SUSE Manager Server 4.2

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

August 29th 2023: 4.2.14 release
June 21st 2023: 4.2.13 release
April 13th 2023: 4.2.12 release
March 2nd 2023: 4.2.11 release
November 4th 2022: 4.2.10 release
September 19th 2022: 4.2.9 release
July 27th 2022: 4.2.8 release
June 20th 2022: 4.2.7 release
April 25th 2022: 4.2.6 release
March 30th 2022: 4.2.5.1 release
March 4th 2022: 4.2.5 release
December 3rd, 2021: 4.2.4 release
October 27th, 2021: 4.2.3 release
September 20th, 2021: 4.2.2 release
August 12th, 2021: 4.2.1 release
June 21st, 2021: 4.2 GA

About SUSE Manager 4.2

SUSE Manager 4.2, the latest release from SUSE based on SLES 15 SP3 and the Uyuni Project, further delivers best-in-class open source systems management and automation that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a Hybrid Cloud IT infrastructure, SUSE Manager for 4.2 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Integration of Ansible into a SUSE Manager automation environment to protect customer investment and ease migration (Technology Preview)

Configuration and automation platforms have become increasingly important to control an organization’s ever-growing IT landscape. There are a variety of popular tools in the market and companies may have already made investments in a particular tool, one of them being Ansible.

Adopting SUSE Manager, or migrating to it, does not mean that you should necessarily renounce your previous configuration management systems investment. SUSE Manager 4.2 provides support for Ansible packages on SLE and connects to the Ansible control nodes on any supported client operating system to gather inventory, playbooks and manage clients with SUSE Manager.

SUSE Manager 4.2 allows you to simply re-use and run your Ansible playbooks, saving time and resources by consolidating tools while keeping existing automation investments. This means you do not have to re-implement your Ansible automation solution, making migration to the SUSE landscape easier.

Combined with its strong Salt capabilities, it enhances SUSE Manager’s configuration and automation capabilities helping you to orchestrate even the largest environments – across cloud and on-premise.

Enhanced Security and Compliance by providing OpenSCAP content for SLE and other Linux operating systems

OpenSCAP assists administrators and auditors with assessment, measurement, and enforcement of security baseline through audit scans by using content produced by SUSE (for SUSE Linux Enterprise Server) and other Linux operating systems.

Easily checks system security configuration settings and examine systems for signs of compromise by using rules based on standards and specifications. Use the OpenSCAP feature to assess the compliance level of your client systems according to the selected profile and apply remediation scripts and Ansible playbooks to achieve better compliance when needed.

Usability improvements

Knowing what is the precise configuration being applied to a system when you are managing many of them can be challenging: configuration may come from your organization, one of the many system groups, formulas, configuration and state channels or even be assigned directly to the system. Usability enhancements across the SUSE Manager WebUI now provide a clear and direct way of knowing exactly where your configuration states and channels are coming from and easily assign them.

Conveniently find all your systems in the SUSE Customer Center thanks to SUSE Manager 4.2 forwarding the client names, as if they had been directly connected with SUSEconnect, RMT or SMT.

Other usability improvements include better user interface components, configuring commonly-used parameters such as the FQDN of the system and enhanced filter lists.

Enhanced patch management functionality to help customers streamline the use of Live Patching

Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.

Customers need to prepare for reboot ahead of time before the live kernel approaches the end of life. The implementation of the kernel lifecycle and live kernel patch installation feature in SUSE Manager 4.2 enhances its patch management functionality to help customers streamline the use of Live Patching. Customers can now easily identify when a live kernel is approaching the end of life and define a corrective action, for example, schedule a reboot during a maintenance window, all from the UI.

Optimized performance with virtual machine tuning

Virtual Machines can be created quickly and easily but the default configuration settings may not be the best ones for VM performance. To ensure best performance proper VM configuration is needed. With SUSE Manager 4.2 customer can easily configure VMs (for example according to SAP best practices) through the UI. Tuning parameters will include CPU pinning and memory settings to name but a few.

Simplification of openSUSE Leap to SLES migration – Migrate from openSUSE Leap to SLES in just a few clicks

SUSE Manager now enables changing the repository where a package comes from with a simple product migration. This allows you to easily migrate your system from openSUSE Leap to the respective SLES version in just a few clicks. Instead of replacing the repositories and manually re-installing packages, you can now do the migration in a single action.

Expanded operating system support

With more and more workloads moving to cloud, SUSE Manager caters to where your workloads are going. It is silicone and platform agnostic and provides powerful content control – across hypervisors, clouds, or architectures. SUSE Manager 4.2 enhances its cloud capabilities by adding to its extensive list of Linux distributions.

SUSE Manager 4.2 introduces support for Amazon Linux 2 and AlmaLinux 8, further enabling the management of all your Enterprise Linux distributions from a single tool – no matter where they are located. SUSE Manager now supports the management of SLE, RHEL, openSUSE, Oracle Linux, CentOS, AlmaLinux, Ubuntu, Debian, and Amazon Linux.

SUSE Manager is easier than ever to use in the public cloud with usability and user experience improvements, further simplifying the management of your cloud deployments and client onboarding through cloud-init, Terraform and other cloud native mechanisms.

EDGE: SLE Micro Support (Tech preview)

SLE Micro is an ultra-reliable, lightweight operating system purpose built for edge computing. It leverages the enterprise hardened security and compliance components of SUSE Linux Enterprise and merges them with a modern, immutable, developer-friendly OS platform.

SUSE Manager 4.2 provides initial support for SLE Micro 5.0 clients. Not all SUSE Manager functionalities are initially available for SLE Micro.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Check the newest SUSE Manager 4.2 release notes
Read the SUSE Blog
Use the SUSE Best Practices for SUSE Manager
Join the SUSE Manager discussion forum
Join the upstream Uyuni community and monthly community meetings

Installation

Requirements

SUSE Manager Server 4.2 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 3. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x).

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 and 4.1 is supported.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://documentation.suse.com/suma/4.2/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager Server 4.2 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand clients, when deployed according to the instructions in the Installation Guide on https://documentation.suse.com/suma/4.2/. Scaling beyond that number needs special consideration.

For more information and instructions on large-scale deployments, see the Large Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific configuration and tuning for each use case is needed. Please get in touch with SUSE Consulting for the details.

Major changes since SUSE Manager Server 4.2 GA

Important Note

We have recently undertaken a strategic roadmap revamp for SUSE Manager, leading to adjustments in its release cycle. Notably, we have decided to drop the release of SUSE Manager 4.4, which was originally planned to be based on SUSE Linux Enterprise Server 15 SP5. Instead, we have opted to backport all the intended features of 4.4 to SUSE Manager 4.3. The next major SUSE Manager release will be SUSE Manager 5.0, planned to be released around mid 2024.

As part of this initiative, we have also extended the lifecycle of SUSE Manager 4.3 by an additional year. It is important to note that the Unified Installer will not include SUSE Manager 4.4 due to these changes.

Please be aware that SUSE Manager 4.3 is built on SUSE Linux Enterprise Server 15 SP4, and it will remain in its current state. It is advised not to upgrade the underlying operating system to SUSE Linux Enterprise Server 15 SP5 where SUSE Manager is running on.

We believe these adjustments to the release cycle and extended lifecycle will facilitate a smoother transition and ensure that users can benefit from the planned enhancements without disruption.

Note: The lifecycle of SUSE Manager 4.2 remains unchanged, and it is still scheduled to reach its end of life on October 31, 2023. We advise making appropriate plans to upgrade to SUSE Manager 4.3 to ensure you are using a supported version and can benefit from the latest updates and fixes.

Features and changes

Version 4.2.14

Important Update - Last Planned Maintenance Update for SUSE Manager 4.2

4.2.14 marks the final planned maintenance update for the SUSE Manager 4.2 series. 4.2.14 includes bug fixes and stability improvements for a reliable experience.

SUSE Manager 4.2 will reach its End of Life (EOL) on October 31st. No further updates are planned, except for critical migrations or major CVEs fixes.

To ensure a smooth transition and continued security and performance benefits, we strongly recommend all users to plan and initiate migration to SUSE Manager 4.3 in timely fashion. SUSE Manager 4.3 offers improved performance, enhanced features, and an extended EOL until June 30, 2025.

Version 4.2.13

Salt 3006.0

Salt has been upgraded to upstream version 3006.0, plus a number of patches, backports, and enhancements by SUSE, for the SUSE Manager Server, Proxy, and Client Tools.

Salt 3006.0 is the first LTS release of Salt based on the newly defined release strategy. The purpose of the LTS release is to provide users with a stable version of Salt for a longer period.

For more details about this release, see the Salt 3006.0 upstream release notes.

WARNING: This release updates the Salt version for master and minions. Make sure you update the SUSE Manager Server before updating the clients, as stated here https://docs.saltproject.io/salt/install-guide/en/latest/topics/upgrade.html

New products enabled

Despite SUSE Manager 4.2 nearing its end of life, we want to ensure that customers can manage the new SUSE Linux Enterprise Server service pack and openSUSE product using this version. Therefore, starting from 4.2.13, we will provide support for the following additional OS releases.

SUSE Linux Enterprise Server 15 SP5 Family
openSUSE Leap 15.5

For more information about the registration process, refer to the Registration section, and for more information about supported features, consult the Supported Features.

Automatic migration from Salt 3000 to Salt bundle

As of August 31, 2021, Upstream Salt 3000 has reached its end of life. Consequently, SUSE Manager will cease support for Salt 3000. To continue receiving security updates and support, customers must migrate their current Salt 3000 minions to the Salt Bundle. To date, the migration process can be accomplished by utilizing the pre-existing util.mgr_switch_to_venv_minion state from the command-line interface (CLI).

In SUSE Manager 4.2.13, we have implemented enhancements to make the migration process even smoother for users. Now, the migration will be automatically performed during the first highstate apply, streamlining the overall experience.

Monitoring: Grafana upgraded to 9.5.1

Grafana has been upgraded from 8.5.20 to 9.5.1. This is a big upgrade and include several breaking changes, new features and some important fixes for several security vulnerabilities.

Check the What’s new in Grafana section and the upstream changelog for all the details.

Monitoring: Node exporter upgraded to 1.5.0

With SUSE Manager 4.2.13, golang-github-prometheus-node_exporter has been updated from version 1.3.0 to 1.5.0

The new version changes the Go runtime GOMAXPROCS to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads.

This update fixes the following security vulnerabilities:

CVE-2022-27191
CVE-2022-27664
CVE-2022-46146

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for more details:

Monitoring: Prometheus upgraded to 2.37.6

Prometheus golang-github-prometheus-prometheus has been upgraded from 2.32.1 to 2.37.6. Prometheus 2.37 is the first Long-Term Supported release of Prometheus.

This version contains two noticeable changes related to TLS:

TLS 1.0 and 1.1 disabled by default client-side. Prometheus users can override this with the min_version parameter of tls_config.
Certificates signed with the SHA-1 hash function are rejected. This doesn’t apply to self-signed root certificates.

This update fixes the following security vulnerabilities:

CVE-2022-46146
CVE-2022-41715
CVE-2022-24921

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for more details:

Monitoring: Prometheus alert manager

Prometheus golang-github-prometheus-alertmanager has been patched to include the fix for the following CVE.

CVE-2022-46146 - bsc#1208046

Monitoring: Postgres exporter upgraded to 0.10.1

prometheus-postgres_exporter has been updated from version 0.10.0 to version 0.10.1, with the update fixing the following security vulnerability:

CVE-2022-46146 - bsc#1208046

This update does not include any breaking changes or features.

Check the upstream release notes for all the details.

Monitoring: Blackbox exporter

Prometheus prometheus-blackbox_exporter has been patched to include the fix for the following CVE.

CVE-2022-46146 - bsc#1208046

Version 4.2.12

Documentation: New look and feel

We have recently introduced a new branding for our documentation. The documentation team has created a modern and visually appealing design that enhances the overall user experience. With this new update, we aim to provide a more intuitive and streamlined approach to accessing the information you need. We believe this new design will make it easier for users to navigate and locate the information they need quickly and efficiently.

We look forward to receiving your feedback.

Version 4.2.11

Salt 3000 EOL

Upstream Salt 3000 went End of life on August 31, 2021. However, because it was part of the Advanced Systems Management Module of SUSE Linux Enterprise 12 and there was no bundle available for SUSE Manager 4.1, we needed to keep it supported for the life of SUSE Manager 4.1.

Salt 3000 will no longer be supported in the context of SUSE Manager now that both SUSE Manager 4.1 and the Advanced Systems Management Module of SUSE Linux Enterprise 12 are End of Life. Customers are required to migrate existing Salt 3000 minions for SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7, CentOS 7, Oracle Linux 7, and Amazon Linux 2 to the Salt Bundle in order to get the support.

For more information about performing Salt 3000 to Salt Bundle migrations, please consult the Troubleshooting Clients section in the Client Configuration Guide.

IMPORTANT: The Salt 3000 will no longer receive updates or L3 support. For updates and support, all minions currently using Salt 3000 must be migrated to the Salt Bundle.

Salt Bundle as default contact method for clients

Starting with SUSE Manager 4.2.11, the Salt Bundle becomes the default way to bootstrap systems for all the supported operating systems. Clients already registered will not be changed, but can be switched to Salt Bundle by applying the state util.mgr_switch_to_venv_minion to them.

Check the Client Configuration Guide for information about this.

IMPORTANT: The Salt 3000 will no longer receive updates or L3 support. For updates and support, all minions currently using Salt 3000 must be migrated to the Salt Bundle.

Limit changelogs at repositories metadata to the last 20 entries

Up until recently, SUSE Manager added all the changelog entries for all packages to the generated metadata for each repository generated at the SUSE Manager Server. This caused the file others.xml.gz to be very big in some situations, and therefore increasing the time it takes to synchronize the metadata on the SUSE Manager clients.

Starting with SUSE Manager 4.2.11, this is now limited to 20 entries for each package by default for new packages. Already synced packages will keep the whole changelog.

This change is only about the repository metadata and will not affect the packages themselves, which will keep the complete changelogs.

If you want to go back to keeping all the changelog entries, increase the number of entries, or apply the new default for all existing packages, check the Administration Guide.

Monitoring: Grafana update to 8.5.15

This update fixes several security vulnerabilities:

CVE-2022-39306
CVE-2022-39307
CVE-2022-39201
CVE-2022-31130
CVE-2022-31123
CVE-2022-39229

No other bugfixes, features or changelogs are part of this update.

Check the upstream changelog for all the details.

Version 4.2.10

Monitoring: Apache exporter updated to version 0.11.0 for SUSE Linux Enterprise and openSUSE

Prometheus exporter for Apache has been upgraded from version 0.7 to the version 0.11.0 for SUSE Linux Enterprise and openSUSE, including the SUSE Manager Server, the SUSE Manager Proxy and the SUSE Manager Retail Branch Server.

Check the upstream release notes for more details, including new metrics.

Version 4.2.9

Bugfix release.

Version 4.2.8

SUSE Linux Enterprise 15 SP4

SUSE Manager 4.2 can now manage the newly released SUSE Linux Enterprise Server 15 SP4. For more details about the complete list of supported features, see Client Configuration Guide.

SUSE Manager EOL notification

To make sure that the user is aware about the end-of-life date for SUSE Manager, SUSE Manager now adds a notification to inform the user about it. This notification is shown on every first of the month, starting 6 months before the end-of-life date.

Version 4.2.7

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports, and enhancements by SUSE, for the SUSE Manager Server, Proxy, Retail Branch server and some Client Tools(where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11.10 are used).

Salt 3004 only works with Python 3.5+, therefore:

Salt 3004 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, Debian 10 and Debian 11. There is no Python 2 version for Salt 3004.
Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided for Salt 3000.
Salt 2016.11.10 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details, see the Salt 3004 upstream release notes.

Salt as a Bundle

One of the areas that we want to address in SUSE Manager is to co-exist with other configuration management tools, especially Salt-based, and Salt Bundle is what the team came up with as the solution.

The Salt Bundle can be used on systems that already run another Salt Minion, that do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by SUSE Manager.

Salt Bundle is a single package called venv-salt-minion containing the Salt Minion, Python, and all Python modules. It is exactly the same version and codebase for the current salt-minion RPM package.

Starting with SUSE Manager 4.2.7, it is possible to bootstrap systems with Salt Bundle for all the supported operating systems.

