This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • September 2021: 4.2.2 release

  • August 12th, 2021: 4.2.1 release

  • June 21st, 2021: 4.2 GA

About SUSE Manager 4.2

SUSE Manager 4.2, the latest release from SUSE based on SLES 15 SP3 and the Uyuni Project, further delivers best-in-class open source systems management and automation that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a Hybrid Cloud IT infrastructure, SUSE Manager for 4.2 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Integration of Ansible into a SUSE Manager automation environment to protect customer investment and ease migration (Technology Preview)

Configuration and automation platforms have become increasingly important to control an organization’s ever-growing IT landscape. There are a variety of popular tools in the market and companies may have already made investments in a particular tool, one of them being Ansible.

Adopting SUSE Manager, or migrating to it, does not mean that you should necessarily renounce your previous configuration management systems investment. SUSE Manager 4.2 provides support for Ansible packages on SLE and connects to the Ansible control nodes on any supported client operating system to gather inventory, playbooks and manage clients with SUSE Manager.

SUSE Manager 4.2 allows you to simply re-use and run your Ansible playbooks, saving time and resources by consolidating tools while keeping existing automation investments. This means you do not have to re-implement your Ansible automation solution, making migration to the SUSE landscape easier.

Combined with its strong Salt capabilities, it enhances SUSE Manager’s configuration and automation capabilities helping you to orchestrate even the largest environments – across cloud and on-premise.

Enhanced Security and Compliance by providing OpenSCAP content for SLE and other Linux operating systems

OpenSCAP assists administrators and auditors with assessment, measurement, and enforcement of security baseline through audit scans by using content produced by SUSE (for SUSE Linux Enterprise Server) and other Linux operating systems.

Easily checks system security configuration settings and examine systems for signs of compromise by using rules based on standards and specifications. Use the OpenSCAP feature to assess the compliance level of your client systems according to the selected profile and apply remediation scripts and Ansible playbooks to achieve better compliance when needed.

Usability improvements

Knowing what is the precise configuration being applied to a system when you are managing many of them can be challenging: configuration may come from your organization, one of the many system groups, formulas, configuration and state channels or even be assigned directly to the system. Usability enhancements across the SUSE Manager WebUI now provide a clear and direct way of knowing exactly where your configuration states and channels are coming from and easily assign them.

Conveniently find all your systems in the SUSE Customer Center thanks to SUSE Manager 4.2 forwarding the client names, as if they had been directly connected with SUSEconnect, RMT or SMT.

Other usability improvements include better user interface components, configuring commonly-used parameters such as the FQDN of the system and enhanced filter lists.

Enhanced patch management functionality to help customers streamline the use of Live Patching

Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.

Customers need to prepare for reboot ahead of time before the live kernel approaches the end of life. The implementation of the kernel lifecycle and live kernel patch installation feature in SUSE Manager 4.2 enhances its patch management functionality to help customers streamline the use of Live Patching. Customers can now easily identify when a live kernel is approaching the end of life and define a corrective action, for example, schedule a reboot during a maintenance window, all from the UI.

Optimized performance with virtual machine tuning

Virtual Machines can be created quickly and easily but the default configuration settings may not be the best ones for VM performance. To ensure best performance proper VM configuration is needed. With SUSE Manager 4.2 customer can easily configure VMs (for example according to SAP best practices) through the UI. Tuning parameters will include CPU pinning and memory settings to name but a few.

Simplification of openSUSE Leap to SLES migration – Migrate from openSUSE Leap to SLES in just a few clicks

SUSE Manager now enables changing the repository where a package comes from with a simple product migration. This allows you to easily migrate your system from openSUSE Leap to the respective SLES version in just a few clicks. Instead of replacing the repositories and manually re-installing packages, you can now do the migration in a single action.

