHEL and CentOS ppc64le clients

RHEL 7 and 8, and CentOS 7 and 8 are now enabled as client operating systems using the ppc64le architecture. Use the client tools provided by the upstream Uyuni project, which comes with certain support limitations. See the specific section for more details.

Prometheus reverse proxy for RHEL-class clients

The Prometheus Exporter Exporter, which allows you to put all your exporters under one public port, is now available for RHEL, CentOS, SLES ES and Oracle Linux versions 7 and 8.

Oracle Linux ULN repositories

Oracle Unbreakable Linux Network repositories are now supported in Software > Manage > Repositories. Oracle Linux users with a subscription from Oracle can use this to manually add the repositories for KSplice and others.

Cluster management: upgrade plan

When upgrading a cluster, the upgrade plan is now shown in the WebUI. This makes it easier to verify that an upgrade will be conducted as expected.

Yomi refresh

The formulas that make autoinstallation of SLES and openSUSE systems simpler have been upgraded to the latest version provided by the Yomi project. The updated formulas are more intuitive, harder to misuse, and allow you to specify additional advanced options.

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490, and CVE-2020-25592. You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Web UI themes

SUSE Manager now supports themes. Users can select what theme they want to use in the User Preferences page in the Web UI. Initially, we are providing three themes:

  • SUSE Manager light: default light, low-contrast theme

  • SUSE Manager dark: high-contrast theme based on the light theme

  • Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light
Grafana 7.1.5

Grafana Server has been updated to version 7.1.5 in the Client Tools channels.

Main changes:

  • Flux and InfluxDB 2.x support in the Influx Datasource

  • Azure Monitor Datasource improvements

  • Deep linking for Google Cloud Monitoring (former Google Stackdriver)

  • Query history search

  • Unification of Explore modes

For more details see the upstream documentation.

Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu 20.04 LTS channels without cloning them, as described in the documentation. The known issue present in previous releases of SUSE Manager 4.1 has been fixed.

Japanese translation

The SUSE Manager Web UI and command-line tools are now available in Japanese thanks to the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order to allow users to select Japanese in their User Preferences in the Web UI, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Bootstrap repositories no longer flushed by default

In SUSE Manager 4.1 GA, we automated the generation of bootstrap repositories on channel sync. Bootstrap repositories were not only autogenerated but also autoflushed, which caused disappearing packages problems to some customers (e. g. in the case of multi-architecture bootstrap repositories).

Starting with SUSE Manager 4.1.3, bootstrap repositories are not flushed by default. If you want to save some disk space, you can manually flush them using mgr-create-bootstrap-repo --flush.

Version 4.1.2

SUSE Manager Hub
XML-RPC API is stable

Starting with SUSE Manager 4.1.2, the SUSE Manager Hub architecture is declared stable. This means we do not expect large changes in the feature, how it operates, or its API.

The Hub is the SUSE Manager multi-server architecture, which can be used in environments with a large number (more than a few tens of thousands) of clients per server, poorly-connected sites requiring full management, or multitenancy, among others. With SUSE Manager 4.1.2, multiple peripheral servers (other SUSE Manager Servers) can be managed from a single Hub Server, as a supported feature.

You will find all the documentation and details about the Hub architecture in the Large Deployments Guide.

Formula for peripheral server management (Technology Preview)

As the Hub XML-RPC API is declared stable, we are introducing Salt formulas to make management of peripheral SUSE Manager Servers easier. The formulas allow you to have consistent entities in each peripheral server, including:

  • Organizations, users and system groups

  • User access to system groups and software channels

To use the formula to manage peripheral servers, run zypper in uyuni-config-formula on the SUSE Manager Hub Server, and enable the formula in the WebUI.

Monitoring
Reverse proxy for SLE 12

The golang-github-QubitProducts-exporter_exporter reverse proxy exporter is now also available for SUSE Linux Enterprise 12. More operating systems will follow in a future release of SUSE Manager 4.1.

Node Exporter updated

The Prometheus Node Exporter has been updated to version 1.0.1 on SLE 12 and 15. Other operating systems will receive the update in a future release of SUSE Manager 4.1.

Version 4.1.1

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions (like package installation or upgrade) to occur during a scheduled one-time or recurrent maintenance window period on selected systems. These actions cannot be executed outside of the specified period.

To define maintenance windows, iCalendar data is used, which can be exported from your favorite calendaring or ITSM tool: Microsoft Outlook, Google Calendar, ServiceNow, etc. If you need help integrating your ITSM tool with SUSE Manager, please contact SUSE Consulting.

For more information about maintenance windows, check the Administration Guide

Monitoring: multiple exporters with a single exposed port

Prometheus fetches metrics using a pull mechanism, so the Prometheus Server must be able to establish TCP connections to each exporter on the monitored clients, each on a different port on the client.

The new reverse proxy for monitoring feature simplifies your firewall configuration: by installing the reverse proxy (package golang-github-QubitProducts-exporter_exporter) on the clients, you can get all the metrics for all the exporters on a single TCP port.

Check the Monitoring Guide for information about how to setup.

This feature is initially available only for SUSE Linux Enterprise 15 and openSUSE Leap 15. Support for other operating system platforms will come in future releases of SUSE Manager 4.1.

Added new type of "Virtual Host Manager": Nutanix AHV

In SUSE Manager 4.1.1, we have added a new type of Virtual Host Manager in order to gather virtual machines from Nutanix AHV infrastructure.

Creating VHM to gather virtual instances from the Nutanix AHV will enable the subscription matcher to match 1-2 virtual machines subscriptions for those instances that are running on the same virtualization host.

For more information about how to setup this new type, see the new documentation

Please keep in mind that installation of the virtual-host-gatherer-Nutanix package is required.

Salt module.run compatibility state

A new mgrcompat.module_run custom compatibility state for Salt is available for registered systems.

In Salt 2019.2, a new syntax for module.run was introduced. Up until Salt 3000 (the version currently shipped by SUSE Manager), Salt has supported both the old syntax and the new syntax.

From Salt 3001 on, Salt will no longer support the old syntax. This means any custom SLS file or "Configuration State Channel" that is using a module.run state needs to be adapted to the new syntax. This turns even more problematic when you have minions with different Salt versions (e. g. SLES 11 with Salt 2016.11), because some minions would accept the new syntax but others would fail with it, so the SLS files would require extra logic to handle the different Salt versions and configurations.

SUSE Manager will ship Salt 3001 in a future release. In preparation for this syntax breakage, SUSE has developed the new mgrcompat.module_run compatibility state. This is a wrapper over module.run which accepts the old syntax and takes care of tailoring the parameters for the new module.run if necesasary according to the specific minion version and configuration.

To make your Salt states compatible with all versions of Salt, including Salt 3001 and newer, you only need to change module.run to mgrcompat.module_run in your SLS files and "Configuration State Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would look like this once adapted:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

All users are encouraged to migrate their Salt states. Once Salt 3001 comes to SUSE Manager, not migrated states will simply fail.