For bootstrapping new clients with the Salt Bundle package instead of salt-minion, the package venv-salt-minion must be present in the bootstrap repository. venv-salt-minion package needs to be included explicitly on generating the bootstrap repository with mgr-create-bootstrap-repo. In SUSE Manager 4.3 bootstrapping with Salt Bundle is the default method if venv-salt-minion package is present in the bootstrap repository relevant for the client.

Clients already registered will not be changed, but can be switched to Salt Bundle by applying the state util.mgr_switch_to_venv_minion to them. For more information see the Client Configuration Guide.

Salt SSH can be used with the Salt Bundle also, it makes the bootstrapping with web UI and managing with Salt SSH independent from the python installed on the client and its modules. To enable Salt SSH with the Salt Bundle support the following parameter should be specified in /etc/rhn/rhn.conf:

web.ssh_salt_pre_flight_script = /usr/share/susemanager/salt-ssh/preflight.sh

More details about the Salt Bundle can be found in Salt Bundle section of the documentation.

Debian 11

SUSE Manager 4.2 is now able to manage Debian 11 "bullseye" clients as salt or salt-ssh minions, through venv-salt-minion (salt bundle).

For more information about the registration process, refer Registering Debian Clients, and for more information about supported features, consult Supported Debian Features.

Monitoring: Alertmanager 0.23.0

The Alertmanager handles alerts sent by client applications such as the Prometheus server.

SUSE Manager 4.2.7 updates Alertmanager golang-github-prometheus-alertmanager to 0.23.0.

Important changes:

Add AWS SNS receiver
amtool: add new template render command

Check the upstream changelog for more details.

Monitoring: Node exporter 1.3.0

SUSE Manager 4.2.7 updates the node exporter golang-github-prometheus-node_exporter to 1.3.0.

Important changes:

Add darwin powersupply collector
Add support for monitoring GPUs on Linux
Add Darwin thermal collector
Add os release collector

Check the upstream changelog for more details.

Version 4.2.6

Improved UI/UX for Formulas

SUSE Manager 4.2.6 come with a number of improvements in Formulas UI. Users with very big formulas had a hard time keeping track and updating some sections when needed.

To help with this and improve the user experience, the following to features have been added.

SUSE Manager now provides a Search Box to search by formula’s group name in formulas to easily filter out the specific content
It also provides a expand/collapse all button for formula sections so users can better navigate through the different section

ISS v2 : Configuration channels

Besides a number of performance-related improvements, users can now also import/export configuration channels using the ISS v2. This is one of the core entities that was planned to be added in ISSv2 besides the software channels.

Better information to SUSE Customer center

SUSE Manager now sends the last seen information of the registered clients to the SCC. Now customers can always see up-to-date information in the SCC. This mainly helps us to avoid staled data problems.

CVE audit: UX improvement

There has been a small improvement added to the CVE audit page. Now for each searched CVE, links from the SUSE security team and Mitre will be provided on the page, even if systems are affected or not. This helps in providing additional information about that CVE without the need for the user to search it through saerch engines.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

  smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

  smdba system-check autotuning [--max_connections=<number>] [--ssd]

Monitoring: Grafana 8.3.5

SUSE Manager 4.2.6 updates Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

XSS vulnerability in handling data sources (CVE-2022-21702)
Cross-origin request forgery vulnerability (CVE-2022-21703)
Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)
GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

New Alerting for Grafana 8
CloudWatch: Add support for AWS Metric Insights
CloudWatch: Add AWS RoboMaker metrics and dimension
CloudWatch: Add AWS Transfer metrics and dimension
CloudWatch: Add AWS LookoutMetrics
CloudWatch: Add Lambda@Edge Amazon CloudFront metrics
CloudMonitoring: Add support for preprocessing
CloudWatch: Add AWS/EFS StorageBytes metric
CloudWatch: Add Amplify Console metrics and dimensions
CloudWatch: Add metrics for managed RabbitMQ service
Elasticsearch: Add support for Elasticsearch 8.0
AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers
AzureMonitor: Add Azure Resource Graph
AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.

Monitoring: Prometheus Postgres exporter updated to 0.10.0 for SUSE Linux Enterprise and openSUSE

SUSE Manager 4-2-6 updates the Postgres exporter from version 0.4.7 to the version 0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as this package is now part of the Prometheus Community Projects. After the package is updated, you will need to reenable the prometheus-postgres_exporter service:

For the Uyuni Server WebUI, proceed to Admin > Manager Configuration > Monitoring. You will see PostgreSQL database is stopped. Click Enable and the service will get started.
For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the clients where the PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL servers using scram-sha-256, which is the new default for Uyuni installations starting with 2022.02.

Check the upstream changelog for more details, including new metrics.

Other operating systems such as for example CentOS7 or AlmaLinux 8 will get 0.10.0 with future Uyuni releases.

Version 4.2.5.1

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941. You should patch your Salt master and minions as soon as possible. Please take the next section into account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking the communication between for Salt master and minion, you need to upgrade your "salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master is not, then the communication between the master and this minion will be broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt       :743 ][ERROR   ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion      :1056][ERROR   ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication between master and minion will be restablished and the errors messages will not longer happen.

Version 4.2.5

Ubuntu errata installation

SUSE Manager now comes with Ubuntu errata support. It does this by downloading errata information from https://usn.ubuntu.com/usn-db/database.json and matching it after the syncing of Ubuntu channels. It also adds support for installing errata on Ubuntu systems by mapping them to package installs. For users, it will be a seamless experience and they will get exactly the same UX as it was for errata management for other distros.

SLES PAYG client support on cloud

It is now possible to sync content from SUSE-operated Cloud RMT Server from the SUSE Manager. This makes it a lot easier for users with SLES PAYG instances because now they don’t need to go through a cumbersome process of getting zero-cost subscriptions. It works in all three major public clouds AWS, GCP, and Azure.

For more information and instructions on this topic, see the Connect Pay-as-you-go instance.

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by a SUSE Manager client using the WebUI.

This can be done from the Connection tab at the Details tab for any Salt client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc tab, and then the Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this moment. The Connection tab will not show the Change link for proxies.

New matchers in Content Lifecycle Management

CLM is even more powerful. New additional matchers (lower, lowereq, greater, greatereq) to CLM package (NEVRA) filter have been added.

Monitoring: Prometheus 2.32.1

SUSE Manager 4.2.5 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the SUSE Manager is updated.

Breaking changes:

Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.
As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

Introduced generic HTTP-based service discovery.
New expression editor with advanced autocompletion, inline linting, and syntax highlighting.
Discovering Kubernetes API servers using a kubeconfig file.
Faster server restart times via snapshotting.
Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Version 4.2.4

New product enabled

SUSE Linux Enterprise Server 15 SP2 LTSS

CentOS 8 support

CentOS 8 will be End of Life on 31st December 2021, and with that the SUSE Manager support for this product will end as well.

Please refer to support section for more information.

Monitoring - Prometheus Blackbox exporter

SUSE Manager 4.2.4 comes with the Blackbox exporter, which allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. Please note that it needs to be installed next to the Prometheus server and not on the clients. Prometheus formula has been extended to configure blackbox exporter.

Check the upstream documentation for more details about it.

Blackbox exporter

System reactivation

It is now possible to re-activate a system using the UI/XMLRPC-API of SUSE Manager which was only possible using bootstrap script before. The bootstrapping page UI has been extended and the user can now enter the reactivation-key of the system and the SUSE Manager will take care of the rest. The same could be achieved from the XMLRPC API as well.

Low Diskspace notification

With SUSE Manager 4.2.4, on the login page, a banner will be shown when available disk space on the server will be running low. This will help users avoid unneeded situations like the automatic shutdown of SUSE Manager when disk space is critically low, without even noticing it.

Version 4.2.3

aarch64 support

In addition to x86_64, now aarch64 support for CentOS 7/8, Oracle Linux 7/8, Rocky Linux 8, AlmaLinux 8, Amazon Linux 2 and openSUSE Leap 15.3 has been added.

Package Locking for Salt Minions

Package locks are used to prevent unauthorized installation or upgrades to software packages. In the past Package Lock feature was only available for traditional clients. Now it is also available for salt clients (SUSE, RHEL and clones, and Debian/Ubuntu). Check the Package Locking for information about how to use this feature.

Content Lifecycle Management improvement

From the Content Lifecycle Management project view, the new column Last build has been added. This information is useful when you need a general overview of all latest build times rather than retrieving the information project by project.

New XMLRPC API methods for SaltKey

Following new XMLRPC methods have been added in SaltKey namespace.

accept : API endpoint to accept minion keys
reject : API endpoint to reject minion keys
pendingList : API endpoint to list pending salt keys
acceptedList : API endpoint to list accepted salt keys
rejectedList : API endpoint to list rejected salt keys

These methods could further help in improving the automation workflows.

Version 4.2.2

Rocky Linux support

SUSE Manager 4.2.2 is now able to manage Rocky Linux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8, RHEL 8 or AlmaLinux 8.

Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the Rocky Enterprise Software Foundation "Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America’s top enterprise Linux distribution now that its downstream partner has shifted direction."

Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with Rocky Linux clients.

For now the following architectures are supported: x86_64

Support for Rocky Linux 8 will continue to improve, including support for other architectures.

Technology Preview: Inter-Server Sync v2

SUSE Manager 4.2.2, includes Inter-Server Synchronization version 2. This new version allows exporting software channels between servers without the previous notions of master and slave. Unlike the previous Inter-Server Synchronization, no mandatory direct connection between servers is needed since data are exported and imported in a disconnected mode.

Check the new Inter-Server Syncronization 2 documentation for more information.

Kiwi parameters for OS Image profiles

It is now possible to pass custom kiwi parameters in OS Image profile.

This is particularly helpful to select a specific profile (--profile <profilename>) for Kiwi files with multiple profiles.

Virtualization

Virtualization in SUSE Manager has received some enhancements:

UEFI support: UEFI support has been added for creating and editing VMs. Note that Auto discovery of the firmware binary and NVRAM depends on the version of libvirt installed on a minion.
virt-tuner templates: virt-tuner template has been added to create the VM. Now user can select the template from the ones supported by the virt-tuner tool.

AppStreams

The content lifecycle project page in the WebUI has been further improved. This page now provides AppStreams with a default filter template. This template creates a module filter for each module in the repository, and specifies the default stream for each module.

Recent cobbler CVEs remediation

In addition to fixing Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root, this release includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.

Salt

Besides number of bug fixes, onlyif/unless behaviour has been unified for 3000, 3002.2 and 3000.3 (used only in py27-compat-salt), it wasn’t the case before and behaviour was different in all and it was pain to deal with it.

Version 4.2.1

Ansible Playbooks

Ansible Playbooks can now run in test mode.

Known issue: When running a playbook in test mode using an Ansible control node that is registered as SSH minion in SUSE Manager, then the action is always reported as failed, even if it succeeds.

Monitoring - Grafana

Grafana was updated from version 7.4.2 to 7.5.7.

Check the upstream documentation for details on what has changed:

Monitoring - Prometheus

Prometheus was updated from version 2.26.0 to 2.27.1.

Important changes:

SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

Check the upstream documentation for more details on what has changed:

CLM Filter Templates

Content Lifecycle Management got a new filter template to setup Live Patching based on an existing system.

OpenSCAP Audit

The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files can be defined. Supported options are:

--profile <name>
--rule <id>
--tailoring-file <path>
--tailoring-id <id>
--fetch-remote-resources
--remediate

You can provide additional OVAL files paths to prevent using --fetch-remote-resource when the file is locally available.

Product Wizard

Free accessible Open source Products are now always visible in the Product Wizard. The accessibility check, that existed to speed up the product refresh, is now removed.

If a firewall or a proxy are blocking access to to such products, the error can be seen at the reposync log files located at /var/log/rhn/reposync/

Additionally the User Notifications were enhanced to show the last lines of the log file in case the sync failed.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.2.14

spacecmd:

Version 4.2.24-1
- Update translations

spacewalk-backend:

Version 4.2.29-1
- Use a constant to get the product name in python code rather than reading rhn.conf (bsc#1212943)
- Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)

spacewalk-java:

Version 4.2.55-1
- Set swap memory value if available
- Set primary FQDN to hostname if none is set (bsc#1209156)(bsc#1214333)
Version 4.2.54-1
- Consider venv-salt-minion package update as a Salt update to prevent backtraces on upgrading salt with itself (bsc#1211884)
Version 4.2.53-1
- Fix "more then one method candidate found" for API function (bsc#1211100)
- Fixed a bug that caused the tab Autoinstallation to hide when clicking on Power Management Management/Operations on SSM -> Provisioning
- Update copyright year (bsc#1212106)
- Disable jinja processing for the roster file (bsc#1211650)
Version 4.2.52-1
- Update jetty-util to version 9.4.51
Version 4.2.51-1
- Update version of Tomcat build dependencies

spacewalk-reports:

Version 4.2.8-1
- Drop Python2 compatibility (bsc#1212589)

spacewalk-setup:

Version 4.2.13-1
- Drop usage of salt.ext.six in embedded_diskspace_check

spacewalk-utils:

Version 4.2.20-1
- Drop Python2 compatibility

spacewalk-web:

Version 4.2.36-1
- Update translation
- Fix VHM CPU and RAM display when 0 (bsc#1175823)
- Fix parsing error when showing notification message details (bsc#1211469)

susemanager:

Version 4.2.44-1
- Require LTSS channels for SUSE Linux Enterprise 15 SP1/SP2/SP3 and SUSE Manager Proxy 4.2 (bsc#1214187)
Version 4.2.43-1
- Add missing Salt 3006.0 dependencies to bootstrap repo definitions (bsc#1212700)
- Make mgr-salt-ssh to properly fix HOME environment to avoid issues with gitfs (bsc#1210994)

susemanager-doc-indexes:

Typo correction for Cobbler buildiso command in Client Configuration Guide
Replaced plain text with dedicated attribute for AutoYaST
Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032)
Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide
Fixed missing tables of content in the Reference Guide (bsc#1208577)
Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)
Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-docs_en:

Typo correction for Cobbler buildiso command in Client Configuration Guide
Replaced plain text with dedicated attribute for AutoYaST
Added a note about Oracle Unbreakable Linux Network mirroring requirements in Client Configuration Guide (bsc#1212032)
Added SUSE Linux Enterprise 15 SP5 and openSUSE Leap 15.5 as supported clients in the Client Configuration Guide
Fixed missing tables of content in the Reference Guide (bsc#1208577)
Fixed instruction for Single sign-on implementation example in the Administration Guide (bsc#1210103)
Removed reference to non-exitent files in Reference Guide (bsc#1208528)

susemanager-schema:

Version 4.2.29-1
- Add schema directory for susemanager-schema-4.2.29

susemanager-sls:

Version 4.2.35-1
- Do not disable salt-minion on salt-ssh managed clients
- Use venv-salt-minion instead of salt for docker states (bsc#1212416)

hub-xmlrpc-api:

CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/serve while validating signatures for extremely large RSA keys (bsc#1213880)
- There are no direct source changes. The CVE on hub-xmlrpc-api is fixed rebuilding the sources with the patched Go version.

inter-server-sync:

Version 0.3.0
- Require at least Go 1.19 for building due to CVE-2023-29409
- Require at least Go 1.18 for building Red Hat packages
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys (bsc#1213880)

Version 4.2.13

branch-network-formula:

Update to version 0.1.1680167239.23f2fec
- Remove unnecessary import of "salt.ext.six"

cpu-mitigations-formula:

Update to version 0.5.0:
- Mark all SUSE Linux Enterprise 15 SP4 and newer and openSUSE 15.4 and newer as supported (bsc#1210835)

hub-xmlrpc-api:

Do not strictly require Go 1.18 on SUSE Linux Enterprise 15 SP3 (bsc#1203599)

inter-server-sync:

Version 0.2.8
- Correctly detect product name and product version number
- Import image channel data only when related software channel is available (bsc#1211330)

perl-Satcon:

Version 4.2.3-1
- Accept keys with dots

spacecmd:

Version 4.2.23-1
- Fix argument parsing of distribution_update (bsc#1210458)

spacewalk-backend:

Version 4.2.28-1
- Filter CLM modular packages using release strings (bsc#1207814)
- Add package details to reposync error logging

spacewalk-certs-tools:

Version 4.2.20-1
- Update translations

spacewalk-java:

Security fixes in version 4.2.50-1:
- CVE-2023-22644: Remove web session swap secrets output in logs (bsc#1210086)
- CVE-2023-22644: Do not output URL parameters for tiny urls (bsc#1210101)
- CVE-2023-22644: Fix session information leak (bsc#1210107)
- CVE-2023-22644: Do not output Cobbler xmlrpc token in debug logs (bsc#1210162)
- CVE-2023-22644: Fix credentials and other secrets disclosure when debug log is enabled (bsc#1210154)
- CVE-2023-22644: Prevent logging formula data (bsc#1209386, bsc#1209434)
Other non-security issues fixed in version 4.2.50-1:
- Fix misleading error message regarding SCC credentials removal (bsc#1207941)
- Fix issue with aclChannelTypeCapable that prevented errata view in deb arch
- Refresh pillars after setting custom values via SSM (bsc#1210659)
- Report SSM power management errors in 'rhn_web_ui' (bsc#1210406)
- Filter CLM modular packages using release strings (bsc#1207814)
- Allow processing big state results (bsc#1210957)
- Use glassfish-activation-api instead of gnu-jaf
- Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
- kernel options: only add quotes if there is a space in the value (bsc#1209926)
- Fix link to Knowledge Base articles (bsc#1210311)
- Remove channels from client after transfer to a different organization (bsc#1209220)
- Fix displaying system channels when no base product is installed (bsc#1206423)
- Fix broken ifcfg grub option on reinstallation (bsc#1210232)
- Fix NPE in Cobbler system sync when server has no creator set
- Add listSystemEvents missing API endpoint (bsc#1209877)

spacewalk-setup:

Version 4.2.12-1
- Enable netapi clients in master configuration (required for Salt 3006)

spacewalk-utils:

Version 4.2.19-1
- spacewalk-hostname-rename remains stuck at refreshing pillars (bsc#1207550)

spacewalk-web:

Version 4.2.35-1
- Show loading indicator on formula details pages (bsc#1179747)
- Increase datetimepicker font sizes (bsc#1210437)
- Fix an issue where the datetimepicker shows wrong date (bsc#1209231)

supportutils-plugin-susemanager:

Version 4.2.7-1
- Fix property name to tune for salt events queue processing

susemanager:

Version 4.2.42-1
- Use newest venv-salt-minion version available to generate the venv-enabled-*.txt file in bootstrap repos (bsc#1211958)
Version 4.2.41-1
- Add bootstrap repository definitions for openSUSE Leap 15.5
- Add bootstrap repository definitions for SUSE Linux Enterprise Server 15 SP5

susemanager-build-keys:

Version 15.3.8
- Fix installation of SUSE Linux Enterprise 15 RSA reserve build key
- Add new 4096 bit RSA openSUSE build key gpg-pubkey-29b700a4.asc

susemanager-doc-indexes:

Salt version changed to 3006.0
Added note for clarification between self-installed and cloud instances of Ubuntu
Improved pay-as-you-go documentation in the Install and Upgrade Guide (bsc#1208984)
Added comment about activation keys for LTSS clients in Client Configuration Guide (bsc#1210011)
Updated API script examples to Python 3 in Administration Guide and Large Deployment Guide
Change cleanup Salt Client description
Added instruction for Cobbler to use the correct label in Client Configuration Guide distro label (bsc#1205600)
Added updated options for rhn.conf file in the Administration Guide (bsc#1209508)
Fixed calculation of DB max-connections and align it with the supportconfig checking tool in the Tuning Guide

susemanager-docs_en:

Salt version changed to 3006.0
Added note for clarification between self-installed and cloud instances of Ubuntu
Improved Pay-as-you-go documentation in the Install and Upgrade Guide (bsc#1208984)
Added comment about activation keys for LTSS clients in Client Configuration Guide (bsc#1210011)
Updated API script examples to Python 3 in Administration Guide and Large Deployment Guide
Change cleanup Salt Client description
Added instruction for Cobbler to use the correct label in Client Configuration Guide distro label (bsc#1205600)
Added updated options for rhn.conf file in the Administration Guide (bsc#1209508)
Fixed calculation of DB max-connections and align it with the supportconfig checking tool in the Tuning Guide

susemanager-schema:

Version 4.2.28-1
- Filter CLM modular packages using release strings (bsc#1207814)
- Repeat schema migrations for module metadata storage (bsc#1209915)

susemanager-sls:

Version 4.2.33-1
- Trust new Liberty Linux v2 key (bsc#1212096)
- Include automatic migration from Salt 3000 to Salt bundle in highstate
- Disable salt-minion and remove its config file on cleanup (bsc#1209277)
- To update everything on a debian system, call dist-upgrade to be able to install and remove packages

virtual-host-gatherer:

Version 1.0.26-1
- Fix cpu calculation in the libvirt module and enhance the data structure by os value

Version 4.2.12

cobbler:

CVE-2022-0860: Unbreak PAM authentication due to missing encode of user input in the PAM auth module of Cobbler (bsc#1197027)
Fix S390X auto-installation for cases where kernel options are longer than 79 characters (bsc#1207308)
Switch packaging from patch based to Git tree based development
All patches that are being removed in this revision are contained in the new Git tree.

guava:

Upgrade to guava 30.1.1
- CVE-2020-8908: temp directory creation vulnerability in Guava versions prior to 30.0. (bsc#1179926)
- Remove parent reference from ALL distributed pom files
- Avoid version-less dependencies that can cause problems with some tools
- Build the package with ant in order to prevent build cycles using a generated and customized ant build system
- Produce with Java >= 9 binaries that are compatible with Java 8

mgr-libmod:

Version 4.2.8-1
- Ignore extra metadata fields for Liberty Linux (bsc#1208908)

spacecmd:

Version 4.2.22-1
- Display activation key details after executing the corresponding command (bsc#1208719)
- Show targetted packages before actually removing them (bsc#1207830)
- Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352)

spacewalk-backend:

Version 4.2.27-1
- Fix the mgr-inter-sync not creating valid repository metadata when dealing with empty channels (bsc#1207829)
- Fix repo sync for cloud "Pay As You Go" connected repositories (bsc#1208772)
- Fix issues with kickstart syncing on mirrorlist repositories
- Do not sync .mirrorlist and other non needed files
- reposync: catch local file not found urlgrabber error properly (bsc#1208288)

spacewalk-client-tools:

Version 4.2.23-1
- Update translation strings

spacewalk-java:

Version 4.2.49-1
- Refactor Java notification synchronize to avoid dead locks (bsc#1209369)
Version 4.2.48-1
- Prevent logging formula data (bsc#1209386)
- Use gnu-jaf instead of jaf
- Use reload4j instead of log4j or log4j12
- Use slf4j-reload4j
- Save scheduler user when creating Patch actions manually (bsc#1208321)
- Add mgr_server_is_uyuni minion pillar item
- Do not execute immediately Package Refresh action for the SSH minion (bsc#1208325)
- Mark as failed actions that cannot be scheduled because earliest date is too old
- Update earliest date when rescheduling failed actions (bsc#1206562)
- Fix reconnection of postgres event stream
- fix NumberFormatException when syncing Ubuntu errata (bsc#1207883)
- Fix duplicate keys in image tables (bsc#1207799)
- Fix CLM environments UI for environment labels containing dots (bsc#1207838)

spacewalk-search:

Version 4.2.10-1
- Use reload4j instead of log4j or log4j12

spacewalk-web:

Version 4.2.34-1
- Fix datetime picker appearing behind modal edge (bsc#1209703)
Version 4.2.33-1
- Deprecate jQuery datepicker, integrate React datepicker (bsc#1209689)
- Fix CLM environments UI for environment labels containing dots (bsc#1207838)

subscription-matcher:

Relax antlr version requirement

supportutils-plugin-susemanager:

Version 4.2.6-1
- Fix DB connection check tool (bsc#1208586)

susemanager-build-keys:

Version 15.3.7 (jsc#PED-2777):
- Add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
- add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
- Add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
- Add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

susemanager-doc-indexes:

Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973)
Branding updated for 2023
New search engine optimization improvements for documentation
Translations are now included in the webui help documentation
Local search is now provided with the webui help documentation

susemanager-docs_en:

Removed z196 and z114 from listing in System Z chapter of the Installation and Upgrade Guide (bsc#1206973)
Branding updated for 2023
New search engine optimization improvements for documentation
Translations are now included in the WebUI help documentation
Local search is now provided with the WebUI help documentation

susemanager-sls:

Version 4.2.32-1
- Improve error handling in mgr_events.py (bsc#1208687)

susemanager-tftpsync:

Version 4.2.4-1
- Fix removal of proxies section in cobbler settings (bsc#1207063)

uyuni-common-libs:

Version 4.2.10-1
- Allow default component for context manager.

virtual-host-gatherer:

Version 1.0.25-1
- Report total CPU numbers in the libvirt module

Version 4.2.11

cobbler:

Prevent error when starting up logrotate.service (bsc#1188191)
Fix improper authorization (bsc#1197027, CVE-2022-0860)

drools:

Deserialization of Untrusted Data: unsafe data deserialization in DroolsStreamUtils.java (bsc#1204879, CVE-2022-1415)

grafana-formula:

Version 0.8.1
- Fix Uyuni/SUMA dashboard names
Version 0.8.0
- Set dashboard names depending on project
- Update dashboards to use new JSON schema
- Fix PostgreSQL dashboard queries
- Migrate deprecated panels to their current replacements
Version 0.7.1
- Fix default password field description (bsc#1203698)
- Do not require default admin and password fields

inter-server-sync:

Version 0.2.7
- Do not update pillars table if it does not exists like in 4.2
Version 0.2.6
- Export package extra tags for complete debian repo metatdata (bsc#1206375)
- Replace URLs in OS Images pillars when exporting and importing images
Version 0.2.5
- Correct error when importing without debug log level (bsc#1204699)

mgr-osad:

Version 4.2.9-1
- Updated logrotate configuration (bsc#1206470)

prometheus-formula:

Version 0.7.0
- Switch from basic authentication to TLS certificate client authentication for Blackbox exporter
- Fix scheme label in clients targets configration
- Add README.md

py27-compat-salt:

Ignore extend declarations from excluded SLS files (bsc#1203886)
Enhance capture of error messages for Zypper calls in zypperpkg module

rhnlib:

Version 4.2.7-1
- Don’t get stuck at the end of SSL transfers (bsc#1204032)

salt-netapi-client:

Version 0.21.0
- See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.21.0
Add transactional_update module
Improve logging when creating salt exception

smdba:

Version 1.7.11
- fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519)

spacecmd:

Version 4.2.21-1
- Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)
- Add python-dateutil dependency, required to process date values in spacecmd api calls
- Correctly understand 'ssm' keyword on scap scheduling
- Fix dict_keys not supporting indexing in systems_setconfigchannelorger

spacewalk-admin:

Version 4.2.13-1
- Generate uyuni_roster.conf with salt-secrets-config (bsc#1200096)

spacewalk-backend:

Version 4.2.26-1
- Fix reposync error about missing "content-type" key when syncing certain channels
- Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
- Updated logrotate configuration (bsc#1206470)
- Add 'octet-stream' to accepted content-types for reposync mirrorlists
- Exclude invalid mirror urls for reposync (bsc#1203826)
- do not fetch mirrorlist when a file url is given
- Keep older module metadata files in database (bsc#1201893)
- Removed the activation keys report from the debug information

spacewalk-certs-tools:

Version 4.2.19-1
- some i18n functions moved to new module which needs to be loaded (bsc#1201142)
- Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517)

spacewalk-client-tools:

Version 4.2.22-1
- Update translation strings

spacewalk-java:

Version 4.2.47-1
- Use uyuni roster salt module instead of flat roster files (bsc#1200096)
Version 4.2.46-1
- Fix registration with proxy and tunnel SSH (bsc#1200096)
Version 4.2.45-1
- Add 'none' matcher to CLM AppStream filters (bsc#1206817)
- Improve logs when sls action chain file is missing
- Do not forward ssh command if proxy and tunnel are present (bsc#1200096)
- Fix not being able to delete CLM environment if there are custom child channels that where not built by the environment (bsc#1206932)
- Include missing 'gpg' states to avoid issues on SSH minions.
- Optimize the number of salt calls on minion startup (bsc#1203532)
- Fix CVE Audit ignoring errata in parent channels if patch in successor product exists (bsc#1206168)
- Fix CVE Audit incorrectly displaying predecessor product (bsc#1205663)
- Fix modular channel check during system update via XMLRPC (bsc#1206613)
- Trigger a package profile update when a new live-patch is installed (bsc#1206249)
- prevent ISE on activation key page when selected base channel value is null
- Only remove product catalog if PAYG ssh credentials are defined (bsc#1205943)
- Updated logrotate configuration (bsc#1206470)
- Limit changelog data in generated metadata to 20 entries
- Fix CLM to not remove necessary packages when filtering erratas (bsc#1195979)
- check for NULL in DEB package install size value
- Allowed cancelling pending actions with a failed prerequisite (bsc#1204712)
- disable cloned vendor channel auto selection by default (bsc#1204186)
- adapt permissions of temporary ssh key directory
- format results for package, errata and image build actions in system history similar to state apply results
- Fix ClassCastException
- Run only minion actions that are in the pending status (bsc#1205012)
- Manager reboot in transactional update action chain (bsc#1201476
- Optimize performance of config channels operations for UI and API (bsc#1204029)
- Don’t add the same channel twice in the System config addChannel API (bsc#1204029)
- fix xmlrpc call randomly failing with translation error (bsc#1203633)
- Optimize action chain processing on job return event (bsc#1203532)
- Re-calculate salt event queue numbers on restart
- Fix out of memory error when building a CLM project (bsc#1202217)
- Process salt events in FIFO order (bsc#1203532)
- Remove 'SSM' column text where not applicable (bsc#1203588)
- Fix rendering of ssm/MigrateSystems page (bsc#1204651)
- Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093)
- Deny packages from older module metadata when building CLM projects (bsc#1201893)
- Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169)
- delay hardware refresh action to avoid missing channels (bsc#1204208)
- During re-activation, recalculate grains if
- Remove unused gson-extras.jar during build

spacewalk-search:

Version 4.2.9-1
- Updated logrotate configuration (bsc#1206470)

spacewalk-web:

Version 4.2.32-1
- Add 'none' matcher to CLM AppStream filters (bsc#1206817)
- fix frontend logging in react pages
- Add bugzilla references to past security fixes
- shell-quote fix CVE-2021-42740 (bsc#1203287)
- moment fix CVE-2022-31129 (bsc#1203288)

supportutils-plugin-susemanager:

Version 4.2.5-1
- Added dependency for XML Simple
- update susemanager plugin to export the number of pending salt events

susemanager:

Version 4.2.40-1
- Add mgr-salt-ssh wrapper to use with uyuni roster Salt module (bsc#1200096)
Version 4.2.39-1
- fix bootstrap repo path for SLES for SAP 12 (bsc#1207141)
- make venv-salt-minion optional for SUSE Manager Proxy 4.2 bootstrap repository (bsc#1206933)
- show RHEL target for bootstrap repo creation only if it is really connected to the CDN (bsc#1206861)
- add python3-extras to bootstrap repo as dependency of python3-libxml2, optional SLES 15 does not have it and it is only required on SP4 or greater (bsc#1204437)

susemanager-build-keys:

Version 15.3.6
- Add rpmlintrc configuration, so "W: backup-file-in-package" for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed
uyuni-build-keys.rpmlintrc

susemanager-doc-indexes:

Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide
Update Salt Bundle guide as Salt Bundle is now the default registration method
Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963)
Added information about java.salt_event_thread_pool_size in Large Deployments Guide
Added information about GPG key usage in the Debian section of the
Updated default number of changelog entries in Administration Guide
Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients
Removed mentions to ABRT in Reference Guide
Extended note about using Salt SSH with Salt Bundle in 4.2
Fixed Liberty Linux client tools label in Client Configuration Guide

susemanager-docs_en:

Include RHEL7 in Salt 3000 to Salt Bundle migration section of the Client Configuration Guide
Update Salt Bundle guide as Salt Bundle is now the default registration method
Re-added statement about Cobbler support in Reference Guide and Client Configuration Guide (bsc#1206963)
Added information about java.salt_event_thread_pool_size in Large Deployments Guide
Added information about GPG key usage in the Debian section of the
Updated default number of changelog entries in Administration Guide
Include migration guide from Salt 3000 to Bundle for SUSE Linux Enterprise 12 and CentOS7 in Troubleshooting Clients.
Removed mentions to ABRT in Reference Guide
Extended note about using Salt SSH with Salt Bundle in 4.2
Fixed Liberty Linux client tools label in Client Configuration Guide

susemanager-schema:

Version 4.2.27-1
- Add created and modified fields to suseMinionInfo to make uyuni roster module cache validation more accurate (bsc#1200096)
Version 4.2.26-1
- Add 'none' matcher to CLM AppStream filters (bsc#1206817)
- Increase cron_expr varchar length to 120 in suseRecurringAction table (bsc#1205040)
- Keep older module metadata files in database (bsc#1201893)
- Fix setting of last modified date in channel clone procedure

susemanager-sls:

Version 4.2.30-1
- Flush uyuni roster cache if the config has changed
- Implement uyuni roster module for Salt (bsc#1200096)
- Fix dnf plugin path calculation when using Salt Bundle (bsc#1208335)
Version 4.2.29-1
- Improve _mgractionchains.conf logs
- Prevent possible errors from "mgractionschains" module when there is no action chain to resume.
- Fix mgrnet custom module to be compatible with old Python 2.6 (bsc#1206979) (bsc#1206981)
- Fix custom "mgrcompat.module_run" state module to work with Salt 3005.1
- filter out libvirt engine events (bsc#1206146)
- Optimize the number of salt calls on minion startup (bsc#1203532)
- Updated logrotate configuration (bsc#1206470)
- Make libvirt-events.conf path depend on what minion is used (bsc#1205920)
- Fix kiwi inspect regexp to allow image names with "-" (bsc#1204541)
- Avoid installing recommended packages from assigned products (bsc#1204330)
- Manager reboot in transactional update action chain (bsc#1201476)
- Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093)
- Perform refresh with packages.pkgupdate state (bsc#1203884)

uyuni-common-libs:

Version 4.2.9-1
- Fix crash due missing "context_manager" when running salt-secrets-config service (bsc#1200096)
Version 4.2.8-1
- some i18n functions moved to new module which needs to be loaded (bsc#1201142)

virtual-host-gatherer:

Version 1.0.24-1
- Report total memory of a libvirt hypervisor
- Improve interoperability with other Python projects

Version 4.2.10

hub-xmlrpc-api:

Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead.

inter-server-sync:

Version 0.2.4
- Improve memory usage and log information #17193
- Conditional insert check for FK reference exists (bsc#1202785)
- Correct navigation path for table rhnerratafilechannel (bsc#1202785)

locale-formula:

Update to version 0.3
- Remove .map.gz from kb_map dictionary (bsc#1203406)

py27-compat-salt:

Fix state.apply in test mode with file state module on user/group checking (bsc#1202167)
Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)

python-urlgrabber:

Fix wrong logic on find_proxy method causing proxy not being used (bsc#1201788)

spacecmd:

Version 4.2.20-1
- Remove "Undefined return code" from debug messages (bsc#1203283)

spacewalk-backend:

Version 4.2.25-1
- Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059)
- Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788)

spacewalk-client-tools:

Version 4.2.21-1
- Update translation strings

spacewalk-java:

Version 4.2.43-1
- Do not disclose Proxy password in browser console log (bsc#1205339)
Version 4.2.42-1
- Fix arbitrary file disclosure vulnerability CVE-2022-43753 (bsc#1204716)
- Fix reflected cross site scripting vulnerability CVE-2022-43754 (bsc#1204741)
- Fix directory path traversal vulnerability CVE-2022-31255 (bsc#1204543)
- Properly pass allow vendor change to salt state (bsc#1204203)
- add ongres requirements to spec file (bsc#1203898)
- Refresh pillar data (bsc#1197724)
- Fix hardware update where there is no DNS FQDN changes (bsc#1203611)
- Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
- Support Pay-as-you-go new CA location for SLES15SP4 and higher (bsc#1202729)
- Detect the clients running on Amazon EC2 (bsc#1195624)

spacewalk-utils:

Version 4.2.18-1
- Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564)

spacewalk-web:

Version 4.2.31-1
- Do not disclose Proxy password in browser console log (bsc#1205339)
Version 4.2.30-1
- Upgrade moment-timezone

susemanager:

Version 4.2.38-1
- add venv-salt-minion to bootstrap repo (bsc#1204146)

susemanager-doc-indexes:

Documented that only SUSE clients are supported as monitoring servers in the Administration Guide
Fixed description of default notification settings (bsc#1203422)
Added missing Debian 11 references
Removed references to Debian 9, as it is EoL, and therefore unsupported by SUSE Manager
Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide
Added secure mail communication settings in Administration Guide
Fixed the incorrect path to state and pillar files in Salt Guide
Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide
Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3

susemanager-docs_en:

Documented that only SUSE clients are supported as monitoring servers in the Administration Guide
Fixed description of default notification settings (bsc#1203422)
Added missing Debian 11 references
Removed references to Debian 9, as it is EoL, and therefore unsupported by SUSE Manager
Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide
Added secure mail communication settings in Administration Guide
Fixed the incorrect path to state and pillar files in Salt Guide
Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide
Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3

susemanager-schema:

Version 4.2.25-1
- Add subtypes for Amazon EC2 virtual instances (bsc#1195624)

susemanager-sls:

Version 4.2.28-1
- Fix mgrnet availability check
- Remove dependence on Kiwi libraries
- Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726)
- Add mgrnet salt module with mgrnet.dns_fqnd function implementation allowing to get all possible FQDNs from DNS (bsc#1199726)

susemanager-sync-data:

Version 4.2.14-1
- Add SUSE Linux Enterprise Server 15 SP3 LTSS

Version 4.2.9

drools:

XEE vulnerability: validator class not used correctly in KieModuleModelImpl.java (bsc#1200629, CVE-2021-41411)

httpcomponents-asyncclient:

Provide maven metadata needed by other packages to build

image-sync-formula:

Update to version 0.1.1661440526.b08d95b
- Add option to sort boot images by version (bsc#1196729)

inter-server-sync:

Version 0.2.3
- Compress exported sql data #16631

patterns-suse-manager:

Strictly require OpenJDK 11 (bsc#1202142)

py27-compat-salt:

Add support for gpgautoimport in zypperpkg module
Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489)
Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
Normalize package names once with pkg.installed/removed using yum (bsc#1195895)

salt-netapi-client:

Declare the LICENSE file as license and not doc
Adapted for Enterprise Linux 9.
Version 0.20.0
- See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0

saltboot-formula:

Update to version 0.1.1676908681.e90e0b1
- Add failsafe stop file when salt-minion does not stop (bsc#1208418)
- Support salt bundle (bsc#1208499)
Update to version 0.1.1661440526.b08d95b
- Fallback to local boot if the configured image is not synced
- improve image url modifications - preparation for ftp/http changes

spacecmd:

Version 4.2.19-1
- Process date values in spacecmd api calls (bsc#1198903)
- Show correct help on calling kickstart_importjson with no arguments
- Fix tracebacks on spacecmd kickstart_export (bsc#1200591)

spacewalk-admin:

Version 4.2.12-1
- Add --help option to mgr-monitoring-ctl

spacewalk-backend:

Version 4.2.24-1
- Make reposync use the configured http proxy with mirrorlist (bsc#1198168)
- Revert proxy listChannels token caching pr#4548
- cleanup leftovers from removing unused xmlrpc endpoint

spacewalk-certs-tools:

Version 4.2.18-1
- traditional stack bootstrap: install product packages (bsc#1201142)

spacewalk-client-tools:

Version 4.2.20-1
- Update translation strings

spacewalk-java:

Version 4.2.41-1
- Fixed date format on scheduler related messages (bsc#1195455)
- Support inherited values for kernel options from Cobbler API (bsc#1199913)
- Add channel availability check for product migration (bsc#1200296)
- Check if system has all formulas correctly assigned (bsc#1201607)
- Remove group formula assignements and data on group delete (bsc#1201606)
- Fix sync for external repositories (bsc#1201753)
- fix state.apply result parsing in test mode (bsc#1201913)
- Reduce the length of image channel URL (bsc#1201220)
- Calculate dependencies between cloned channels of vendor channels (bsc#1201626)
- fix symlinks pointing to ongres-stringprep
- Modify parameter type when communicating with the search server (bsc#1187028)
- Fix initial profile and build host on Image Build page (bsc#1199659)
- Fix the confirm message on the refresh action by adding a link to pending actions on it (bsc#1172705)
- require new salt-netapi-client version
- Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)

spacewalk-search:

Version 4.2.8-1
- Add methods to handle session id as String

spacewalk-web:

Version 4.2.29-1
- Fix packaging issues to address CVE-2021-43138 (bsc#1200480)
- Upgrade shell-quote to fix CVE-2021-42740 (bsc#1203287)
- Upgrade moment to fix CVE-2022-31129 (bsc#1203288)
- Fix table header layout for unselectable tables
- Fix initial profile and build host on Image Build page (bsc#1199659)

susemanager:

Version 4.2.36-1
- add missing packages on SLES 15
- remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
- mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573)
- add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
- remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000
- add openSUSE 15.4 product (bsc#1201527)
- add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)

susemanager-doc-indexes:

Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464)
Documented how to onboard Ubuntu clients with the Salt bundle as a regular user
Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user
Fixed the names of updates channels for Leap
Fixed errors in OpenSCAP chapter of Administration Guide
Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
Removed CentOS 8 from the list of supported client systems
Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
Reverted single snippet change for two separate books
Added extend Salt Bundle functionality with Python packages using pip
Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
Salt Configuration Modules are no longer Technology Preview in Salt Guide.
Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532)
In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly.
Removed SUSE Linux Enterprise 11 from the list of supported client systems

susemanager-docs_en:

Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464)
Documented how to onboard Ubuntu clients with the Salt bundle as a regular user
Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user
Fixed the names of updates channels for Leap
Fixed errors in OpenSCAP chapter of Administration Guide
Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin
Removed CentOS 8 from the list of supported client systems
Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210)
Reverted single snippet change for two separate books
Added extend Salt Bundle functionality with Python packages using pip
Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH
Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin
Salt Configuration Modules are no longer Technology Preview in Salt Guide.
Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)
Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532)
In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly.
Removed SUSE Linux Enterprise 11 from the list of supported client systems

susemanager-schema:

Version 4.2.24-1
- Fix migration of image actions (bsc#1202272)

susemanager-sls:

Version 4.2.27-1
- Copy grains file with util.mgr_switch_to_venv_minion state apply
- Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle
- Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader
- Fix deploy of SLE Micro CA Certificate (bsc#1200276)

uyuni-common-libs:

Version 4.2.7-1
- Do not allow creating path if nonexistent user or group in fileutils.

Version 4.2.8

apache-commons-csv:

Fix the URL for the package
Declare the LICENSE file as license and not doc

apache-commons-math3:

Fix the URL for the package
Declare the LICENSE file as license and not doc

drools:

Declare the LICENSE file as license and not doc

jakarta-commons-validator:

Declare the LICENSE file as license and not doc

jose4j:

Declare the LICENSE file as license and not doc

kie-api:

Declare the LICENSE file as license and not doc

mvel2:

Declare the LICENSE file as license and not doc

optaplanner:

Declare the LICENSE file as license and not doc

py27-compat-salt:

Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)

python-susemanager-retail:

Update to version 1.0.1653987003.92d4870
- Fix messages and logging in retail_create_delta (bsc#1199727)

smdba:

Declare the LICENSE file as license and not doc
Make EL egginfo removal more generic

spacecmd:

Version 4.2.18-1
- on full system update call schedulePackageUpdate API (bsc#1197507)

spacewalk-admin:

Version 4.2.11-1
- clarify schema upgrade check message (bsc#1198999)

spacewalk-backend:

Version 4.2.23-1
- Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238)
- Fix virt_notify SQL syntax error (bsc#1199528)
- store create-bootstrap logs in spacewalk-debug

spacewalk-branding:

Version 4.2.14-1
- Stylesheets and relevant assets are now provided by spacewalk-web

spacewalk-certs-tools:

Version 4.2.17-1
- use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087)

spacewalk-client-tools:

Version 4.2.19-1
- Update translation strings

spacewalk-java:

Version 4.2.39-1
- Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394)
- Keep the websocket connections alive with ping/pong frames (bsc#1199874)
- Fix missing remote command history events for big output (bsc#1199656)
- Improve CLM channel cloning performance (bsc#1199523)
- fix api log message references the wrong user (bsc#1179962)
- Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646)
- fix download of packages with caret sign in the version due to missing url decode
- Prefer the Salt Bundle with Cobbler snippets configuration (minion_script and redhat_register_using_salt) (bsc#1198646)
- During re-activation, recalculate grains if contact method has been changed (bsc#1199677)
- Hide authentication data in PAYG UI (bsc#1199679)
- autoinstallation: missing whitespace after install URL (bsc#1199888)
- Improved handling of error messages during bootstrapping
- skip forwarding data to scc if no credentials are available
- Change system details lock tab name to lock/unlock (bsc#1193032)
- Added a notification to inform the administrators about the product end-of-life
- Set profile tag has no-mandatory in XCCDF result (bsc#1194262)
- provisioning through proxy should use proxy for self_update (bsc#1199036)
- Allow removing duplicated packages names in the same Salt action (bsc#1198686)
- fix NoSuchElementException when pkg install date is missing
- Improve API documentation
- Fix outdated documentation and release notes links
- Fix error message in Kubernetes VHM creation dialog
- Add createAppStreamFilters() XMLRPC function
- Correct concurrency error on payg taskomatic task for updating certificates (#17783)
- Fix ACL rules for config diff download for SLS files (bsc#1198914)
- fix package selection for ubuntu errata install (bsc#1199049)
- fix invalid link to action schedule
- add schedulePackageUpdate() XMLRPC function (bsc#1197507)
- update server needed cache after adding Ubuntu Errata (bsc#1196977)
- check if file exists before sending it to xsendfile (bsc#1198191)
- Display usertime instead of server time for clm issue date filter (bsc#1198429)
- Redesign the auto errata task to schedule combined actions (bsc#1197429)
- Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248)

spacewalk-search:

Version 4.2.7-1
- Update development configuration file

spacewalk-setup:

Version 4.2.11-1
- spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356)

spacewalk-utils:

Version 4.2.17-1
- spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356)
- spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356)

spacewalk-web:

Version 4.2.28-1
- Stylesheets and relevant assets are now provided by spacewalk-web
- Remove nodejs-packaging as a build requirement
- Hide authentication data in PAYG UI (bsc#1199679)
- Improved handling of error messages during bootstrapping
- Added support for end of life notifications
- Improved test integration for dropdowns
- Upgrade moment to 2.29.2
- Fix outdated documentation and release notes links
- Fix mimetype in kubeconfig validation request (bsc#1199019)

subscription-matcher:

Declare the LICENSE file as license and not doc

susemanager:

Version 4.2.35-1
- Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
Version 4.2.34-1
- mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742)
- add SLED 12 SP3 bootstrap repo definition (bsc#1199438)
Version 4.2.33-1
- Fix issue with bootstrap repo definitions for RHEL/RES8 variants (bsc#1200863)

susemanager-doc-indexes:

Fixed the 'fast' switch ('-f') of the database migration script in the Installation and Upgrade Guides
Updated the Virtualization chapter in the Client Configuration Guide
Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944)
In the Client Configuration Guide, package locking is now supported for Ubuntu and Debian
Fixed VisibleIf documentation in the Formula section of the Salt Guide
Added note about importing CA certifcates in the Installation and Upgrade Guide (bsc#1198358)
Documented how to define monitored targets using the file-based service discovery provided in the Prometheus formula of the Salt Guide
Add note about OpenSCAP security profile support in OpenSCAP section of the Administration Guide
Fixed spacewalk-remove-channel command in Delete Channels section of the Administration Guide (bsc#1199596)
Large deployments guide now includes a mention of the proxy (bsc#1199577)
Enhanced the Product Migration chapter of the Client Configuration Guide with a SUSE Linux Enterprise example

susemanager-docs_en:

Fixed the 'fast' switch ('-f') of the database migration script in the Installation and Upgrade Guides
Updated the Virtualization chapter in the Client Configuration Guide
Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944)
In the Client Configuration Guide, package locking is now supported for Ubuntu and Debian
Fixed VisibleIf documentation in the Formula section of the Salt Guide
Added note about importing CA certifcates in the Installation and Upgrade Guide (bsc#1198358)
Documented how to define monitored targets using the file-based service discovery provided in the Prometheus formula of the Salt Guide
Add note about OpenSCAP security profile support in OpenSCAP section of the Administration Guide
Fixed spacewalk-remove-channel command in Delete Channels section of the Administration Guide (bsc#1199596)
Large deployments guide now includes a mention of the proxy (bsc#1199577)
Enhanced the Product Migration chapter of the Client Configuration Guide with a SUSE Linux Enterprise example

susemanager-schema:

Version 4.2.23-1
- Add schema directory for susemanager-schema-4.2.22

susemanager-sls:

Version 4.2.26-1
- Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782)
Version 4.2.25-1
- use RES bootstrap repo as a fallback for Red Hat downstream OS (bsc#1200087)
- Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686)
- do not install products and gpg keys when performing distupgrade dry-run (bsc#1199466)
- Fix deprecated warning when getting pillar data (bsc#1192850)
- remove unknown repository flags on EL
- add packages.pkgupdate state (bsc#1197507)
Version 4.2.24-1
- Manage the correct minion config file when venv-salt-minion is installed (bsc#1200703)
- Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707)

susemanager-sync-data:

Version 4.2.13-1
- change release status of Debian 11 to released

virtual-host-gatherer:

Declare the LICENSE file as license and not doc

woodstox:

Declare the LICENSE file as license and not doc

xmlpull-api:

Declare the LICENSE file as license and not doc

Version 4.2.7

inter-server-sync:

Version 0.2.1
- Correct sequence in use for table rhnpackagekey(bsc#1197400)
- Make Docker image export compatible with Suse Manager 4.2
Version 0.2.0
- Allow images export and import (os based and Docker)

salt-netapi-client:

Improve the hotfix for bsc#1192550 (bsc#1197449):

smdba:

Don’t package egg-info file for Enterprise Linux.

spacecmd:

Version 4.2.17-1
- parse boolean paramaters correctly (bsc#1197689)

spacewalk-backend:

Version 4.2.21-1
- Improve parsing deb packages dependencies (bsc#1194594)

spacewalk-certs-tools:

Version 4.2.16-1
- Add Salt Bundle support to bootstrap script generator

spacewalk-java:

Version 4.2.35-1
- Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629)(CVE-2022-31248)
- Add rate-limiting to frontend logging (bsc#1199512)(CVE-2022-21952)
- faster display installable packages list (bsc#1187333)
- Pass ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to the generated roster files to enable optional Salt Bundle support with Salt SSH
- Fix reboot time on salt-ssh client(bsc#1197591)
- detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488)
- Allow monitoring entitlement for debian 11 and 10
- Hide private methods in XMLRPC handlers
- Warning log when hardware refresh result is not serializable
- Optimize adding new products function (bsc#1193707)

spacewalk-utils:

Version 4.2.16-1
- Add Debian 11 repositories

spacewalk-web:

Version 4.2.27-1
- increase web page default timeout (bsc#1187333)
- Add ssh_salt_pre_flight_script and ssh_use_salt_thin parameters to default rhn_web.conf
- Upgrade minimist to fix CVE-2021-44906
- susemanager-nodejs-sdk-devel is now provided by spacewalk-web
- Resolve race conditions in CLM (bsc#1195710)

susemanager:

Version 4.2.31-1
- Add Salt Bundle support to mgr-create-bootstrap-repo
- Enable bootstrapping for Debian 11
- fix SLE15 bootstrap repo definition (bsc#1197438)
- Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702)
- Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221)
- Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212)

susemanager-doc-indexes:

In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143)
Documented Autoyast installation features in Autoyast section of the Client Configuration Guide
In Client Configuration Guide document Debian 11 as a supported OS as a client
In Client Configuration Guide, clarified client upgrade issues
In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients
In Client Configuration Guide, mark the applying patches features as supported on Ubuntu
SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation.

susemanager-docs_en:

In the Administration Guide, documented that monitoring tools are available in SUSE Linux Enterprise 12 and 15 and openSUSE Leap 15, but Grafana is not available on Proxy (bsc#1191143)
Documented Autoyast installation features in Autoyast section of the Client Configuration Guide
In Client Configuration Guide document Debian 11 as a supported OS as a client
In Client Configuration Guide, clarified client upgrade issues
In Client Configuration Guide, added information about registration of version 12 of SUSE Linux Enterprise clients
In Client Configuration Guide, mark the applying patches features as supported on Ubuntu
SLE Micro in Client Configuration Guide: Update version number from 5.0 to 5.1, and warn about Salt installation.

susemanager-schema:

Version 4.2.22-1
- Add schema directory for susemanager-schema-4.2.21

susemanager-sls:

Version 4.2.22-1
- Add Salt Bundle support on bootstrapping
- Add Salt SSH with Salt Bundle support
- Add util.mgr_switch_to_venv_minion state to switch salt minions to use the Salt Bundle
- Fix bootstrap repository path resolution for Oracle Linux
- Handle salt bundle in set_proxy.sls

susemanager-sync-data:

Version 4.2.12-1
- change release status of EL 7 and 8 aarch64 to released
- change release status of Rocky Linux 8 x86_64 to released
- add Debian 11 amd64

virtual-host-gatherer:

Version 1.0.23-1
- reformat the first 3 groups of the UUID for hardware versions >=13 in VMWare environment.
- Fix shebangs to use python3
- Implement libvirt module

Version 4.2.6

c3p0:

Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19
- Address CVE-2018-20433
- Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198)
- Properly implement the JDBC 4.1 abort method

grafana-formula:

Version 0.7.0
- Add SLES 15 SP4 and openSUSE Leap 15.4 to supported versions

hub-xmlrpc-api:

Updated to build on Enterprise Linux 8.

inter-server-sync:

Version 0.1.0
- Allow export and import of configuration channels
- Clean lookup cache after processing a channel (bsc#1195750)
- Improve lookup method for generate foreign key export
Adapted for build on Enterprise Linux 8.

mgr-osad:

Version 4.2.8-1
- Fix the condition for preventing building python 2 subpackage for SLE15

mgr-push:

Version 4.2.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15

patterns-suse-manager:

Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter

prometheus-exporters-formula:

Version 1.2.0
- Postres exporter package was renamed for RedHat
Version 1.1.0
- Postgres exporter package was renamed for SLES/openSUSE

py26-compat-msgpack-python:

Adapted to build on OBS for Enterprise Linux.

rhnlib:

Version 4.2.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15

saltboot-formula:

Update to version 0.1.1645440615.7f1328c
- skip device lookup for correctly provided devices
- improve image url modifications - preparation for ftp/http changes
Skip device lookup if correct path to device is already provided (bsc#1195757)
Improve image url modifications

smdba:

Version 1.7.10
- adapt pgtune using new defaults for new postgres versions
- support special configuration for SSD storage
- make argument "--backup-dir" symlink aware
Version 1.7.9
Allow different standard configuration file location for other OSes

spacecmd:

Version 4.2.16-1
- implement system.bootstrap (bsc#1194909)
- Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363)

spacewalk-admin:

Version 4.2.10-1
- wait after copying the CA to give systemd time to finish automation

spacewalk-backend:

Version 4.2.20-1
- Fix reposync update notice formatting and date parsing (bsc#1194447)
- implement more decompression algorithms for reposync (bsc#1196704)
- enable check for client certificates in reposync
- remove auto inherit of host entitlements for virtual guests

spacewalk-branding:

Version 4.2.13-1
- Fix modal footer misalignment

spacewalk-certs-tools:

Version 4.2.15-1
- Add dynamic version for bootstrap script header (bsc#1186336)

spacewalk-client-tools:

Version 4.2.18-1
- Fix the condition for preventing building python 2 subpackage for SLE15
Version 4.2.17-1
- Update translation strings

spacewalk-config:

Version 4.2.6-1
- Upgrade build tooling, and corresponding cache configuration

spacewalk-java:

Version 4.2.34-1
- Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk
- update last checkin only if job is successful (bsc#1197007)
- Fix NPE when accessing cancelled action via system history (bsc#1195762)
- CVE Audit: Show patch as available in the currently installed product even if successor patch affects additional packages (bsc#1196455)
- send notifications for new or changed ubuntu errata (bsc#1196977)
- change directory owner and permissions only when needed
- Fixed broken help link for system overview
- Provide link to Sync page when unsynced patches message show up (bsc#1196094)
- fix class cast exception during action chains (bsc#1195772)
- Finding empty profiles by mac address must be case insensitive (bsc#1196407)
- prepare to use new postgresql-jdbc driver with stringprep and saslprep support (bsc#1196693)
- allow SCC to display the last check-in time for registered systems
- generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909)
- Provide link for CVEs
- Fix lock/unlock scheduling on page Software Packages Lock (bsc#1195271)
- When adding a product, check if the new vendor channels conflicts with any of the existing custom channel (bsc#1193448)
- Fix disappearing metadata key files after channel change (bsc#1192822)
- Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
- Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)
- Fix virtualization list rendering for foreign systems (bsc#1195712)
- FIX errors when an image profile / store is deleted during build / inspect action (bsc#1191597, bsc#1192150)
- Remove verbose token log (bsc#1195666)
- fix ClassCastException during action processing (bsc#1195043)

spacewalk-web:

Version 4.2.26-1
- Provide link to Sync page when unsynced patches message show up (bsc#1196094)
- Provide a search box on section name for Formulas content
- Add expand/collapse all button for formula sections
- Improved large data support in channel selection
- Provide link for CVEs
- Improved error handling in the product setup page
- Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
- susemanager-web-libs is now packaged as a part of spacewalk-html

subscription-matcher:

Version 0.29
- Migration to log4j 2
Version 0.28
- Support both antlr3-java and antlr3-runtime as dependencies
- Make it obvious that log4j12 is used

supportutils-plugin-susemanager:

Version 4.2.4-1
- Get version of bootstrap scripts for supportconfig (bsc#1186336)

suseRegisterInfo:

Version 4.2.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15

susemanager:

Version 4.2.28-1
- set default for registration batch size

susemanager-doc-indexes:

Renamed golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter in the Administration Guide
Clarified in Client Configuration Guide and Retail Guide that mandatory channels are automatically checked. Also recommended channels as long as they are not deactivated (bsc#1173527)
In Custom Channels chapter of the Administration Guide, provide information about creating metadata (bsc#1195294)
In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12
Documented GPG encrypted Salt Pillars in the Salt book
In Client Configuration Guide, fixed channel configuration and registration of Expanded Support clients
Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067)
In Throubleshooting Synchronization chapter in the Administration Guide added instructions for GPG removal
In Client Configuration Guide, integrated SUSE Linux Enterprise Micro Client documentation next to SUSE Linux Enterprise Client documentation and other related documentation improvements (bsc#1195145)
Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide
Add troubleshooting section about avoiding package conflicts with custom channels

susemanager-docs_en:

Renamed golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter in the Administration Guide
Clarified in Client Configuration Guide and Retail Guide that mandatory channels are automatically checked. Also recommended channels as long as they are not deactivated (bsc#1173527)
In Custom Channels chapter of the Administration Guide, provide information about creating metadata (bsc#1195294)
In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12
Documented GPG encrypted Salt Pillars in the Salt book
In Client Configuration Guide, fixed channel configuration and registration of Expanded Support clients
Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067)
In Throubleshooting Synchronization chapter in the Administration Guide added instructions for GPG removal
In Client Configuration Guide, integrated SUSE Linux Enterprise Micro Client documentation next to SUSE Linux Enterprise Client documentation and other related documentation improvements (bsc#1195145)
Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide
Add troubleshooting section about avoiding package conflicts with custom channels

susemanager-schema:

Version 4.2.21-1
- fix check on allowVendorChange
- fix advisory status migration (bsc#1195765)
- FIX error when an image profile / store is deleted during build / inspect action (bsc#1191597, bsc#1192150)

susemanager-sls:

Version 4.2.21-1
- Improve pkgset beacon with using salt.cache to notify about the changes made while the minion was stopped
- Align the code of pkgset beacon to prevent warnings (bsc#1194464)
- fixing how the return code is returned in mgrutil runner (bsc#1194909)
- Fix errors on calling sed -E … by force_restart_minion with action chains
- Avoid using lscpu -J option in grains (bsc#1195920)
- Postgres exporter package was renamed
- fix deprecation warnings

virtualization-formulas:

Update to version 0.6.2
- Ensure qemu-ksm is installed on host

Version 4.2.5

c3p0:

Build with log4j mapper

dhcpd-formula:

Update to version 0.1.1641480250.d5bd14c
- make routers option optional

hibernate5:

Fix potential SQL injection CVE-2020-25638 (bsc#1193832)

mgr-libmod:

Version 4.2.7-1
- require python macros for building

mgr-osad:

Version 4.2.7-1
- Do not build python 2 package for SLE15SP4 and higher
- require python macros for building

mgr-push:

Version 4.2.4-1
- Do not build python 2 package for SLE15SP4 and higher

py27-compat-salt:

Fix inspector module export function (bsc#1097531)
Fix possible traceback on ip6_interface grain (bsc#1193565)
Don’t check for cached pillar errors on state.apply (bsc#1190781)
Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution
Add "--no-return-event" option to salt-call to prevent sending return event back to master.
Make "state.highstate" to acts on concurrent flag.
Fix the regression with invalid syntax in test_parse_cpe_name_v23.
Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
Fix the regression of docker_container state module (bsc#1191285)

rhnlib:

Version 4.2.5-1
- do not build python 2 package for SLE15

salt-netapi-client:

Hotfix (bsc#1192550):
Version 0.19.0
- See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0

saltboot-formula:

Update to version 0.1.1637232240.87d79ed
- Prevent python failure under some circumstances when filesystem was not set (bsc#1192440)
- Add missing boot_images option in SLE11 saltboot version

spacecmd:

Version 4.2.15-1
- require python macros for building

spacewalk-backend:

Version 4.2.19-1
- Retrieve and store copyright information about patches
- SLES PAYG client support on cloud
- Add headers to update proxy auth token in listChannels (bsc#1193585)
- require python macros for building
- exchange zypp-plugin dependency to use the python3 version (bsc#1192514)

spacewalk-branding:

Version 4.2.12-1
- Fix header search autofocus

spacewalk-client-tools:

Version 4.2.16-1
- do not build python 2 package for SLE15
- require python macros for building

spacewalk-config:

Version 4.2.5-1
- add migration for changed rhn.conf values

spacewalk-java:

Version 4.2.32-1
- Pass only selected servers to taskomatic for cancelation (bsc#1194044)
- Added rights field to generated updateinfo.xml to handle copyright
- provide static configuration key name for SSHMinionActionExecutor parallel threads
- Add support for custom SSH port for SSH minions
- add ubuntu errata data and install handling
- Fix stack overflow when building a CLM project from modular sources (bsc#1194990)
- SLES PAYG client support on cloud
- Change order of 'Relevant' and 'All' in patches menu
- Handle multiple Kiwi bundles (bsc#1194905)
- Install product by default after a channel is subscribed
- Improve token validation logs
- fix possible race condition in job handling (bsc#1192510)
- Migrate the displaying of the date/time to rhn:formatDate
- Add additional matchers to package (nevra) filter
- Add greater equals matcher to package (nevra) filter
- fix XML syntax in cobbler snippets (bsc#1193694)
- Add new endpoints to packages API: schedulePackageLockChange, listPackagesLockStatus
- Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487)
- Fix stripping module metadata when cloning channels in CLM (bsc#1193008)
- UI and API call for changing proxy
- require postgresql14 on SLE15 SP4
- Update proxy path on minion connection
- fix actionchain stuck in pending/picked up (bsc#1189561)
- fix parsing error by making SCAP Profile description attribute optional (bsc#1192321)
- Show salt ssh error message in failed action details

spacewalk-reports:

Version 4.2.7-1
- Fixes query for system-history report to prevent more than one row returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192)

spacewalk-search:

Version 4.2.6-1
- Rename jakarta to apache on SPEC

spacewalk-setup:

Version 4.2.10-1
- During upgrade, set tomcat connector connectionTimeout to 900000 if the previous values is the old default (20000)

spacewalk-utils:

Version 4.2.15-1
- require python macros for building

spacewalk-web:

Version 4.2.25-1
- Add support for custom SSH port for SSH minions
- SLES PAYG client support on cloud
- Migrate the displaying of the date/time to rhn:formatDate, get rid of the legacy fmt:formatDate glue
- Fix header search autofocus
- Fix virtual systems list request error (bsc#1194397)
- UI for changing proxy
- Fix legacy timepicker passing wrong time to the backend if server and user time differ (bsc#1192699)
- Fix legacy timepicker passing wrong time to the backend if selected date is in summer time (bsc#1192776)

suseRegisterInfo:

Version 4.2.5-1
- require python macros for building
- Do not build python 2 package for SLE15 and higher

susemanager:

Version 4.2.27-1
- mgr-setup: do not concanate www and apache groups (bsc#1195171)
- fix pg-migrate to check version of postgresql??-server (bsc#1192368)
- remove obsoleted sysv init script (bsc#1191857)

susemanager-doc-indexes:

Added instructions for Pay-as-you-go to the Installation Guide
In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients
Documented moving Salt clients between proxies in the Client Configuration Guide
Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server
In the Retail Guide, adjust branch server version numbers (bsc#1193292)

susemanager-docs_en:

Added instructions for Pay-as-you-go to the Installation Guide
In the Client Configuration Guide, documented finding channel names for registering older SUSE Linux Enterprise clients
Documented moving Salt clients between proxies in the Client Configuration Guide
Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
In the Troubleshooting section of the Client Configuration Guide, documented that SUSE Linux Enterprise Server 11 clients require previous SSL versions installed on the server
In the Retail Guide, adjust branch server version numbers (bsc#1193292)

susemanager-schema:

Version 4.2.20-1
- Added rights column to rhnerrata to handle copyright information
- Add support for custom SSH port for SSH minions
- add ubuntu errata data and install handling
- SLES PAYG client support on cloud
- Replace not existing Asia/Beijing timezone with Asia/Shanghai (bsc#1194862)
- Continue with index migration when the expected indexes do not exist (bsc#1192566)
- Fix changing of existing proxy path
- Add pillars to Apply States action
- Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612)

susemanager-sls:

Version 4.2.20-1
- Handle multiple Kiwi bundles (bsc#1194905)
- enforce correct minion configuration similar to bootstrapping (bsc#1192510)
- Add state for changing proxy
- Update proxy path on minion connection
- Fix problem installing/removing packages using action chains in transactional systems

uyuni-common-libs:

Version 4.2.6-1
- Read modularity data from DISTTAG tag as fallback (bsc#1192487)
- require python macros for building

uyuni-config-formula:

Version 0.2
- support to manager activation keys

Version 4.2.4

grafana-formula:

Add SSH blackbox status check panel to clients dashboard
Migrate deprecated panels in clients dashboard

patterns-suse-manager:

Add prometheus-blackbox_exporter as recommended for the Proxy

prometheus-formula:

Fix opening Prometheus ports on proxy
Add Prometheus targets configuration for minions SSH probing
Add blackbox exporter
Open Prometheus ports (bsc#1191144)

py27-compat-salt:

Remove wrong _parse_cpe_name from grains.core
Fix file.find tracebacks with non utf8 file names (bsc#1190114)
Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
Added Python2 build possibility for RHEL8
Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
Fix traceback.*_exc() calls

spacecmd:

Update translation strings

spacewalk-backend:

Reposync: replace architecture variables in mirror lists
Minor spec update.
Added RHN config parameter httpd_config_dir.
Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538)
Improved the diskcheck script to return an exit value and to allow performing the check without sending notification

spacewalk-certs-tools:

Make bootstrap script to use bash when called with a different interpreter (bsc#1191656)
set key format to PEM when generating key for traditional clients push ssh (bsc#1189643)

spacewalk-client-tools:

Update translation strings

spacewalk-java:

Fix calling wrong XMLRPC bootstrap method (bsc#1192736)
Fix package update action with shared channels (bsc#1191313)
fix openscap scan with tailoring-file option (bsc#1192321)
switch to best repo auth item for contentsources (bsc#1191442)
Implement using re-activation keys when bootstrapping with the Web UI or XMLRPC API
update last boot time of SSH Minions after bootstrapping (bsc#1191899)
Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702)
Use an 'allow' filter for the kernel packages with live patching filter templates (bsc#1191460)
Move pickedup actions to history as soon as they are pickedup (bsc#1191444)
fix issue with empty action chains getting deleted too early (bsc#1191377)
Set product name and version in the User-Agent header when connecting to SCC
On salt-ssh minions, enforce package list refresh after state apply
Run Prometheus JMX exporter as Java agent (bsc#1184617)
Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
Hide link to CLM live patching template in system details for products that don’t support live patching (bsc#1190866)
Execute the diskcheck script at login to validate the available space
Trigger reboot needed message also when installhint is available on package level
Add Content Lifecycle Management filter for package provides and use it in live patching filter template
Allow usage of jinja template in Salt config channels
Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951)
mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222)
Readable error when "mgr-sync add channel" is called with a non-existing label (bsc#1173143)

spacewalk-reports:

Improve performance of inventory report (bsc#1191495)

spacewalk-setup:

Increase "max_event_size" value for the Salt master (bsc#1191340)
Leave Cobbler bootloader directory at the default (bsc#1187708)
Don’t delete cobbler.conf contents.
Fixed FileNotFoundError on cobbler setup.
cobbler20-setup was removed
spacewalk-setup-cobbler was reimplemented in Python
Config files for Cobbler don’t get edited in place anymore, thus the original ones are saved with a ".backup" suffix

spacewalk-web:

Implement using re-activation keys when bootstrapping with the Web UI
Disable the SPA engine for download links (bsc#1190964)
Fix CLM filter edit modal opening (bsc#1190867)
Display a warning in the login page if the available disk space on the server is running out
add Content Lifecycle Management filter for package provides

susemanager:

Reorganize bootstrap SSL state
Add missing packages on SSL bootstrap of Debian-10 and SLES-15
Update translation strings

susemanager-doc-indexes:

Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook
Fixed base channel label for Red Hat 8 products in the Client Configuration Guide
In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures.
Warn about building ARM images on aarch64 architecture in the Administration Guide
Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide
Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide
In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465)
Reactivation key in the Web UI added to the Client Configuration Guide
Updated the 'max_connections' section of the Salt Guide (bsc#1191267)
In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665)
In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably.
Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)
Documented new filter in the Content Lifecycle Management chapter of the Administration Guide

susemanager-docs_en:

Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat Enterprise Linux 7 in Keeping Clients updated section of the Cookbook
Fixed base channel label for Red Hat 8 products in the Client Configuration Guide
In the Client Configuration Guide, move the information about requiring Python to the section covering WebUI registration procedures.
Warn about building ARM images on aarch64 architecture in the Administration Guide
Added DNS resolution for minions to the Troubleshooting section of the Client Configuration Guide
Documented low on disc space warnings in the Managing Disk Space chapter in Administration Guide
In the Installation Guide, fix slow downloads via proxy when huge files are requested (bsc#1185465)
Reactivation key in the Web UI added to the Client Configuration Guide
Updated the 'max_connections' section of the Salt Guide (bsc#1191267)
In the ports section of the Installation Guide, mention "tftpsync" explicitly for port 443 (bsc#1190665)
In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to refresh repositories reliably.
Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)
Documented new filter in the Content Lifecycle Management chapter of the Administration Guide

susemanager-schema:

Add schema directory for susemanager-schema-4.2.18

susemanager-sls:

fix openscap scan with tailoring options (bsc#1192321)
Fix virt_utils module python 2.6 compatibility (bsc#1191123)
Implement using re-activation keys when bootstrapping
Add missing compressed_hash value from Kiwi inspect (bsc#1191702)
Don’t create skeleton /srv/salt/top.sls
Run Prometheus JMX exporter as Java agent (bsc#1184617)
Replace FileNotFoundError by python2-compatible OSError (bsc#1191139)

susemanager-sync-data:

add SLES15 SP2 LTSS
use mirrorlist URLs for Alma Linux 8

Version 4.2.3

cobbler:

Fixed modify_setting test to complete successfully

hub-xmlrpc-api:

Use rpm systemd macro to restart service in replace of systemctl

patterns-suse-manager:

Virtualization-host-formula was renamed to virtualization-formulas

py26-compat-salt:

Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)

py26-compat-tornado:

Added compatibility to Enterprise Linux 8

py27-compat-salt:

Fix the regression of docker_container state module
Support querying for JSON data in external sql pillar
Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)
Fix wrong relative paths resolution with Jinja renderer when importing subdirectories

spacecmd:

Version 4.2.13-1
- Update translation strings
- configchannel_updatefile handles directory properly (bsc#1190512)
- Add schedule_archivecompleted to mass archive actions (bsc#1181223)
- Remove whoami from the list of unauthenticated commands (bsc#1188977)

spacewalk-admin:

Version 4.2.9-1
- Fix setup with rhn-config-satellite (bsc#1190300)
- Allow admins to modify only spacewalk config files with rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)

spacewalk-backend:

Version 4.2.17-1
- Update translations strings
- handle download of metadata filesnames with checksums (bsc#1188315)
- Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)

spacewalk-certs-tools:

Version 4.2.13-1
- add GPG keys using apt-key on debian machines (bsc#1187998)

spacewalk-client-tools:

Version 4.2.14-1
- Update translation strings

spacewalk-java:

Version 4.2.30-1
- Fix datetime format parsing with moment (bsc#1191348)
Version 4.2.29-1
- Update translation strings
- fix logging of the spark framework and map requests to media.1 directory in the download controller (bsc#1189933)
- Add 'Last build date' column to Content Lifecycle Management project list (jsc#PM-2644) (jsc#SUMA-61)
- Improve exception handling and logging for mgr-libmod calls
- Add checksums to repository metadata filenames (bsc#1188315)
- Fix ISE in product migration if base product is missing (bsc#1190151)
- use TLSv1.3 if it is a supported Protocol
- Adapt auto errata update to respect maintenance windows
- Adapt auto errata update to skip during Content Lifecycle Management build (bsc#1189609)
- add CentOS 7/8 aarch64
- add Oracle Linux 7/8 aarch64
- add Rocky Linux 8 aarch64
- add AlmaLinux 8 aarch64
- add Amazon Linux 2 aarch64
- Add new endpoints to saltkeys API: acceptedList, pendingList, rejectedList, deniedList, accept and reject
- fix issue in SSM when scheduling patches on multiple systems (bsc#1190396, bsc#1190275)
- Add 'Flush cache' option to Ansible playbook execution (bsc#1190405)
- Update kernel live patch version on minion startup (bsc#1190276)
- Allow getting all completed actions via XMLRPC without display limit (bsc#1181223)
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- Add XMLRPC API to force refreshing pillar data (bsc#1190123)
- Add missing string on XCCDF scan results (bsc#1190164)
- Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572)
- Improved timezone support
- implement package locking for salt minions

spacewalk-utils:

Version 4.2.14-1
- When renaming: don’t regenerate CA, allow using third-party certificate and trigger pillar refresh (bsc#1190123)

spacewalk-web:

Version 4.2.23-1
- Fix datetime format parsing with moment (bsc#1191348)
Version 4.2.22-1
- Add 'Last build date' column to Content Lifecycle Management project list (jsc#PM-2644) (jsc#SUMA-61)
- Fix 'Type' input in Content Lifecycle Management source edit form (bsc#1190820)
- Add 'Flush cache' checkbox to Ansible playbook execution page (bsc#1190405)
- Fix the VM creation and editing submit button action (bsc#1190602)
- Improved timezone support
- Enhance the default base channel help message (bsc#1171520)

subscription-matcher:

Version 0.27
- update subscription rules for new SKUs (bsc#1189818)

supportutils-plugin-susemanager:

Version 4.2.3-1
- detect broken symlinks in tomcat, taskomatic and search daemon

susemanager:

Version 4.2.24-1
- Fix syntax error on migration script (bsc#1191551)
Version 4.2.23-1
- Add aarch64 bootstrap repositories for CentOS 7/8, Oracle Linux 7/8, Rocky Linux8, AlmaLinux8, Amazon Linux 2 and openSUSE Leap 15.3
- Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998)
- Add SLE 15 SAP Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2Crypto (bsc#1189422)

susemanager-doc-indexes:

Added aarch64 support for selection of clients in the Installation Guide and Client Configuration Guide
Documented Amazon Web Services permissions for Virtual Host Manager in the Virtual Host Manager and Amazon Web Service chapters in the Client Configuration Guide
Fixed unpublished patches note in the server update chapter of the Upgrade Guide
Updated Proxy installation screenshots to reflect SUSE Manager 4.2 version in the Installation Guide
Updated migration instructions to help avoid migration from Proxy 4.0 to 4.1 if 4.2 is already available to the Upgrade Guide
Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166)
Removed Portus and CaaSP references from the image management chapter of the Administration Guide
Documented package lock as a supported feature for some Salt clients in the Client Configuration Guide.

susemanager-docs_en:

Added aarch64 support for selection of clients in the Installation Guide and Client Configuration Guide
Documented Amazon Web Services permissions for Virtual Host Manager in the Virtual Host Manager and Amazon Web Service chapters in the Client Configuration Guide
Fixed unpublished patches note in the server update chapter of the Upgrade Guide
Updated Proxy installation screenshots to reflect SUSE Manager 4.2 version in the Installation Guide
Updated migration instructions to help avoid migration from Proxy 4.0 to 4.1 if 4.2 is already available to the Upgrade Guide
Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166)
Removed Portus and CaaSP references from the image management chapter of the Administration Guide
Documented package lock as a supported feature for some Salt clients in the Client Configuration Guide.

susemanager-schema:

Version 4.2.18-1
- create unique index on package details action id (bsc#1190396, bsc#1190275)
- Add 'flush_cache' flag to Ansible playbook execution action (bsc#1190405)
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- allow Ansible Control Node entitlement for aarch64, ppc64le and s390x (bsc#1189799)
- implement package locking for salt minions

susemanager-sls:

Version 4.2.17-1
- Fix cpuinfo grain and virt_utils state python2 compatibility (bsc#1191139, bsc#1191123)
- deploy certificate on SLE Micro 5.1
- Realign pkgset cookie path for Salt Bundle changes
- Fix pkgset beacon to work with salt-minion 2016.11.10 (bsc#1189260)
- Fix virt grain python2 compatibility
- Fix mgrcompat state module to work with Salt 3003 and 3004
- Add 'flush_cache' flag to 'ansible.playbooks' call (bsc#1190405)
- Update kernel live patch version on minion startup (bsc#1190276)
- don’t use libvirt API to get its version for the virt features grain
- implement package locking for salt minions

susemanager-sync-data:

Version 4.2.9-1
- add CentOS 7/8 aarch64
- add Oracle Linux 7/8 aarch64
- add Rocky Linux 8 aarch64
- add AlmaLinux 8 aarch64
- add Amazon Linux 2 aarch64

Version 4.2.2

branch-network-formula:

Use kernel parameters from PXE formula also for local boot

cobbler:

Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root (bsc#1189458, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)
This patch introduces a regression where valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected

cpu-mitigations-formula:

Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

openvpn-formula:

Changed package to noarch.

prometheus-exporters-formula:

Fix formula data migration with missing exporter configuration (bsc#1188136)

py26-compat-salt:

Fix error handling in openscap module (bsc#1188647)
Define license macro as doc in spec file if not existing

py27-compat-salt:

Add missing aarch64 to rpm package architectures
Consolidate some state requisites (bsc#1188641)
Fix failing unit test for systemd
Fix error handling in openscap module (bsc#1188647)
Better handling of bad public keys from minions (bsc#1189040)
Define license macro as doc in spec file if not existing

saltboot-formula:

Use kernel parameters from PXE formula also for local boot

spacecmd:

Update translation strings
Make schedule_deletearchived to get all actions without display limit
Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
Use correct API endpoint in list_proxies (bsc#1188042)
Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)

spacewalk-backend:

Update translation strings
Fix typo "verfication" instead of "verification"

spacewalk-certs-tools:

Prepare the bootstrap script generator for Rocky Linux 8

spacewalk-client-tools:

Update translation strings

spacewalk-java:

Show AppStreams tab just for modular channels
Fix Json null comparison in virtual network info parsing (bsc#1189167)
Update translation strings
'AppStreams with defaults' filter template in CLM
Add a link to OS image store dir in image list page
Do not log XMLRPC fault exceptions as errors (bsc#1188853)
XMLRPC: Add call for listing application monitoring endpoints
AppStreams tab for modular channels
Link to CLM filter creation from system details page
Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)
Fix NPE when no redhat info could be fetched
Java enablement for Rocky Linux 8
Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)
Properly handle virtual networks without defined bridge (bsc#1189167)
Mark SSH minion actions when they’re picked up (bsc#1188505)
Add UEFI support for VM creation / editing
Add virt-tuner templates to VM creation
Fix cleanup always being executed on delete system (bsc#1189011)
Warning in Overview page for SLE Micro system (bsc#1188551)
Add support for Kiwi options
Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260)
Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory
Fix entitlements not being updated during system transfer (bsc#1188032)
Simplify the VM creation action in DB
Get CPU data for AArch64
Handle virtual machines running on pacemaker cluster
Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)
Add Beijing timezone to selectable timezones (bsc#1188193)
Fix updating primary net interface on hardware refresh (bsc#1188400)
Fix issues when removing archived actions using XMLRPC api (bsc#1181223)
Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143)

spacewalk-setup:

Enable logging for salt SSH
Increase max size for uploaded files to Salt master

spacewalk-utils:

Add Rocky Linux 8 repositories

spacewalk-web:

Don’t capitalize acronyms
Update translation strings
'AppStreams with defaults' filter template in CLM
Add a link to OS image store dir in image list page
Link to CLM filter creation from system details page
Expose UEFI parameters in the VM creation/editing pages
Add virt-tuner templates to VM creation
Fix cleanup always being executed on delete system (bsc#1189011)
Add support for Kiwi options
Fix virtualization guests to handle null HostInfo
Compare lowercase CPU arch with libvirt domain capabilities
Refresh JWT virtual console token before it expires
Handle virtual machines running on pacemaker cluster

susemanager:

Abort migration if data_directory is defined at the PostgreSQL configuration file
Update translation strings
Add bootstrap repository definitions for Rocky Linux 8

susemanager-build-keys:

Add Debian 11
Add Rocky Linux 8

susemanager-doc-indexes:

Added missing Rocky instructions to the Client Configuration Guide
Updated setup section in the Installation Guide about trouble shooting freely available products
Added channel synchronization warning in the product migration chapter of the Client Configuration Guide
Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)
In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)
Additional information added for Inter Server Sync v2 on limitations and configuration
Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419)
Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)
Corrected the package name for PAM authentication (bsc#1171483)
Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience
In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server
Added a warning on Ansible hardware requirements to the Retail Guide
Improved warning on over-writing images in public cloud in the Client Configuration Guide
Reference Guide: removed underscores in page titles and nav bar links.
Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)
Documented KIWI options and profile selection in Administration Guide
Added note about autoinstallation kernel options and Azure clients
Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription
Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section
In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server
Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)
Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide
Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients

susemanager-docs_en:

Added missing Rocky instructions to the Client Configuration Guide
Updated setup section in the Installation Guide about trouble shooting freely available products
Added channel synchronization warning in the product migration chapter of the Client Configuration Guide
Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)
In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)
Additional information added for Inter Server Sync v2 on limitations and configuration
Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419)
Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)
Corrected the package name for PAM authentication (bsc#1171483)
Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience
In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server
Added a warning on Ansible hardware requirements to the Retail Guide
Improved warning on over-writing images in public cloud in the Client Configuration Guide
Reference Guide: removed underscores in page titles and nav bar links.
Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)
Documented KIWI options and profile selection in Administration Guide
Added note about autoinstallation kernel options and Azure clients
Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription
Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section
In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server
Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)
Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide
Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients

susemanager-schema:

Add Rocky Linux 8 key and vendor
Fix wrongly assigned entitlements due to system transfer (bsc#1188032)
Force a one-off VACUUM ANALYZE
Add Kiwi commandline options to Kiwi profile
Upgrade scripts idempotency fixes
Simplify the VM creation action in DB
Handle virtual machines running on pacemaker cluster
Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)
Add Beijing timezone to selectable timezones (bsc#1188193)

susemanager-sls:

Add Rocky Linux 8 support
Enable logrotate configuration for Salt SSH minion logs
Add UEFI support for VM creation
Add virt-tuner templates to VM creation
Handle more ocsf2 setups in virt_utils module
Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503)
Add findutils to Kiwi bootstrap packages
Remove systemid file on salt client cleanup
Add support for Kiwi options
Skip 'update-ca-certificates' run if the certs are updated automatically
Use lscpu to provide more CPU grains for all architectures
Fix deleting stopped virtual network (bsc#1186281)
Handle virtual machines running on pacemaker cluster

susemanager-sync-data:

Support Rocky Linux 8 x86_64
Add channel family for MicroOS Z
Set OES 2018 SP3 to released

Version 4.2.1

cobbler:

Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679)

mgr-libmod:

Ignore self-dependencies (bsc#1186502)

prometheus-exporters-formula:

Fix null formula data dictionary values (bsc#1186025)
Fix exporter exporter modules configuration

prometheus-formula:

Add docs stings in file SD UI

py26-compat-salt:

Enhance openscap module: add "xccdf_eval" call

py27-compat-salt:

Do noop for services states when running systemd in offline mode (bsc#1187787)
Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787)
Enhance openscap module: add "xccdf_eval" call
Virt: pass emulator when getting domain capabilities from libvirt
Implementation of held/unheld functions for state pkg (bsc#1187813)
Fix exception in yumpkg.remove for not installed package
Fix save for iptables state module (bsc#1185131)
Virt: use /dev/kvm to detect KVM
Zypperpkg: improve logic for handling vendorchange flags
Add bundled provides for tornado to the spec file
Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros
Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
Grains.extra: support old non-intel kernels (bsc#1180650)
Fix missing minion returns in batch mode (bsc#1184659)
Parsing Epoch out of version provided during pkg remove (bsc#1173692)

spacecmd:

Make spacecmd aware of retracted patches/packages

spacewalk-backend:

Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)
Check if batch needs to be imported even after failure (bsc#1183151)
Show better error message when reposync failed

spacewalk-branding:

Add modal dialog CSS style
Change white space behavior on modal bodies

spacewalk-certs-tools:

Generate SSL private keys FIPS 140-2 compatible (bsc#1187593)

spacewalk-java:

Fix NPE error when scheduling ErrataAction from relevant errata page (bsc#1188289)
Bugfix: Prevent "no session" hibernate error on deleting server
Add option to run Ansible playbooks in 'test' mode
New filter template: Live patching based on a system
Adapt generated pillar data to run the new Salt scap state
SP migration: wait some seconds before scheduling "package refresh" action after migration is completed (bsc#1187963)
Cleanup and regenerate system state files when machine id has changed (bsc#1187660)
Manually disable repositories on redhat like systems
Do not update Kickstart session when download after session is complete or failed (bsc#1187621)
Define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441)
Fix the unit test coverage reports
Fix random NullPointerException when rendering page tabs (bsc#1182769)
Add missing task status strings (bsc#1186744)
Show the full state return message for VM actions
Show reposync errors in user notification details
Do not check accessibility of free product repositories (bsc#1182817)

spacewalk-utils:

Use the right URLs for the AlmaLinux 8 Uyuni client tools
Add SLE Updates and Backport Updates repositories for openSUSE Leap 15.3

spacewalk-web:

Add option to run Ansible playbooks in 'test' mode
New filter template: Live patching based on a system
Fix bugged search in formula catalog
Convert Virtualization modal dialogs to react-modal
Update the version for the WebUI

susemanager:

Improve the error management for the PostgreSQL migration script (bsc#1188297)
Add sanity checks in database migration and infere options from system
Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073)
Porting the package to python3 with proper placement compiled python files
Show error message if server migration goes wrong
Update migration script to openSUSE 15.3
Fix message in database migration (bsc#1187451)

susemanager-doc-indexes:

Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)
Add procedure to create cluster managed virtual machine in Client Configuration Guide
Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate.
In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065).
Update OpenSCAP section in the Administration Guide for usability.
Added documentation on new database migration script
Added example for live patching based on a system filter template in content lifecycle management
Added a custom scrape configuration documentation to the Salt guide

susemanager-docs_en:

Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)
Add procedure to create cluster managed virtual machine in Client Configuration Guide
Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate.
In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065).
Update OpenSCAP section in the Administration Guide for usability.
Added documentation on new database migration script
Added example for live patching based on a system filter template in content lifecycle management
Added a custom scrape configuration documentation to the Salt guide

susemanager-schema:

Add 'test' flag to Ansible playbook actions
Use the right URLs for the AlmaLinux 8 Uyuni client tools

susemanager-sls:

Fix parameters for 'runplaybook' state (bsc#1188395)
Fix Salt scap state to use new 'xccdf_eval' function
Fix product detection for native RHEL products (bsc#1187397)
When bootstrapping with ssh-push with tunnel use the port number for fetching GPG keys from the server (bsc#1187441)

susemanager-sync-data:

Set free flag for free products (bsc#1182817)

uyuni-common-libs:

Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)

Major changes since SUSE Manager Server 4.1

New products enabled

SUSE Linux Enterprise 15 SP3
SUSE Linux Enterprise Micro 5.0 (tech preview)
openSUSE Leap 15.3
AlmaLinux 8
Amazon Linux 2
MicroFocus Open Enterprise Server 2018 SP3

Technology Preview: SLE Micro

SUSE Manager 4.2 provides limited support for SLE Micro 5.0 clients. The following features work:

Client registration
Salt remote commands
Formulas and Formulas with Forms
Installed software packages, updates, patches, etc are listed
Refreshing installed package list
Package installation, update, patching, removal
Content Lifecycle Management
State and configuration channels
Autoinstallation with AutoYaST and Yomi

Known issues:

transactional-update versions 3.2.2-1.1 or older contain a bug and will not work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon, which will enable it with Salt and SUSE Manager 4.2.
Package and patch installation, removal and update work but after installation, the WebUI will not show the actual patch state of the system, and it will not notify a reboot is required for those changes to be enabled. As a workaround, you can manually schedule a reboot.
Action chains will fail
Container management. SUSE Manager cannot manage podman containers at the moment but you can use Salt remote commands for that.
Maintenance windows in SLE Micro are currently independent from SUSE Manager’s
First releases of SLE Micro 5.0 contained a broken salt-minion package. Please make sure you use the latest version available in the SLE Micro Update channel.

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

The missing features will be added in upcoming releases of SUSE Manager.

Amazon Linux 2

SUSE Manager is now able to manage Amazon Linux 2 clients as salt-minion or salt-ssh clients, as well as all other features that work for RHEL 7. Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with Amazon Linux 2 clients.

Support for Amazon Linux 2 is currently only available for the x86_64 architecture. New architectures will be added in a future release of SUSE Manager.

AlmaLinux 8

SUSE Manager is now able to manage AlmaLinux 8 clients as salt-minion or salt-ssh clients, as well as all other features that work for RHEL 8. Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with AlmaLinux clients.

AlmaLinux 8 is currently only available for the x86_64 architecture. Support for AlmaLinux 8 will continue to improve, including support for other architectures as they are added to AlmaLinux.

Unsupported products

Red Hat Enterprise Linux 6
SUSE Linux Enterprise Server Expanded Support 6
Oracle Linux 6
CentOS 6
CentOS 8
Ubuntu 16.04
SUSE Linux Enterprise Server 11
Debian 9

We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis.

Deprecated products

Ubuntu 18.04

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Technology Preview: Ansible integration

SUSE Manager uses Salt internally, with the SUSE Manager Server acting as a salt-master, and supports Salt clients both as salt-minion (with agent) and salt-ssh (agentless) clients.

Ansible is another popular automation tool, mainly promoted by other vendors and tools. To lower the barrier of entry for users who want to migrate to SUSE Manager, we have now integrated Ansible in SUSE Manager:

Ansible 2.9 (current LTSS version) is provided in the SUSE Manager Client Tools channel for SLE15
A new system type "Ansible Control Node" has been added. This will automatically install the ansible package and make an Ansible tab show in the System Details
SUSE does not provide Ansible packages for non-SUSE operating systems. Use third-party packages in that case
The "Ansible Control Nodes" must be registered as Salt clients (salt-minon or salt-ssh) in SUSE Manager
Multiple Ansible Control Nodes are supported
Configure the paths to Ansible playbooks and inventories in the Ansible tab of the Ansible Control Nodes to explore and display them
Schedule Ansible playbook execution in your Ansible control nodes as you would do with any other action in SUSE Manager

SUSE Manager uses the AnsibleGate Salt module to execute Ansible playbooks natively.

In SUSE Manager 4.2 GA, Ansible integration is a technology preview that supports a limited subset of functionality and will be enhanced in upcoming maintenance updates and releases. Namely, the following features are not yet supported in this technology preview:

Adding or editing Ansible playbooks from SUSE Manager. Do that in the Ansible control node.
Job templates (passing parameters to Ansible playbooks). You can do that via Salt states using AnsibleGate.
Conditional execution. You can do that via Salt states using AnsibleGate.

Please provide feedback on this feature via your SUSE Customer Service or Sales representatives, SUSE forums, or the upstream Uyuni Project community.

Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server

The "Service Pack Migration" feature has been renamed "Product Migration".

In SUSE Manager 4.2, the Product Migration feature allows two different use cases:

Migration from one service pack to another within the same major version of SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)
Migration from openSUSE Leap to the equivalent version of SLES (e. g. from Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is required, which can be obtained from SCC for free.

Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to SLE 15) is not possible using the Product Migration feature. Use autoinstallation profiles for that.

Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not available at the moment.

"Migrate" has been renamed to "Transfer" to avoid confusion.

Usability

Client systems forwarded to SUSE Customer Center

Until SUSE Manager 4.1, the SUSE Manager Server was listed in SCC but the managed clients were not. This surprised users, who did not understand why clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients connected with SUSE Manager would not.

Responding to this often-asked question and feature request, we have now implemented client list forwarding to SCC in SUSE Manager 4.2.

By default, all the clients (even non-SUSE operating systems) managed by SUSE Manager Server (connected directly or via Proxy or Retail Branch Server) will be listed in SCC. When a client is removed from SUSE Manager, it will also be removed from SCC.

The information transferred is limited to that which is already collected and transferred by SUSEconnect, RMT and SMT:

Client OS name and version
Hostname
Number of CPU sockets
Architecture
UUID of the system
Hypervisor and cloud provider information
Login: SUSE Manager insance id + client system id
Password: random string generated by SUSE Manager. Not used.

This information is used for statisical and product research purposes only.

In case you want to completely disable client list submission to SCC, set this parameter in /etc/rhn/rhn.conf and restart SUSE Manager (spacewalk-service restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an upcoming update in SCC.

Configuration state summary

In SUSE Manager, configuration may come from many different places: SUSE Manager itself, configuration channels assigned to your organization, configuration channels assigned to the system groups your clients belong to, configuration channels assigned directly to a client system or formulas with forms.

When managing a large number of clients distributed across several organizations, with multiple system groups, channels, etc, knowing what is exactly the configuration that will be applied may become a daunting task.

In SUSE Manager 4.2, we have added the configuration state summary to the Highstate page of the client. With this, you can see exactly where state is coming from.

Live patching made easy with filter templates

SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.

Setting up Live Patching requires installing specific kernel versions which are enabled for live patches, and installing the specific live patches.

SUSE Manager 4.2 implements filter templates, which are a set of pre-defined filters for a specific use case. The first filter template we are including in SUSE Manager 4.2 makes it easy to configure live patching for a specific SUSE product (e. g. SLE 15 SP2). New filter templates and additional information about the lifecycle of the live kernel will be added in upcoming versions of SUSE Manager.

Allow setting system primary FQDN

The System > Details > Hardware page allows to view and set the primary FQDN of a client system.

This feature is useful when managing clients which do not know their own external IP address or DNS name, such as client systems on public cloud, or routed clients. The primary FQDN is used to configure the default target address for monitoring.

Calendar widget for maintenance windows

The raw iCal output that was displayed when creating maintenance windows has been replaced with a graphical control ("widget"), making scheduling maintenance windows easier:

An interactive calendar has replaced the display of the iCalendar file in the details view
An interactive web calendar replaces the list of upcoming maintenance windows in the details of a maintenance schedule, and events associated with that schedule are displayed.

Easier system group and configuration channel assignment

We have simplified the screens where system groups and configuration channels were assigned by removing the tabs and subtabs. All the information and actions are now in the same screen.

Enhanced CLM filter list

The Content Lifecycle Management filter list screen how allows filter selection, deletion and sorting and search by project.

Notify beacon for DEB-based clients

While the recommended way to manage clients is to install, remove, patch, etc from SUSE Manager, which triggers the correct actions, sometimes users run the package managers directly. When doing this on Debian and Ubuntu clients, the WebUI showed an outdated package list for some time.

SUSE Manager now hooks directly into the package manager database on the client to identify local package management and trigger a package refresh from the Server to make sure the list of packages is always up to date.

Logging

mgr-create-bootstrap-repo will now log under /var/log/rhn/mgr-create-bootstrap-repo and will rotate the log files daily, keeping an history of 30 days. Clean up any leftover log file in /var/log/rhn/mgr-create-bootstrap-repo.* by archiving or deleting them.

Security: OpenSCAP enhancements

The OpenSCAP auditing feature has been in SUSE Manager for years, relying on content provided externally.

In SUSE Manager 4.2, SUSE is providing SCAP profiles to audit SLES, openSUSE, RHEL, CentOS, Oracle Linux, Ubuntu and Debian. Remediation scripts and Ansible playbooks are also provided.

Check the Administration Guide for more details on how to use this feature:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager/administration/openscap.html

Additionally, OpenSCAP auditing is now possible for multiple Salt clients at the same time using the Systems Set Manager.