Expanded operating system support

With more and more workloads moving to cloud, SUSE Manager caters to where your workloads are going. It is silicone and platform agnostic and provides powerful content control – across hypervisors, clouds, or architectures. SUSE Manager 4.2 enhances its cloud capabilities by adding to its extensive list of Linux distributions.

SUSE Manager 4.2 introduces support for Amazon Linux 2 and AlmaLinux 8, further enabling the management of all your Enterprise Linux distributions from a single tool – no matter where they are located. SUSE Manager now supports the management of SLE, RHEL, openSUSE, Oracle Linux, CentOS, AlmaLinux, Ubuntu, Debian, and Amazon Linux.

SUSE Manager is easier than ever to use in the public cloud with usability and user experience improvements, further simplifying the management of your cloud deployments and client onboarding through cloud-init, Terraform and other cloud native mechanisms.

EDGE: SLE Micro Support (Tech preview)

SLE Micro is an ultra-reliable, lightweight operating system purpose built for edge computing. It leverages the enterprise hardened security and compliance components of SUSE Linux Enterprise and merges them with a modern, immutable, developer-friendly OS platform.

SUSE Manager 4.2 provides initial support for SLE Micro 5.0 clients. Not all SUSE Manager functionalities are initially available for SLE Micro.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Installation

Requirements

SUSE Manager Server 4.2 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 3. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x).

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 and 4.1 is supported.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://documentation.suse.com/suma/4.2/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager Server 4.2 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand clients, when deployed according to the instructions in the Installation Guide on https://documentation.suse.com/suma/4.2/. Scaling beyond that number needs special consideration.

For more information and instructions on large-scale deployments, see the Large Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific configuration and tuning for each use case is needed. Please get in touch with SUSE Consulting for the details.

Major changes since SUSE Manager Server 4.2 GA

Features and changes

Version 4.2.2

Rocky Linux support

SUSE Manager 4.2.2 is now able to manage Rocky Linux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8, RHEL 8 or AlmaLinux 8.

Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the Rocky Enterprise Software Foundation "Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America’s top enterprise Linux distribution now that its downstream partner has shifted direction."

Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with Rocky Linux clients.

For now the following architectures are supported: x86_64

Support for Rocky Linux 8 will continue to improve, including support for other architectures.

Technology Preview: Inter-Server Sync v2

SUSE Manager 4.2.2, includes Inter-Server Synchronization version 2. This new version allows exporting software channels between servers without the previous notions of master and slave. Unlike the previous Inter-Server Synchronization, no mandatory direct connection between servers is needed since data are exported and imported in a disconnected mode.

Check the new Inter-Server Syncronization 2 documentation for more information.

Kiwi parameters for OS Image profiles

It is now possible to pass custom kiwi parameters in OS Image profile.

This is particularly helpful to select a specific profile (--profile <profilename>) for Kiwi files with multiple profiles.

Virtualization

Virtualization in SUSE Manager has received some enhancements:

  • UEFI support: UEFI support has been added for VM creation / editing. Please note that Auto discovery of the firmware binary and NVRAM depends on the version of libvirt installed on the minion.

  • virt-tuner templates: virt-tuner template has been added to create the VM. Now user can select the template from the ones supported by the virt-tuner tool.

AppStreams

The content lifecycle project page in the WebUI has been further improved. This page now provides AppStreams with a default filter template. This template creates a module filter for each module in the repository, and specifies the default stream for each module.

Recent cobbler CVEs remediation

In addition to fixing Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root, this release includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.

Salt

Besides number of bug fixes, onlyif/unless behaviour has been unified for 3000, 3002.2 and 3000.3 (used only in py27-compat-salt), it wasn’t the case before and behaviour was different in all and it was pain to deal with it.

Version 4.2.1

Ansible Playbooks

Ansible Playbooks can now run in test mode.

Known issue: When running a playbook in test mode using an Ansible control node that is registered as SSH minion in SUSE Manager, then the action is always reported as failed, even if it succeeds.

Monitoring - Grafana

Grafana was updated from version 7.4.2 to 7.5.7.