SLE15 and python3-M2Crypto

If you still have SLE15 but no LTSS subscription, you will see errors when generating the bootstrap repositories, as python3-M2Crypto is missing on SLE15 and is only part of SLE15 LTTSS.

However even with the error, the bootstrap repository itself will work and will provide Salt 2019.2.0 until an LTSS subscription is available.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.6

cobbler:

  • Fix string replacement for @@xyz@@

  • Better performing string replacements

grafana-formula:

  • Set supported to false for unsupported systems (bsc#1182001)

  • Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

mgr-libmod:

mgr-osad:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

prometheus-exporters-formula:

  • Add Ubuntu support for Prometheus exporters' reverse proxy

prometheus-formula:

py26-compat-salt:

  • Do not crash when unexpected cmd output at listing patches (bsc#1181290)

rhnlib:

  • Change SSL implementation to Python SSL for better SAN and hostname matching support (bsc#1181807)

smdba:

  • Do not remove the database if there is no backup and deal with manifest

spacewalk-backend:

  • Open repomd files as binary (bsc#1173893)

  • Fix requesting Release file in debian repos (bsc#1182006)

  • Reposync: Fixed Kickstart functionality.

  • Reposync: Fixed URLGrabber error handling.

  • Reposync: Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-client-tools:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-config:

  • Increase Apache SSL logs to include response code and process time

spacewalk-java:

  • Homogenizes style in filter buttons, facilitating testability

  • Cleanup sessions via SQL query instead of SQL function (bsc#1180224)

  • Rebuild and improve rendering of error pages 404 and 500 pages (bsc#1181228)

  • Fix user creation with PAM authentication and no password (bsc#1179579)

  • Fix action chains for saltssh minions (bsc#1182200)

  • FIX: Slow response of 'Software > Install' in Ubuntu minions (bsc#1181165)

  • Do not call page decorator in HEAD requests (bsc#1181228)

  • Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)

  • Ensure new files are synced just after writing them (bsc#1175660)

  • Enable openscap auditing for salt systems in SSM (bsc#1157711)

  • Detect debian products (bsc#1181416)

  • Show packages from channels assigned to the targeted system (bsc#1181423)

  • Add an API endpoint to allow/disallow scheduling irrelevant patches (bsc#1180757)

  • Open raw output in new tab for ScriptRunAction (bsc#1180547)

  • Default to preferred items per page in content lifecycle lists (bsc#1180558)

  • Fix modular data handling for cloned channels (bsc#1177508)

  • Fix: login gets an ISE when SSO is enabled (bsc#1181048)

spacewalk-utils:

  • Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-web:

  • Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)

  • Upgrade immer to fix CVE-2020-28477

  • Default to preferred items per page in content lifecycle lists (bsc#1180558)

  • Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)

subscription-matcher:

  • Update the xstream dependency to 1.4.15

susemanager:

  • Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)

  • Python3-dbus-python and dependencies not installed by default on JeOS SLE15 images, add them to the bootstrap repository list of packages for traditional (bsc#1182071)

susemanager-doc-indexes:

  • Updated Command Line Registration with Salt section in the Client Configuration Guide for clarity.

  • Adds openSUSE Leap SP migration to the SP migration section of the Client Configuration Guide

  • Adds note that bootstrap procedure for selecting a parent channel is optional in Client Configuration Guide (bsc#1181635)

  • Adds note about checking for valid UUIDs in fstab when backing up (bsc#1181814)

  • Updated command for running configure proxy script when replacing a proxy

  • Fixed bad SUSE Customer Center URL

susemanager-docs_en:

  • Updated Command Line Registration with Salt section in the Client Configuration Guide for clarity.

  • Adds openSUSE Leap SP migration to the SP migration section of the Client Configuration Guide

  • Adds note that bootstrap procedure for selecting a parent channel is optional in Client Configuration Guide (bsc#1181635)

  • Adds note about checking for valid UUIDs in fstab when backing up (bsc#1181814)

  • Updated command for running configure proxy script when replacing a proxy

  • Fixed bad SUSE Customer Center URL

susemanager-schema:

  • Drop "pxt_session_cleanup" function (bsc#1180224)

  • Enable openscap auditing for salt systems in SSM (bsc#1157711)

susemanager-sls:

  • Ubuntu 18 has version of apt which does not correctly support auth.conf.d directory. Detect the working version and use this feature only when we have a higher version installed

xstream:

Version 4.1.5.1

salt:

  • VUL-0: salt: February 2021 release (bsc#1181550)

  • VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory (bsc#1181556)

  • VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate (bsc#1181557)

  • VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted web requests to the Salt API via SSH client (bsc#1181558)

  • VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the wheel_async client (bsc#1181559)

  • VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is vulnerable to directory traversal (bsc#1181560)

  • VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks (bsc#1181561)

  • VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration (bsc#1181562)

  • VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the “error” log level (bsc#1181563)

  • VUL-0: CVE-2021-3197: salt: Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument (bsc#1181564)

  • VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL certificates (bsc#1181565)

Version 4.1.5

cpu-mitigations-formula:

  • Handle unsupported target systems gracefully (bsc#1179273)

  • add mitigations for Xen hypervisor

ical4j:

  • Use error-prone 2.4.0 to prevent build errors on OBS

mgr-libmod:

  • Improve modular dependency resolution algorithm (bsc#1177267)

mgr-osad:

  • Change the log file permissions as expected by logrotate (bsc#1177884)

smdba:

  • Fix smdba throws error on mgr-setup/installation

  • Raise an exception on failed external process call

  • Fix TablePrint formatting

  • Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030)

  • Revert modifying cpu_tuple_cost

spacecmd:

  • Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)

  • Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566)

  • Fix: internal: workaround for future tee of logs translation

spacewalk-backend:

  • Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)

  • Prevent tracebacks on missing mail configuration (bsc#1179990)

  • Fix pycurl.error handling in suseLib.py (bsc#1179990)

  • Harden extratag key import by execute_values to ignore conflicts

  • Fix Debian package version comparison

  • Use sanitized repo label to build reposync repo cache path (bsc#1179410)

  • Quote the proxy settings to be used by Zypper (bsc#1179087)

  • Add the VirtualPC as virtualization type (bsc#1178990)

  • Truncate author name in the changelog (bsc#1180285)

spacewalk-java:

  • Fix CVE audit results for affected and patched entries (bsc#1180893)

  • Replace custom version comparison method with the standard one which also takes debian packages into account

  • Fix incorrect password autocompletions (bsc#1148357)

  • Improves misleading UI message displayed on systems with modules activated (bsc#1179525)

  • Fix reboot action race condition (bsc#1177031)

  • Fix availability check for debian repositories (bsc#1180127)

  • Added 'contents' argument to the 'configchannel.create' XMLRPC API method (bsc#1179566)