Ubuntu Universe repository changes

Ubuntu 20.04 LTS provides the OpenSCAP scanner in the Universe repository, which made mirroring Universe a requirement for OpenSCAP analysis to work on Ubuntu 20.04 LTS clients. We are now providing the OpenSCAP scanner package in the SUSE Manager Client Tools for Ubuntu 20.04 LTS channel, therefore mirroring Ubuntu Universe is no longer required and has become an optional channel.

For users who still want to mirror Ubuntu Universe, we have added the universe-update and universe-security repositories to the Product Wizard, as optional.

Monitoring

Prometheus TLS

Prometheus and the Prometheus formulas now support TLS and basic authentication for HTTP endpoints. This provides a way to securely transfer metrics data.

Updated Prometheus

Prometheus has been updated from version 2.21.1 to version 2.26.0, which brings a number of bugfixes and improvements (such as securing connections using TLS).

For details on what changed in each version between 2.21.1 and 2.26.0, see:

Updated Grafana

Grafana has been updated from version 7.1.5 to version 7.4.2 in the Client Tools channels.

Check the upstream documentation for details on what has changed:

Updated Node Exporter

The Prometheus Node Exporter has been update from version 1.0.1 to version 1.1.2.

Check the upstream documentation for details on what has changed:

Updated Prometheus Exporters formula

The Prometheus Exporters formula can now be used to configure the Prometheus Exporter Exporter (reverse proxy) on Ubuntu clients.

Virtualization

Virtualization in SUSE Manager has received a number of enhancements:

Fine-tuning: CPU pinning and special memory configurations, such as those required when running SAP under KVM, can now be configured with Salt states.
Virtual networks: it is now possible to create, remove and edit virtual networks from the WebUI, and also using Salt states.
Autostart: automatically start needed networks and storage pools when creating/starting a VM
Virtual console: the virtual console monitors virtual machine state changes and can be opened even when the virtual machine is powered off. This helps in debugging startup issues, and allows to manage the VM even when it is running on another virtualization host.
The virtpoller beacon is now removed a replaced by a refresh action.

Custom data as pillar

Traditional stack clients could receive some custom information via macros but this feature was missing on Salt clients.

In SUSE Manager 4.2, we have implemented passing any custom information to Salt clients (both salt-minion and salt-ssh) via pillars:

salt \* pillar.get custom_info:key1
minion:
    val1

Retracted patches

When an operating system vendor releases a new patch, it might happen that the patch has undesirable side effects (security, stability, boot no longer working, etc) on some scenario that was not identified by testing. When that happens (very rarely), vendors typically release a new patch, which may take from hours to days, depending on the internal processes in place by that vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back such patches in minutes by simply removing the bad patch from the repository metadata and resorting to the previously working patch. These patches receive the advisory status "retracted" (instead of the usual "final" or "stable").

SUSE Manager now supports retracted paches across all the lifecycle:

Retracted patches can be synchronized
When a patch is retracted, it will be noted as such with its own specific icon and status
Retracted patches can be cloned

Following the behavior defined in zypper:

Once a retracted patch is installed, it will not be uninstalled unless you uninstall it explicitly. SUSE Manager will never automatically uninstall anything from your systems on its own.
Once a patch has been retracted by the vendor, the retracted patch cannot be installed via normal patch, update and installations.
Retracted patches remain available in the software channels and can be forcefully-installed/updated-to by speficying the exact version you want to install (e. g. by using zypper directly or by using the exact version in a Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly different than usual:

When a Content Lifecycle Management project uses a source channel which contains a now-retracted patch, a warning is displayed so that you are aware you should build and propagate the patch as soon as possible.
When a retracted patch is synchronized, it will not be cloned to the cloned channels by default. You will need to propagate it explicitly, like any other patch.
In contrast, once a retracted patch has been added one Content Lifecycle Management project and the project software channels built, the retracted patch will be automaticaly propagated all the other projects where that (now retracted) patch is available.

API

HTML documentation

The API documentation is now available in HTML format, in addition to the existing PDF document.

The new HTML API documentation includes a search engine too:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager-api/index.html

New API calls

New API calls have been added:

Enhanced config channel API with list assigned groups
Enhanced server group API with config channel and formula access methods
Added an API endpoint to allow/disallow scheduling irrelevant patches
Added APIs to manage retracted patches
Added APIs to set and get the primary FQDN of a given system (system.getNetworkForSystems/system.setPrimaryFqdn)

Removed API calls

The following API functions were deprecated for a long time and have been removed in SUSE Manager 4.2:

ActivationKeyHandler addPackageNames(User loggedInUser, String key, List packageNames)
ActivationKeyHandler removePackageNames(User loggedInUser, String key, List packageNames)
ChannelHandler listRedHatChannels(User loggedInUser)
ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate, String endDate)
ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate)
ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate, String endDate)
ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate)
ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel)
ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid, List<String> channelLabels)
ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate)
ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate, String endDate)
ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List<String> labels)
ChannelSoftwareHandler unsubscribeChannels(User user, List<Integer> sids, String baseChannel, List<String> childLabels)
ErrataHandler listByDate(User loggedInUser, String channelLabel)
KickstartHandler listKickstartableTrees(User loggedInUser, String channelLabel)
ContentSyncHandler synchronizeProductChannels(User loggedInUser)
SystemHandler listBaseChannels(User loggedInUser, Integer sid)
SystemHandler listChildChannels(User loggedInUser, Integer sid)
SystemHandler applyErrata(User loggedInUser, Integer sid, List<Integer> errataIds)
UserHandler getLoggedInTime(User loggedInUser, String login)
SystemHandler setChildChannels(User loggedInUser, Integer sid, List channelIdsOrLabels)
SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)
SystemHandler setBaseChannel(User loggedInUser, Integer sid, String channelLabel)

spacecmd

The spacecmd commandset has been modified to match the current features of the product:

Add group_addconfigchannel and group_removeconfigchannel
Add group_listconfigchannels and configchannel_listgroups
Deprecated "Software Crashes" commands

Translations

SUSE Manager 4.2 is available in English, Simplified Chinese, Japanese and Korean. Additional languages may be available as community translations, which need to be enabled explicitly by a SUSE Manager administrator.

Language selection is per user and can be set in the User Preferences. There are separate settings for the WebUI and the documentation. Command-line tools are displayed in the language defined by the user locale settings.

At the moment, Formulas with Forms are only available in English.

English

As the main language of SUSE Manager, software and documentation are available in English first.

The English documentation is always the most up-to-date and considered authoritative in case of conflict between translation and English.

Simplified Chinese

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Chinese.

Japanese

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Japanese.

Korean

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Korean.

Community translations

The upstream Uyuni Community has translated Uyuni and SUSE Manager to more languages, which have not been reviewed by SUSE.

Since these additional translations have not been reviewed by SUSE, they are shipped in SUSE Manager but disabled by default. Please note these translations may be incomplete and quality may be lower than the official translations.

You need to specify the full list of languages you want to make available to users, including official translations. For instance, to enable community translations for Slovak and Czech, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,zh_CN,ko,ja,sk,cz

A restart of Tomcat is required.

As of SUSE Manager 4.2 GA, the most complete community translations are:

Brazilian Portuguese (pt_BR)
Slovak (sk)
Czech (cz)
Spanish (es)
Italian (it)

You can enhance the community translations, or start a new translation to your language, by translating Uyuni in the openSUSE WebLate instance: https://l10n.opensuse.org/projects/uyuni/

Cobbler

Cobbler has been updated to version 3.1.2, which enhances support for ppc64le, s390x, aarch64 and newer Linux distributions.

You can find a list of changes in the upstream site: https://cobbler.github.io/blog/2020/01/02/cobbler_3.1.1_released.html https://cobbler.github.io/blog/2020/05/27/cobbler_3.1.2_released.html

PostgreSQL 13

The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.2 will refuse to start until the database migration from PostgreSQL 12 (or 10, if upgrading from SUSE Manager 4.0) to PostgreSQL 13 has completed successfully.

Please note the database migration from PostgreSQL 10 (if migrating from SUSE Manager 4.0) or PostgreSQL 12 (if migrating from SUSE Manager 4.1) will rebuild the database indices. This may take several hours if you have thousands of software channels.

SUSE Manager for Retail

SLEPOS 15 SP3 clients

Pre-defined templates for SLEPOS 15 SP3 are now provided. SLEPOS 15 SP3 is supported for 7.5 years since the release date.

SLEPOS 15 aarch64 clients

The 64-bit ARM aarch64 architecture is now supported for SLEPOS clients, in addition to the existing x86_64 architecture.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP3.

Dropped features

Activation key dropped from system details

Activation keys can be used when registering new clients, or re-registering existing clients, to make sure the correct software entitlements, software channels, system groups, etc are applied when they come under SUSE Manager management.

After a client is registered to SUSE Manager, activation keys serve no purpose. Software channels, groups, etc can be changed independently from the activation key.

The fact the activation key remained in the System Details led users to think editing the activation key (e. g. changing the software channels assigned to that activation key) would change what was assigned to that client system. This is not true. To avoid that confusion, the Activation Key field has been removed from the System Details of registered clients.

Activation keys can still be used during client registration.

Software Crashes

The Software Crashes feature, based on the ABRT library, has been dropped in SUSE Manager 4.2. This was a very old feature which only worked on a limited set of clients and required careful configuration to actually submit crash reports to the SUSE Manager Server instead of upstream projects.

After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.2 works with SUSE Manager Proxy 4.1/4.0 and SUSE Manager Retail Branch Server 4.1/4.0 but only for upgrade purposes. The product is not intented to be used in a mixed-version scenario in production. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on https://documentation.suse.com/suma/4.2/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Support for CentOS 8

CentOS 8 will be End of Life on 31st December 2021, ending the SUSE Manager support for this product as well.

We recommend you to migrate your workload to CentOS 8 alternatives (AlmaLinux 8, Rocky Linux 8) as soon as possible so you can continue managing your infrastructure with SUSE Manager.

Please note "end of support" from the SUSE Manager side means these products and their client tools remain available in the SUSE Manager product tree and can still be added, mirrored and used. But in case they stop working at some point in time, support will only be provided as on a best-effort basis (which in general means if the issue can be reproduced with a supported operating system, it will be fixed; but if the issue is specific to the unsupported operating system, a fix should not be expected).

Future deprecation of the traditional stack

This version of SUSE Manager is compatible with Salt and traditional clients. SUSE will deprecate traditional clients and traditional proxies in the next SUSE Manager 4.3 release. The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

Support for SLE Micro

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting or Ansible for automation, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for Ansible package

Ansible package is only L2 supported on SUSE Linux Enteprise 15 SP3 or newer. It is also supported on SUSE Manager Proxy and SUSE Manager Retail Branch Server 4.2 and higher.

Ansible 'package' is not supported on SLE-Micro.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager 4.2 supports RHEL/Oracle Linux 7, 8.

SUSE Manager has the ability to mirror all entitled content for the supported operating systems. Although SUSE Manager doesn’t assign content for specific systems using subscription-manager, it does rely on it initially to retrieve the list of repositories that are available. By utilizing the same EUS channels that Red Hat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE. You may try to register CentOS Stream clients by:

Using the spacewalk-common-channels command-line tool to synchronize the product
Using the CentOS Stream client tools from the upstream Uyuni Project.

Note: Direct sync’ing ULN repos with SUSE Manager are not currently supported. An Oracle Local Distribution for ULN must be used. To set up a local ULN mirror, please consult the Oracle documentation provided at the following link

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS and 20.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.2 on top of an existing SUSE Linux Enterprise Server 15 SP3 is known to generate an incomplete installation. If you require such a setup, please contact SUSE Consulting.

Known issues

Upgrading clients

SUSE Manager 4.2.13 includes Salt 3006.0, which brings along a patch for this Salt update. However, applying this patch through SUSE Manager along with other updates may introduce a well-known issue known as "upgrading Salt with Salt scenario." This scenario can be problematic and may lead to errors similar to the one mentioned below.

...
...
File "/usr/lib/venv-salt-minion/lib64/python3.10/site-packages/salt/loader/context.py", line 72, in value
        return loader.pack[self.name]
    KeyError: '__opts__'

While we address this concern for the salt-minion, it was inadvertently overlooked for the venv-salt-minion. While the upcoming MU will incorporate the necessary fix, it is generally advised to upgrade Salt separately from other updates.

Workaround: Upgrade the salt package separately from other updates, in isolation.

Time Zone selection issue when scheduling actions

The default time zone used for scheduling actions in SUSE Manager is the local time zone of the SUSE Manager itself, instead of the one selected manually by the user. Thus, if a user schedules an action and chooses a different time zone from their default setting, the product will use the SUSE Manager’s local time zone instead of the intended one. This may result in the action occurring at a different time than expected, potentially causing confusion and workflow disruptions.

We are currently working on a solution to address this issue.

CLM and custom repositories

When building a CLM project, if it includes custom channels with custom repositories. The custom repositories might not be selected in the new cloned custom channels. As workaround, one can go to the new cloned custom channels, select the custom repositories and synchronize them.

Bootstrap with web UI using non-root user

Onboarding of clients with the non-root user from SUSE Manager UI fails the following error:

ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"

This only happens when Salt SSH is enabled with the Salt bundle. The root cause of this problem is wrong ownership of salt thin directory when using the salt bundle.

Workaround: Once bootstrap fails, the user can run chown -R $USER:$GROUP /var/tmp/.*_salt once and try onboarding again, it shouldn’t fail this time.

SLE Micro: Server CA certificate

Because of some recent change, the SSL CA certificate from the server never gets deployed into the registered SLE Micro instance during registration, Server SSL CA certificate doesn’t get deployed during registration in case of SLE micro. Therefore this instance will have SSL issues when trying to read the channels assigned by SUSE Manager.

Workaround: The user would need to manually run update-ca-certificate in the SLE Micro instance to get this issue fixed.

SLE Micro: Bootstapping

Bootstrapping of SLE Micro from the UI/API fails with error the following error:

SaltSSHError(3, Error: Unable to download https://susemanager.fqdn:443/pub/repositories/sle/5/2/bootstrap/venv-enabled-x86_64.txt file!

Workaround: User needs to manually configure the salt minion and restarting the service manually.

Salt bundle and autoinstallation snippets

The Cobbler snippets are not able to configure the Salt Bundle on the clients deployed with AutoYaST or Kickstart profile. The fix will be available with 4.2.8 MU. The affected snippets are: minion_script and redhat_register_using_salt.

Log flood

Because of a recent change, rhn_web_ui.log is flooded with token check log messages as the default log level is "info" instead of "warning". Fix is on way its but it wasn’t ready for 4.2.5.

Workaround: Add the following line in /srv/tomcat/webapps/rhn/WEB-INF/classes/log4j.properties

com.suse.manager.webui.controllers.DownloadController = WARN

This line probably already exists there with INFO level, so you might just need to change it to WARN.

After this change, restart the tomcat.

Alma Linux

AlmaLinux 8 repositories URLs have been changed to the use the mirrors list. To use the new URLs on an existing installation, updating and then running "mgr-sync refresh" or waiting for its nightly execution is required. Please update as soon as possible. New updates for AlmaLinux cannot be fetched from the server until this change happened.
Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is providing a broken repository file (containing duplicated identificators). We have already reported this issue to AlmaLinux.

Workaround: Update the package almalinux-release before registering the instance to SUSE Manager so at least the version 8.5-3 is installed.

SLE Micro

SLE Micro is only partially supported. Some WebUI features, such as showing the patch status of the system, or action chains, will not work properly.

This will be fixed in an upcoming release of SUSE Manager.

Translations

Formulas with Forms are only available in English for the time being. This will be solved in an upcoming version of SUSE Manager.

In some cases, translated documentation might not be up to the most recent changes in the English version.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red Hat Enterprise Linux, come with a very large number of packages that may cause taskomatic to run out of memory. If this occurs, we recommended that you increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If taskomatic continues to run out of memory, you can increase the number further. However, keep in mind that this will affect the total memory required by SUSE Manager Server.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features available in the SUSE Manager-provided Salt packages. This is especially important since it will result in the bootstrap repository containing the non-SUSE Salt packages. Therefore, this is an unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt packages from EPEL in advance (for example, by removing the Salt packages in Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS, Oracle Linux or AlmaLinux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works	Fails
RH Satellite 5.x ⇒ SUSE Manager traditional	RH Satellite 5.x ⇒ SUSE Manager Salt minion
SUSE Manager traditional ⇒ SUSE Manager Salt minion

Works

Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE Customer Service or Sales representatives.

You can also provide feedback using SUSE forums, or the upstream Uyuni Project community.

Resources

Latest product documentation: https://documentation.suse.com/suma/4.2/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Frankenstraße 146
D-90461 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Managing Director/Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.