Check the upstream documentation for details on what has changed:

Monitoring - Prometheus

Prometheus was updated from version 2.26.0 to 2.27.1.

Important changes:

  • SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

Check the upstream documentation for more details on what has changed:

CLM Filter Templates

Content Lifecycle Management got a new filter template to setup Live Patching based on an existing system.

OpenSCAP Audit

The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files can be defined. Supported options are:

  • --profile <name>

  • --rule <id>

  • --tailoring-file <path>

  • --tailoring-id <id>

  • --fetch-remote-resources

  • --remediate

You can provide additional OVAL files paths to prevent using --fetch-remote-resource when the file is locally available.

Product Wizard

Free accessible Open source Products are now always visible in the Product Wizard. The accessibility check, that existed to speed up the product refresh, is now removed.

If a firewall or a proxy are blocking access to to such products, the error can be seen at the reposync log files located at /var/log/rhn/reposync/

Additionally the User Notifications were enhanced to show the last lines of the log file in case the sync failed.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.2.2

branch-network-formula:

  • Use kernel parameters from PXE formula also for local boot

cobbler:

  • Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root (bsc#1189458, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)

  • This patch introduces a regression where valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected

cpu-mitigations-formula:

  • Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

openvpn-formula:

  • Changed package to noarch.

prometheus-exporters-formula:

  • Fix formula data migration with missing exporter configuration (bsc#1188136)

py26-compat-salt:

  • Fix error handling in openscap module (bsc#1188647)

  • Define license macro as doc in spec file if not existing

py27-compat-salt:

  • Add missing aarch64 to rpm package architectures

  • Consolidate some state requisites (bsc#1188641)

  • Fix failing unit test for systemd

  • Fix error handling in openscap module (bsc#1188647)

  • Better handling of bad public keys from minions (bsc#1189040)

  • Define license macro as doc in spec file if not existing

saltboot-formula:

  • Use kernel parameters from PXE formula also for local boot

spacecmd:

  • Update translation strings

  • Make schedule_deletearchived to get all actions without display limit

  • Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

  • Use correct API endpoint in list_proxies (bsc#1188042)

  • Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)

spacewalk-backend:

  • Update translation strings

  • Fix typo "verfication" instead of "verification"

spacewalk-certs-tools:

  • Prepare the bootstrap script generator for Rocky Linux 8

spacewalk-client-tools:

  • Update translation strings

spacewalk-java:

  • Show AppStreams tab just for modular channels

  • Fix Json null comparison in virtual network info parsing (bsc#1189167)

  • Update translation strings

  • 'AppStreams with defaults' filter template in CLM

  • Add a link to OS image store dir in image list page

  • Do not log XMLRPC fault exceptions as errors (bsc#1188853)

  • XMLRPC: Add call for listing application monitoring endpoints

  • AppStreams tab for modular channels

  • Link to CLM filter creation from system details page

  • Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)

  • Fix NPE when no redhat info could be fetched

  • Java enablement for Rocky Linux 8

  • Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)

  • Properly handle virtual networks without defined bridge (bsc#1189167)

  • Mark SSH minion actions when they’re picked up (bsc#1188505)

  • Add UEFI support for VM creation / editing

  • Add virt-tuner templates to VM creation

  • Fix cleanup always being executed on delete system (bsc#1189011)

  • Warning in Overview page for SLE Micro system (bsc#1188551)

  • Add support for Kiwi options

  • Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260)

  • Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory

  • Fix entitlements not being updated during system transfer (bsc#1188032)

  • Simplify the VM creation action in DB

  • Get CPU data for AArch64

  • Handle virtual machines running on pacemaker cluster

  • Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)

  • Add Beijing timezone to selectable timezones (bsc#1188193)

  • Fix updating primary net interface on hardware refresh (bsc#1188400)

  • Fix issues when removing archived actions using XMLRPC api (bsc#1181223)

  • Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143)

spacewalk-setup:

  • Enable logging for salt SSH

  • Increase max size for uploaded files to Salt master

spacewalk-utils:

  • Add Rocky Linux 8 repositories

spacewalk-web:

  • Don’t capitalize acronyms

  • Update translation strings

  • 'AppStreams with defaults' filter template in CLM

  • Add a link to OS image store dir in image list page

  • Link to CLM filter creation from system details page

  • Expose UEFI parameters in the VM creation/editing pages

  • Add virt-tuner templates to VM creation

  • Fix cleanup always being executed on delete system (bsc#1189011)

  • Add support for Kiwi options

  • Fix virtualization guests to handle null HostInfo

  • Compare lowercase CPU arch with libvirt domain capabilities

  • Refresh JWT virtual console token before it expires

  • Handle virtual machines running on pacemaker cluster

susemanager:

  • Abort migration if data_directory is defined at the PostgreSQL configuration file

  • Update translation strings

  • Add bootstrap repository definitions for Rocky Linux 8

susemanager-build-keys:

  • Add Debian 11

  • Add Rocky Linux 8

susemanager-doc-indexes:

  • Added missing Rocky instructions to the Client Configuration Guide

  • Updated setup section in the Installation Guide about trouble shooting freely available products

  • Added channel synchronization warning in the product migration chapter of the Client Configuration Guide

  • Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)

  • In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)

  • Additional information added for Inter Server Sync v2 on limitations and configuration

  • Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419)

  • Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)

  • Corrected the package name for PAM authentication (bsc#1171483)

  • Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience

  • In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server

  • Added a warning on Ansible hardware requirements to the Retail Guide

  • Improved warning on over-writing images in public cloud in the Client Configuration Guide

  • Reference Guide: removed underscores in page titles and nav bar links.

  • Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)

  • Documented KIWI options and profile selection in Administration Guide

  • Added note about autoinstallation kernel options and Azure clients

  • Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription

  • Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section

  • In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server

  • Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)

  • Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide

  • Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients

susemanager-docs_en:

  • Added missing Rocky instructions to the Client Configuration Guide

  • Updated setup section in the Installation Guide about trouble shooting freely available products

  • Added channel synchronization warning in the product migration chapter of the Client Configuration Guide

  • Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)

  • In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)

  • Additional information added for Inter Server Sync v2 on limitations and configuration

  • Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419)

  • Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)

  • Corrected the package name for PAM authentication (bsc#1171483)

  • Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience

  • In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server

  • Added a warning on Ansible hardware requirements to the Retail Guide

  • Improved warning on over-writing images in public cloud in the Client Configuration Guide

  • Reference Guide: removed underscores in page titles and nav bar links.

  • Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)

  • Documented KIWI options and profile selection in Administration Guide

  • Added note about autoinstallation kernel options and Azure clients

  • Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription

  • Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section

  • In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server

  • Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)

  • Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide

  • Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients

susemanager-schema:

  • Add Rocky Linux 8 key and vendor

  • Fix wrongly assigned entitlements due to system transfer (bsc#1188032)

  • Force a one-off VACUUM ANALYZE

  • Add Kiwi commandline options to Kiwi profile

  • Upgrade scripts idempotency fixes

  • Simplify the VM creation action in DB

  • Handle virtual machines running on pacemaker cluster

  • Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)

  • Add Beijing timezone to selectable timezones (bsc#1188193)

susemanager-sls:

  • Add Rocky Linux 8 support

  • Enable logrotate configuration for Salt SSH minion logs

  • Add UEFI support for VM creation

  • Add virt-tuner templates to VM creation

  • Handle more ocsf2 setups in virt_utils module

  • Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503)

  • Add findutils to Kiwi bootstrap packages

  • Remove systemid file on salt client cleanup

  • Add support for Kiwi options

  • Skip 'update-ca-certificates' run if the certs are updated automatically

  • Use lscpu to provide more CPU grains for all architectures

  • Fix deleting stopped virtual network (bsc#1186281)