  • Ignore duplicate NEVRAs in package profile update (bsc#1176018)

  • Prevent deletion of CLM environments if they’re used in an autoinstallation profile (bsc#1179552)

  • Fix Debian package version comparison

  • Added 'revision' argument to the 'configchannel.updateInitSls' XMLRPC API method (bsc#1179566)

  • Fix configuration file download links to actually download files instead of redirecting to the home page (bsc#1179324)

  • Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#1179872)

  • Add validation for custom repository labels

  • Add lang attribute to html tags

  • Fix expanded support detection based on CentOS installations (bsc#1179589)

  • Generalize the reactivation key message (bsc#1178483)

  • Add translation strings for newly added countries and timezones (jsc#PM-2081)

  • Add the VirtualPC as virtualization type (bsc#1178990)

  • Fix the activation key handling from kickstart profile (bsc#1178647)

  • Improve modular dependency resolution algorithm (bsc#1177267)

  • fix query using old EVR_T constructor (bsc#1181422)

spacewalk-reports:

  • Fixes no file content in spacewalk-report config-files

  • Write <binary data> placeholder instead of dumping binary data

spacewalk-utils:

  • Remove Debian 9 and 10 channels for SUSE Manager, now provided by SCC data

spacewalk-web:

  • Fix Package States page display error (bsc#1180580)

  • Fix incorrect password autocompletions (bsc#1148357)

  • Migrate CommonJS based React components to ES6

  • Prevent deletion of CLM environments if they’re used in an autoinstallation profile (bsc#1179552)

  • Fix loading indicator for tables using SimpleDataProvider (bsc#1177756)

  • Fix question mark explanations for Recurring States (bsc#1179485)

  • Allow specifying both name and label of new Content Environment (bsc#1176411)

susemanager:

  • Use product IDs for Debian 9 and 10 SUSE Manager bootstrap repo data

susemanager-build-keys:

  • Add Debian 9 and Debian 10 keys

  • Add Debian 8 Archive Key - required to verify Debian 9 successfully (bsc#1181233)

susemanager-doc-indexes:

  • Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)

  • Fixed package name and command in Troubleshooting Renaming Server section of the Administration Guide (bsc#1179171)

  • Added documentation on replacing a proxy server in the Installation Guide (bsc#1179438)

  • Moves and updates advice about modular repositories on RHEL clones in Client Configuration Guide (bsc#1179277)

  • Adds Debian 9 and 10 on SUSE Manager to Client configuration

  • Adds troubleshooting info for ISS caching

  • Adds note about Appstream Packages in Channels section of Client configuration Guide (bsc#1179525)

  • Corrected name of unresolved include (bsc#1181129)

susemanager-docs_en:

  • Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)

  • Fixed package name and command in Troubleshooting Renaming Server section of the Administration Guide (bsc#1179171)

  • Added documentation on replacing a proxy server in the Installation Guide (bsc#1179438)

  • Moves and updates advice about modular repositories on RHEL clones in Client Configuration Guide (bsc#1179277)

  • Adds Debian 9 and 10 on SUSE Manager to Client configuration

  • Adds troubleshooting info for ISS caching

  • Adds note about Appstream Packages in Channels section of Client configuration Guide (bsc#1179525)

  • Corrected name of unresolved include (bsc#1181129)

susemanager-schema:

  • Changed to versioned Python3 to SPEC file.

  • Python3 port for blend tool

  • Add missing unique index on suse tables

  • Fix Debian package version comparison

  • Add new valid countries and timezones (jsc#PM-2081)

  • Add the VirtualPC type in rhnVirtualInstanceType table(bsc#1178990)

  • Improve cleanup time after fixing Debian package version comparison (bsc#1181116)

susemanager-sls:

  • Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227)

  • fix apt login for similar channel labels (bsc#1180803)

susemanager-sync-data:

  • Add product definitions for Debain 9 AMD64 and Debian 10 AMD64

  • change centos 6 URLs to vault.centos.org

uyuni-common-libs:

  • Section in Debian packages in now treated as optional (bsc#1179555)

yomi-formula:

  • Add temporary and explicit dependency to libudev1

Version 4.1.4

image-sync-formula:

  • Send image_synced event to master

mgr-libmod:

  • Fix 'module not found' exception handling (bsc#1179257)

postgresql-jdbc:

pxe-yomi-image-sle15:

  • Update config.sh based on last JeOS template

  • Update JEOS_LOCALE to en_US.UTF-8

  • Support config{_url}{_name} for user provided configuration

python-susemanager-retail:

  • Handle organizations in retail_create_delta

saltboot-formula:

  • Support older SLE11 cryptsetup (bsc#1172287)

  • Use images with "synced" flag

spacecmd:

  • Fix: make spacecmd build on Debian

spacewalk-admin:

  • Use the license macro to mark the LICENSE in the package so that when installing without docs, it does install the LICENSE file

  • Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435)

spacewalk-backend:

  • Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)

  • Do not raise TypeError when processing SUSE products (bsc#1178704)

  • Fix spacewalk-repo-sync to successfully manage and sync ULN repositories

  • Fix errors in spacewalk-debug and align postgresql queries to new DB version

  • ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)

  • Re-enables possibility to use local repos with repo-sync (bsc#1175607)

  • Add 'allow_vendor_change' option to rhn clients for dist upgrades

spacewalk-certs-tools:

  • Improve check for correct CA trust store directory (bsc#1176417)

spacewalk-client-tools:

  • Update translations

spacewalk-java:

  • Update content sensitive help links

  • Update exception message in findSyncedMandatoryChannels

  • Report resolved module dependencies on CLM project details page

  • Allow creating custom ULN repositories with uln:// urls

  • Change message "Minion is down" to be more accurate

  • Localize documentation links

  • Temp: revert Sync state modules when starting action chain execution (bsc#1177336)

  • Fix check for available products on ISS Slaves (bsc#1177184)

  • XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)

  • Get media.1/products for cloned channels (bsc#1178303)

  • Calculate size to truncate a history message based on the htmlified version (bsc#1178503)

  • Make image pillar visible only in buildhost organization

  • Maintain list of synced images in pillar

  • Enable validation of Content Lifecycle Management entities in the XMLRPC API (bsc#1177706)

  • Fix the order of the arguments in the XMLRPC API doc for contentmanagement.buildProject (bsc#1177704)

  • Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)

  • Log token verify errors and check for expired tokens

  • Show only kernel options in advanced autoinstallation page when working with a salt minion (bsc#1177767)

  • Show cluster upgrade plan in the upgrade UI

  • Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)

  • Add new allowVendorChange flag for dist upgrades

  • Sync state modules when starting action chain execution (bsc#1177336)

  • Enable redfish power management by default

spacewalk-search:

  • Add multi lang support to the document search

spacewalk-setup:

  • Add sock_pool_size setting by default for better performance

spacewalk-web:

  • Update content sensitive help links

  • Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)

  • Fix the search panel in CLM filters page

  • Localize documentation links

  • Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)

  • Show cluster upgrade plan in the upgrade UI

  • Don’t allow selecting spice for Xen PV and PVH guests

supportutils-plugin-susemanager:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

susemanager:

  • Adapt Debian10 bootstrap repository definition for salt on Python 3

  • Add --force to mgr-create-bootstrap-repo to enforce generation even when some products are not synchronized

susemanager-doc-indexes:

  • Added warning about local repositories in the Clients Configuration Guide

  • Removed duplicate contact method entry in Client Configuration Guide

  • Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide

  • Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide

  • Added Salt Minion file contact method to Client Configuration Guide

  • Added Redfish to power management protocols section

  • Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)

  • Added procedure for adding virtualization guests to the Client Configuration Guide

  • New guide added: Quickstart SAP Guide

  • Add multilang support

susemanager-docs_en:

  • Added warning about local repositories in the Clients Configuration Guide

  • Removed duplicate contact method entry in Client Configuration Guide

  • Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide

  • Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide

  • Added Salt Minion file contact method to Client Configuration Guide

  • Added Redfish to power management protocols section

  • Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)

  • Added procedure for adding virtualization guests to the Client Configuration Guide

  • New guide added: Quickstart SAP Guide

  • Add multilang support

susemanager-frontend-libs:

  • Update Bootstrap to 3.1.0

susemanager-schema:

  • Add 'preferred_docs_locale' to UserInfo table

  • Add new column to rhnactiondup table for allowVendorChange flag

  • Move dist upgrade SQL file to the correct directory so it gets picked up in schema upgrades (bsc#1179759)

susemanager-sls:

  • Fix: sync before start action chains (bsc#1177336)

  • Temp: revert Sync state modules when starting action chain execution (bsc#1177336)

  • Handle group- and org-specific image pillars

  • Use require in reboot trigger (bsc#1177767)

  • Add pillar option to get allowVendorChange option during dist upgrade

  • Sync state modules when starting action chain execution (bsc#1177336)

susemanager-sync-data:

  • Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS

  • Remove duplicate repo definition

uyuni-cluster-provider-caasp:

  • Show the cluster upgrade plan in the UI

yomi-formula:

  • Update to version 0.0.1+git.1604593202.a2c22bf:

    • storage: hide mountpoint if no filesystem

    • software: migrate repos as certs

    • software: add verify parameter

    • _grains: efi grains are in Salt now

    • software: transfer current repository

    • software: add repository options

    • lvm: fix indentation

    • partitioned: fix parted call and tests

  • Update to version 0.0.1+git.1601999695.6141130:

    • README: add user provided config

  • Update to version 0.0.1+git.1598948600.9a9eab0:

    • Replace fdisk with parted in partitioned

Version 4.1.3

bind-formula:

  • Temporarily disable dnssec-validation as hotfix for bsc#1177790

grafana-formula:

  • Use variable for product name

  • Add HA/SAP dashboards

  • Add support for system groups in Client Systems dashboard

image-sync-formula:

  • Do not use .gz suffix for default initrd symlink

  • Keep the old symlink "initrd.gz" for compatibility

prometheus-formula:

  • Disable Alertmanager clustering (bsc#1178145)

  • Use variable for product name

prometheus-exporters-formula:

  • Fix empty directory values initialization

  • Add systemd collector as default for node_exporters since otherwise some SAP/HA grafana dashboards will be empty

  • Disable reverse proxy on default

pxe-formula:

  • Change default to "initrd" without .gz suffix

py26-compat-salt:

  • Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361) (CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)

python-susemanager-retail:

  • Use name "initrd" without .gz suffix

salt-netapi-client:

saltboot-formula:

  • Allow setting terminal kernel parameters in saltboot formula

spacecmd:

  • Python3 fixes for errata in spacecmd (bsc#1169664)

  • Added support for i18n of user-facing strings

  • Python3 fix for sorted usage (bsc#1167907)

spacewalk-admin:

  • Show info message when applying schema upgrade

spacewalk-backend:

  • Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-branding:

  • Enable to switch to multiple webUI theme

spacewalk-client-tools:

  • Remove RH references in Python/Ruby localization and use the product name instead

spacewalk-java:

  • Remove expiration date from ics files (bsc#1177892)

  • Execute Salt SSH actions in parallel (bsc#1173199)

  • Enable to switch to multiple webUI theme

  • Fix action chain resuming when patches updating salt-minion don’t cause service to be restarted (bsc#1144447)

  • Renaming autoinstall distro didn’t change the name of the Cobbler distro (bsc#1175876)

  • Fix the links for downloading the binaries in the package details UI (bsc#1176603)

  • Allow nightly ISS sync to also cover custom channels

  • Fix: reinspecting a container image (bsc#1177092)

  • Add power management xmlrpc api

  • Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159)

  • Log exception trace on fatal Taskomatic startup error

  • Fix max password length check at user creation (bsc#1176765)

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

  • Fix SP migration after dry run for cloned channels (bsc#1176307)

  • Filter not available optional channels out

  • Use correct eauth module and credentials for Salt SSH calls (bsc#1178319)

spacewalk-search:

  • Change default maximum memory to 512 MB, preventing OutOfMemoryError

spacewalk-web:

  • Enable to switch to multiple webUI theme

  • Only refresh the virtual storage list when pool events are received

  • Drop node-fetch to fix CVE-2020-15168

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

susemanager:

  • Create bootstrap repo should not flush by default (bsc#1175843)

  • Improve detection of base channels for products (bsc#1177478)

  • Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the bootstrap definitions as some packages from LTSS are required (bsc#1177524)

  • Fix logrotate config

  • Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629)

susemanager-build-keys:

  • Replace "SuSE" user-facing references with "SUSE"

susemanager-doc-indexes:

  • Documented zypper autorefresh feature in Upgrade Guide

  • Update SP Migration chapter in Client Configuration Guide

  • In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings

  • Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide

  • Updated Requirements chapter in Installation Guide.

  • Edits OpenSCAP section in Admin Guide (bsc#1176413)

  • Updated Terminology section in Salt Guide

  • Added on-demand images content to Install Guide

  • New book Quick Start - SAP

  • Adds webUI locale choice to Ref & Admin Guides

  • Adds new System Types section to Client Cfg

  • Updates supported client matrix in Install Guide

  • Add note about log file to Upgrade Guide

  • Removes outdated content from Activation Keys section (bsc#1177396)

  • Adds note about PAM Auth during migration (bsc#1177730)

  • Fixed broken table in admin guide

susemanager-docs_en:

  • Documented zypper autorefresh feature in Upgrade Guide

  • Update SP Migration chapter in Client Configuration Guide

  • In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings

  • Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide

  • Updated Requirements chapter in Installation Guide.

  • Edits OpenSCAP section in Admin Guide (bsc#1176413)

  • Updated Terminology section in Salt Guide

  • Added on-demand images content to Install Guide

  • New book Quick Start - SAP

  • Adds webUI locale choice to Ref & Admin Guides

  • Adds new System Types section to Client Cfg

  • Updates supported client matrix in Install Guide

  • Add note about log file to Upgrade Guide

  • Removes outdated content from Activation Keys section (bsc#1177396)

  • Adds note about PAM Auth during migration (bsc#1177730)

  • Fixed broken table in admin guide

susemanager-schema:

  • Execute Salt SSH actions in parallel (bsc#1173199)

  • Show info message when applying schema upgrade

  • Add web_theme user preferences column (bsc#1178204)

susemanager-sls:

  • Fix action chain resuming when patches updating salt-minion don’t cause service to be restarted (bsc#1144447)

  • Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)

  • Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer

  • Add support for activation keys on server configuration Salt modules

  • Ensure the yum/dnf plugins are enabled

  • Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159)

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  • Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  • Update to 1.0.1

    • Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via osc service disabledrun

    • Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749

  • Update to 1.0.0

    • Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671

    • Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0

  • Update to 1.0.0-rc.0

    • The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279

    • The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393

    • Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".

    • Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417

    • Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510

    • Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

  • Add missing sysconfig file in rpm bsc#1151557

hibernate5:

hub-xmlrpc-api:

  • One configuration flag was renamed for clarity

  • Added USE_SSL flag to https insted of plain http

  • Updated docs

  • Bugfixes

  • Changed configuration to plain variables

  • Bugfixes

patterns-suse-manager:

  • Change PostgreSQL requirements to require at least PostgreSQL 12

prometheus-exporters-formula:

salt-netapi-client:

  • Fix text resource usage

spacecmd:

  • Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)

spacewalk-backend:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Only regenerate bootstrap repositories when linking new packages (bsc#1174636)

  • Support installer_updates flag in ISS

  • Remove duplicate languages and update translation strings

spacewalk-branding:

  • Re-enable language picker for user creation

spacewalk-certs-tools:

  • Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  • Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  • Remove duplicated languages and update translation strings

spacewalk-java:

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Pass the log level parameter to matcher

  • Add language picker to user preferences and user creation

  • Detect client organization from connected proxy (bsc#1175545)

  • Fix EntityExistsException on migration from traditional to salt minion via proxy (bsc#1175556)

  • Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529)

  • Add java.allow_adding_patches_via_api to allow adding errata to vendor channels

  • Fix alignment on icon on entitlement page

  • Support installer update channels during autoinstallation

  • Filter machines not in maintenance mode for remote commands

  • Reset the server path on minion registration (bsc#1174254)

  • Data null means the sync never ran yet (bsc#1174357)

spacewalk-utils:

  • Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529)

spacewalk-web:

  • Fix the jQuery selector in SP Migration page (bsc#1176500)

  • Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503)

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Add translation support for react t() function

  • Fix striping on react tables

  • Update translation strings

subscription-matcher:

  • Allow matching any guest products for Unlimited Virtualization subscriptions (bsc#1165287)

  • Only report confirmed matches in the output.json

  • Expose the log level setting to the command line

  • In the subscriptions CSV output, print the active subscriptions first

susemanager:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Support installer update channels during autoinstallation

  • Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS bootstrap problems (bsc#1176913)

susemanager-build-keys: - Trust PackageHub key (bsc#1175103)

susemanager-doc-indexes:

  • Remove old certs before renaming in Administration Guide (bsc#1171836)

  • Reference example scripts for SP Mass Migration in Upgrade Guide

  • Move PoS Terminal Requirements to the Requirements sections in the Retail Guide

  • Updated SP Mass Migration section in Upgrade Guide for clarity

  • Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  • New section Upgrade Uyuni Proxy in Upgrade Guide

  • New section Upgrade Uyuni Server in Upgrade Guide

  • Add GPG information about Oracle clients to SUMA (bsc#1173520)

  • Add hostname admonition to public cloud sections (bsc#1173621)

  • Add error wording to Taskomatic troubleshooting (bsc#1172263)

  • Add required URLs to Installation Guide

  • Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Added more concepts to Client Cfg

  • Documented maintenance windows feature in Admin Guide

  • Some reorganization of Client Cfg & Admin Guides

  • Updates storage device requirements in Install Guide

  • Adds new section for SUMA formulas in the Salt Guide

  • Updates storage device requirements in Install Guide

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • Add note about CentOS upstream repository (bsc#1173603)

  • Add firewall troubleshooting to Admin Guide

  • Fix Azure command in Install Guide (thanks Rahul-CTS)

  • Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  • Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  • Adds Uyuni Config Modules to the Salt Guide as tech preview

  • Fix contrast problem for visited links (bsc#1176862)

susemanager-docs_en:

  • Remove old certs before renaming in Administration Guide (bsc#1171836)

  • Reference example scripts for SP Mass Migration in Upgrade Guide

  • Move PoS Terminal Requirements to the Requirements sections in the Retail Guide

  • Updated SP Mass Migration section in Upgrade Guide for clarity

  • Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  • New section Upgrade Uyuni Proxy in Upgrade Guide

  • New section Upgrade Uyuni Server in Upgrade Guide

  • Add GPG information about Oracle clients to SUMA (bsc#1173520)

  • Add hostname admonition to public cloud sections (bsc#1173621)

  • Add error wording to Taskomatic troubleshooting (bsc#1172263)

  • Add required URLs to Installation Guide

  • Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Added more concepts to Client Cfg

  • Documented maintenance windows feature in Admin Guide

  • Some reorganization of Client Cfg & Admin Guides

  • Updates storage device requirements in Install Guide

  • Adds new section for SUMA formulas in the Salt Guide

  • Updates storage device requirements in Install Guide

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • Add note about CentOS upstream repository (bsc#1173603)

  • Add firewall troubleshooting to Admin Guide

  • Fix Azure command in Install Guide (thanks Rahul-CTS)

  • Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  • Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  • Adds Uyuni Config Modules to the Salt Guide as tech preview

  • Fix contrast problem for visited links (bsc#1176862)

susemanager-schema:

  • Support installer update channels during autoinstallation

  • Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)

susemanager-sls:

  • Add uyuni-config-modules subpackage with Salt modules to configure Servers

  • Fix reporting of missing products in product.all_installed (bsc#1165829)

Version 4.1.1

cobbler:

image-sync-formula:

  • Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default /srv/saltboot if that pillar is missing so image-sync can be applied on non branch minions as well.

mgr-libmod:

  • Remove unnecessary array wrap in 'list_modules' response object

mgr-osad:

  • Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)

openvpn-formula:

  • Add hint that ssl certs must be on system (bsc#1172279)

patterns-suse-manager:

  • Add Recommends for golang-github-QubitProducts-exporter_exporter

prometheus-exporters-formula:

  • Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)

  • Add support for exporters proxy (exporter_exporter)

pxe-default-image-sle15:

  • Rollback the workaround for bsc#1172807, as dracut is now fixed

saltboot-formula:

spacecmd:

spacewalk-backend:

  • Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  • Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  • Adds basic functionality for gpg check

  • Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-branding:

  • Implement Maintenance Windows

  • Fix typo on spacewalk-branding license

spacewalk-certs-tools:

spacewalk-java:

  • use media.1/products from media when not specified different (bsc#1175558)

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix error when rolling back a system to a snapshot (bsc#1173997)

  • Implement maintenance windows backend

  • Add check for maintainence window during executing recurring actions

  • Implement maintenance windows in struts

  • XMLRPC: Assign/retract maintenance schedule to/from systems

  • Fix softwarechannel update for vendor channels (bsc#1172709)

  • Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)

  • Change system list header text to something better (bsc#1173982)

  • Set CPU and memory info for virtual instances (bsc#1170244)

  • Add virtual network Start, Stop and Delete actions

  • Add virtual network list page

  • Fix httpcomponents and gson jar symlinks (bsc#1174229)

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

  • Provide comps.xml and modules.yaml when using onlinerepo for kickstart

  • Refresh virtualization pages only on events

  • Fix up2date detection on RH8 when salt-minion is used for registration

  • Improve performance of the System Groups page with many clients (bsc#1172839)

  • Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468)

  • Bump XMLRPC API version number to distinguish from Spacewalk 2.10

  • Cluster UI: return to overview page after scheduling actions

  • Fix NPE on auto installation when no kernel options are given (bsc#1173932)

  • Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)

  • Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state.

spacewalk-utils:

  • Add aarch64 for openSUSE Leap 15.1 and 15.2

spacewalk-web:

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix JS linting errors/warnings

  • Enable Nutanix AHV virtual host gatherer.

  • Web UI: Implement managing maintenance schedules and calendars

  • Warn when a system is in multiple groups that configure the same formula in the system formula’s UI (bsc#1173554)

  • Add virtual network start, stop and delete actions

  • Add virtual network list page

  • Fix internal server error when creating module filters in CLM (bsc#1174325)

  • Fix VM creation page when there is no volume in the default storage pool

  • Refresh virtualization pages only on events

  • Product list in the Wizard doesn’t show SLE products first (bsc#1173522)

  • Cluster UI: return to overview page after scheduling actions

  • Changes in the logic to update the tick icon.

  • For the postgres localhost:5432 case, use the

  • Fix internal server errors by returning 0 instead of dying

  • Add missing dependency to spacewalk-base-minimal (bsc#678126)

  • Change kickstart to autoinstallation in navigation on pxt pages

  • Debranding

suseRegisterInfo:

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

susemanager:

  • Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780)

  • Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

  • Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167)

susemanager-doc-indexes:

  • Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Left navigation structure cleaned up

  • Fixed several broken xrefs

  • Added hostname admonition for public cloud sections

  • Clarified Branch Proxy configuration instructions

  • Fixed index page pdf links, urls were 1 step to deep

  • SUSECOM 2020 branding update

  • PDF 2020 branding update

  • WEBUI 2020 branding update

  • Added maintenance window documentation

  • Added SLE client chapter

  • Added 508 compliance

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Added docs for nutanix VHM

susemanager-docs_en:

  • Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Left navigation structure cleaned up

  • Fixed several broken xrefs

  • Added hostname admonition for public cloud sections

  • Clarified Branch Proxy configuration instructions

  • Fixed index page pdf links, urls were 1 step to deep

  • SUSECOM 2020 branding update

  • PDF 2020 branding update

  • WEBUI 2020 branding update

  • Added maintenance window documentation

  • Added SLE client chapter

  • Added 508 compliance

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Added docs for nutanix VHM

susemanager-frontend-libs:

  • Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

  • Add new states and types for virtual instances in order to support Nutanix AHV.

  • Implement Maintenance Windows

  • Add virtual network state change action

  • Internal fixes to avoid problems with the idempotency tests

susemanager-sls:

  • Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)

  • Fix: supply a dnf base when dealing w/repos (bsc#1172504)

  • Fix: autorefresh in repos is zypper-only

  • Add virtual network state change state to handle start, stop and delete

  • Add virtual network state change state to handle start and stop

  • Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)

  • Force a refresh after deleting a virtual storage volume

  • Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169)

  • Require PyYAML version >= 5.1

  • Log out of Docker registries after image build (bsc#1165572)

  • Prevent "module.run" deprecation warnings by using custom mgrcompat module

susemanager-sync-data:

  • Remove version from centos and oracle linux identifier (bsc#1173584)

uyuni-common-libs:

  • Fix issues importing RPM packages with long RPM headers (bsc#1174965)

virtual-host-gatherer:

  • Add new gatherer module for Nutanix AHV.

virtualization-host-formula:

  • Ensure kernel-default and libvirt-python3 are installed

  • Set bridge network as default

  • Fix conditionals (bsc#1175791)

yomi-formula:

  • Update to version 0.0.1+git.1595952633.b300be2:

    • pillar: install always kernel-default

    • chroot: python3-base is now a capability

    • Move systemctl calls inside chroot

    • Network: initial work for network declaration

    • MicroOS: Remove tmp subvolume

    • Update format following the new standard

    • Fix __mount_device wrapper

Major changes since SUSE Manager Server 4.0

New SUSE branding

The SUSE Manager 4.1 WebUI and documentation have been refreshed with the new SUSE branding guidelines, as published in the SUSE Brand website and SUSE EOS Design System.

The new theme is lighter and gives a bit more of free space between elements for better readability.

New products enabled

  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family (including LTSS)

  • SUSE Linux Enterprise 15 SP3 family (beta)

  • SUSE Container as a Service Platform 4.5

  • SUSE Enterprise Storage 7

  • openSUSE Leap 15.2

  • MicroFocus Open Enterprise Server 2018 SP2

  • CentOS 6, 7, and 8

  • Oracle Linux 6, 7 and 8

  • Ubuntu 20.04 LTS *

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete your existing channels, synchronize the channel information from SCC, and reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows in the product tree in the WebUI.

Ubuntu 20.04 LTS

The Ubuntu 20.04 LTS product is now managed as a vendor channel and repository URLs (but not packages or metadata) come from SCC directly, so there is no need to use spacewalk-common-channels or manually add the repository URLs.

Ubuntu 18.04 LTS and 16.04 LTS still require manually adding the repository URLs via the WebUI or spacewalk-common-channels.

Cluster Management

As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with SUSE Manager 4.1 initially providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecture: redundant servers, scale out, high-availability, etc where you deploy different kinds of clusters, such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a whole piece of infrastructure instead of as discrete nodes puts you in charge.

SUSE Manager 4.1 implements cluster management of SUSE CaaS Platform 4.x clusters. SUSE Manager works hand-in-hand with CaaS Platform to make sure that all cluster operations are issued properly.

The following actions are currently supported:

  • Register an existing cluster to SUSE Manager

  • Add or remove nodes to the cluster

  • Promote SLES system to managing node

  • Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an upcoming version of SUSE Manager.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified schedule. You can apply recurring action to individual clients, to all clients in a system group, or to an entire organization. The Recurring Actions section in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent releases of SUSE Manager, including maintenance windows and patch automation.

Monitoring enhancements

Federation

The new version of the Prometheus formula allows configuring federation and pulling relevant metrics from Prometheus instances to provide a global monitoring view. This configuration is useful for a number of cases, such as:

  • Remote sites, each one with its own Prometheus server

  • Collecting monitoring data from multiple applications, each one of them providing its own Prometheus server (e. g. multiple SUSE products: SUSE Manager, CaaSP, SES, HA)

The combined data can then be visualized using Grafana.

Note that suitable recording rules have to be configured on the Prometheus instances (for example at CaaSP Prometheus instances). For more information about Prometheus federation, check the official documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus instances themselves (meta-monitoring) and the availability of configured targets. These rules can be changed in the WebUI.

CaaSP dashboards

Specific Grafana dashboards for SUSE Container as a Service Platform have been integrated and can be deployed via the WebUI.

Updated Grafana and Prometheus

Grafana has been updated to version 7.0.3 and Prometheus to version 2.18.

Updated Node Exporter

The Prometheus Node Exporter has been updated to version 0.18.1.

All the changes can be found in the changelog for the package, or upstream (changelog for 0.18.0 and 0.18.1).

The new version includes some breaking changes:

  • Renamed interface label to device in netclass collector for consistency with other network metrics

  • The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides

  • The labels for the network_up metric have changed

  • Bonding collector now uses mii_status instead of operstatus

  • Several systemd metrics have been turned off by default to improve performance. These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds

  • The systemd collector blacklist now includes automount, device, mount, and slice units by default

Virtual storage pool support

Virtual machine disks are stored in storage pools. Previously, SUSE Manager could only list storage pools.

With SUSE Manager 4.1, it is now possible to create, edit, start, stop, refresh, and delete storage pools. This is available from the WebUI, or through Salt states.

Performance improvements

Reposync

Repository syncing has been optimized to perform in less time with respect to past versions. The performance improvement could be up to 6 times faster, depending on the hardware setup (specifically CPUs and network bandwidth) and number of packages.

Content Lifecycle Magement

Content Lifecycle Management has been optimized, with basic operations (build, promotion) up to two orders of magnitude faster and a quicker UI loading in installations with many channels and organizations.

Prometheus Service Discovery

Thanks to a number of enhancements and optimizations, Prometheus Service Discovery is now 10 times faster, on average, than it was in SUSE Manager 4.0.

Usability

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as well as the required packages for registering Salt or traditional clients during bootstrapping.

In SUSE Manager 4.0 and earlier, bootstrap repository creation was a manual step, using the mgr-create-bootstrap-repo tool.

In SUSE Manager 4.1, bootstrap repositories are automatically created and regenerated on the SUSE Manager Server after a product is synchronized (and all mandatory channels have been fully mirrored).

More details, including how to revert to manual invocation, are available from the Client Configuration Guide.

Automatic database schema migrations and fail-over mechanism

Database schema upgrades are now applied automatically during services startup, so there is no need to call spacewalk-schema-upgrade manually. To prevent SUSE Manager services from starting if the schema upgrade has not successfully completed, a fail-over security mechanism has been implemented.

In case the database migration has not finished, or if it finishes with an error:

  • The spacewalk-service start command fails, and information is provided about the error.

  • No services will start, including the Apache service. This means the WebUI will also be unavailable.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.

In addition to SUSE’s, SUSE Manager 4.1 now includes the GPG keys used to sign packages and/or metadata by other vendors whose products are available in the product tree in the WebUI:

  • openSUSE

  • CentOS

  • Oracle Linux

  • Ubuntu

  • MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still required for security reasons.

Onboarding of clients with SSH keys

In SUSE Manager 4.0, password authentication was the only authentication type available to bootstrap clients from the Server.

SUSE Manager 4.1 introduces a new SSH private key authentication method, including use of a passphrase on the private key. This is specially useful on the public cloud, where images prefer to authenticate with SSH instead of user and password.

To protect your security, the private key is only stored on the SUSE Manager Server during the bootstrap procedure and removed immediately after bootstrapping is complete, therefore the private key must be provided for each bootstrap.

From the API, the new method bootstrapWithPrivateSshKey in the namespace system is documented in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase, MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)

Service Pack migration: remember settings

A common source of errors in Service Pack Migrations is the human factor: a complex migration is carefully crafted, dry-run to a success, only to mysteriously fail in production. More often than not, the reason for this is when re-creating the migration for production, some step was forgotten.

In SUSE Manager 4.1, the Service Pack Migration feature has gained memory: you can now re-run successful dry-runs. This is especially useful when you have configured a complex migration, tested it successfully, and would like to make sure it runs in production with exactly the same settings it was designed to run with. To do this, go to the System Event History of the Dry-run action. There is a button "Run migration" which lets you execute the Service Package Migration.

Subscription warning

SUSE Manager requires an active subscription to connect to the SUSE Customer Center and download content and data.

We have now added a check in the Products page that will show a warning when the subscription is not available for one of these reasons:

  • Subscription was not added

  • Subscription was disabled

  • Subscription expired

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with system type "Proxy".

Improved sync status visibility

In the product page, a new sync status icon has been added to convey the right information.

When a channel contains root and child products, separate feedback is provided for each product, to make sure a synchornization failure in either the root product, or a child product, will be immediately noticed.

Single Page Application UI (SPA)

In an effort to provide our WebUI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.

This enhancement was started in SUSE Manager 4.0 as an opt-in feature and now becomes the default in SUSE Manager 4.1.

RHEL 8 enhancements

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS, and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

In order to make this feature easier to use, in SUSE Manager 4.1:

  • SUSE Manager will show an error and prevent the user from proceeding when there are module conflicts, a module is unavailable or modular filters are in use but no modular sources have been added (and viceversa)

  • Module names can be picked via a UI widget instead of typing this manually, thus avoiding errors

Prometheus exporters

Exporters for RHEL, SLES ES, CentOS, and Oracle Linux 8 are now available:

  • Node exporter: hardware and operating system metrics

  • Apache exporter: Apache HTTP server metrics

  • PostgreSQL exporter: PostgreSQL database metrics

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is not feasible, it is now possible to use a Retail Branch Server running in a remote datacenter or public cloud.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting EFI terminals (systems) using HTTP in addition to TFTP.

Custom headers for reposync

Reposync can now send additional custom HTTP headers configured in the /etc/rhn/spacewalk-repo-sync/extra_headers.conf file.

This new feature serves a number of special use cases, such as feeding special data to network proxies, bypassing MFA or informing traffic inspection devices your data is secure to avoid wasting resources inspecting e. g. large RPMs or containers.

Details are available in the Reference Guide.

New documentation

Two new books have been added to the SUSE Manager 4.1 documentation:

  • Large Deployments Guide. Everything related to architecture and configuration for large (thousands of clients) deployments is contained in this guide. It contains all the documentation for the SUSE Manager Hub component. Some parts of the Salt guide that dealt with parameter tuning for large deployments have now been moved here too.

  • Public Cloud QuickStart Guide. This new guide shows you the fastest way to get SUSE Manager up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

OpenVPN formula

As part of SUSE’s Home Office Workplace initiative in response to the crisis caused by the COVID-19, the SUSE Manager team has created a formula with forms to provision an OpenVPN Server node and manage client certificates from SUSE Manager.

For more details, see the SUSE Home Office Workplace blog, documentation and webinar.

spacewalk-utils

In SUSE Manager 4.0 and earlier, the spacewalk-utils package contained a mix of L3 and L1 supported tools.

In SUSE Manager 4.1, we have split spacewalk-utils in two packages, with clear support levels for each:

  • spacewalk-utils contains only fully-supported (i. e. L3) tools:

    • spacewalk-common-channels: add channels not provided by SCC

    • spacewalk-hostname-rename: change SUSE Manager Server hostname

    • spacewalk-clone-by-date: clone channels by a specific date

    • spacewalk-sync-setup: set up ISS master/slave organization mappings

    • spacewalk-manage-channel-lifecycle: manage channels lifecycle

  • spacewalk-utils-extras contains the tools for which SUSE only provides limited (i. e. L1) support:

    • apply_errata: apply errata to systems

    • delete-old-systems-interactive: remove idle systems

    • migrate-system-profile: migrate systems between organizations

    • spacewalk-api: alternative to spacecmd api

    • spacewalk-export: export Spacewalk 2.x and Red Hat Satellite 5 data

    • spacewalk-export-channels: export Spacewalk 2.x and Red Hat Satellite 5 channels

    • spacewalk-final-archive: archive information from a running Spacewalk 2.x and Red Hat Satellite 5 server prior to a final shutdown

    • spacewalk-manage-snapshots: report on and purge snapshot entries by age

    • sw-ldap-user-sync: creates new SUSE Manager accounts for users in a specific LDAP group and removes SUSE Manager accounts after deleting users from a specific LDAP group

    • sw-system-snapshot: list or delete system snapshots from the management server

    • taskotop: displays a summary of Taskomatic activities in progress

Tools in spacewalk-utils-extras are valuable but they are so specific, or require additional customization for each customer, that it is not possible for SUSE to fully support them. If you were using these scripts in spacewalk-utils in SUSE Manager 4.0 or earlier, you will need to install spacewalk-utils-extras in SUSE Manager 4.1.

L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation. Should you need more advanced help or customization with a tool from spacewalk-utils-extras, please contact SUSE Consulting.

Single Sign-On (SSO)

SUSE Manager supports Single Sign-On authentication to the WebUI by implementing the Security Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0 as a Technology Preview, is now declared stable and fully supported.

SUSE Manager must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.

Technology previews

SUSE Manager Hub XML-RPC API

The SUSE Manager Hub is a new multi-server architecture we are introducing as a technology preview in SUSE Manager 4.1.

Multiple SUSE Manager Servers can be managed from a single Hub node. The Hub is a Salt master itself and the managed SUSE Manager Server servers are both a minion (to the hub) and a master (to their own minions).

SUSE Manager Hub Architecture

The Hub covers a number of use cases, such as:

  • Scalability: when a single SUSE Manager Server will no longer be enough

  • Intermittently connected and bandwidth-limited sites, which can now be managed with their own schedule thanks to the Hub

  • Multi-tenancy with individual SUSE Manager Servers. While SUSE Manager is multi-organization itself, in some scenarios, an even stronger separation is required. The Hub provides a way to manage and aggregate back information for all those SUSE Manager Server servers.

The Hub comprises a number of components that we will be releasing and enhancing during the SUSE Manager 4.1 lifecycle. The first component of the Hub we are now introducing as a Technology Preview is the Hub XML-RPC API, which provides an extended version of the SUSE Manager Server XML-RPC API, targeted for the multi-server case.

Everything related to the Hub is documented in the new Large Deployments Guide.

  • The Hub XML-RPC API reached maturity in SUSE Manager 4.1.2, so it is no longer a technology preview.

Yomi

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE operating systems.

In SUSE Manager 4.1, Yomi can be used as part of provisioning new clients, as an alternative to AutoYaST. Yomi consists of two components:

  • The Yomi formula, which contains the Salt states and modules required to perform the installation.

  • The operating system image, which includes the pre-configured salt-minion service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added in coming releases.

Salt 3000

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run module.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.1 will refuse to start until the database migration from PostgreSQL 10 to PostgreSQL 12 has completed successfully.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Dropped features

Unpublished patches

The Unpublished Patches feature has been dropped in SUSE Manager 4.1.0.

This was a very old feature which originated more than 15 years ago when Spacewalk was used internally by vendors to manage patches before making them available to their customers. This functionality has been superseded a long (more than 10 years) time ago by other features in Uyuni for sysadmins, and by tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.

This will help us realize even further performance improvements in several areas, including the commonly-used Content Lifecycle Management build and promotion operations.

If you still have any unpublished patches, make sure you publish them with SUSE Manager 4.0 before migrating to SUSE Manager 4.1.

API breakage

With the removal of the unpublished patches feature, some APIs have changed and are therefore incompatible with SUSE Manager 4.0 and earlier:

  • Method errata.listUnpublishedErrata was removed

  • Method errata.create has one less parameter (the publish boolean, now always true) and it is now mandatory to specify at least one channel label in the last parameter (channelLabels). Previously specifying at least one channel label was mandatory only if publish was set to true.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and SUSE Manager Retail Branch Server 4.0. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 6, 7 and 8 minor release clients. Older minor releases might still work but will only be supported on a limited and reasonable-effort basis.

The same rule applies to CentOS and Oracle Linux.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 16.04 LTS, 18.04 LTS and 20.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.1 on top of an existing SUSE Linux Enterprise Server 15 SP2 is known to generate an incomplete installation. If you require such a setup, please contact SUSE Consulting.

Known issues

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of SUSE Manager.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features available in the SUSE Manager-provided Salt packages. This is especially important since it will result in the bootstrap repository containing the non-SUSE Salt packages. Therefore, this is an unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt packages from EPEL in advance (for example, by removing the Salt packages in Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS or Oracle Linux.

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation set is missing some packages required for the onboarding to work. It is recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and openssh-clients packages before onboarding.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:

Resources

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.