  • Handle virtual machines running on pacemaker cluster

susemanager-sync-data:

  • Support Rocky Linux 8 x86_64

  • Add channel family for MicroOS Z

  • Set OES 2018 SP3 to released

Version 4.2.1

cobbler:

  • Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679)

mgr-libmod:

prometheus-exporters-formula:

  • Fix null formula data dictionary values (bsc#1186025)

  • Fix exporter exporter modules configuration

prometheus-formula:

  • Add docs stings in file SD UI

py26-compat-salt:

  • Enhance openscap module: add "xccdf_eval" call

py27-compat-salt:

  • Do noop for services states when running systemd in offline mode (bsc#1187787)

  • Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)

  • Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787)

  • Enhance openscap module: add "xccdf_eval" call

  • Virt: pass emulator when getting domain capabilities from libvirt

  • Implementation of held/unheld functions for state pkg (bsc#1187813)

  • Fix exception in yumpkg.remove for not installed package

  • Fix save for iptables state module (bsc#1185131)

  • Virt: use /dev/kvm to detect KVM

  • Zypperpkg: improve logic for handling vendorchange flags

  • Add bundled provides for tornado to the spec file

  • Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)

  • Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros

  • Detect Python version to use inside container (bsc#1167586) (bsc#1164192)

  • Handle volumes on stopped pools in virt.vm_info (bsc#1186287)

  • Grains.extra: support old non-intel kernels (bsc#1180650)

  • Fix missing minion returns in batch mode (bsc#1184659)

  • Parsing Epoch out of version provided during pkg remove (bsc#1173692)

spacecmd:

  • Make spacecmd aware of retracted patches/packages

spacewalk-backend:

  • Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)

  • Check if batch needs to be imported even after failure (bsc#1183151)

  • Show better error message when reposync failed

spacewalk-branding:

  • Add modal dialog CSS style

  • Change white space behavior on modal bodies

spacewalk-certs-tools:

  • Generate SSL private keys FIPS 140-2 compatible (bsc#1187593)

spacewalk-java:

  • Fix NPE error when scheduling ErrataAction from relevant errata page (bsc#1188289)

  • Bugfix: Prevent "no session" hibernate error on deleting server

  • Add option to run Ansible playbooks in 'test' mode

  • New filter template: Live patching based on a system

  • Adapt generated pillar data to run the new Salt scap state

  • SP migration: wait some seconds before scheduling "package refresh" action after migration is completed (bsc#1187963)

  • Cleanup and regenerate system state files when machine id has changed (bsc#1187660)

  • Manually disable repositories on redhat like systems

  • Do not update Kickstart session when download after session is complete or failed (bsc#1187621)

  • Define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441)

  • Fix the unit test coverage reports

  • Fix random NullPointerException when rendering page tabs (bsc#1182769)

  • Add missing task status strings (bsc#1186744)

  • Show the full state return message for VM actions

  • Show reposync errors in user notification details

  • Do not check accessibility of free product repositories (bsc#1182817)

spacewalk-utils:

  • Use the right URLs for the AlmaLinux 8 Uyuni client tools

  • Add SLE Updates and Backport Updates repositories for openSUSE Leap 15.3

spacewalk-web:

  • Add option to run Ansible playbooks in 'test' mode

  • New filter template: Live patching based on a system

  • Fix bugged search in formula catalog

  • Convert Virtualization modal dialogs to react-modal

  • Update the version for the WebUI

susemanager:

  • Improve the error management for the PostgreSQL migration script (bsc#1188297)

  • Add sanity checks in database migration and infere options from system

  • Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073)

  • Porting the package to python3 with proper placement compiled python files

  • Show error message if server migration goes wrong

  • Update migration script to openSUSE 15.3

  • Fix message in database migration (bsc#1187451)

susemanager-doc-indexes:

  • Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)

  • Add procedure to create cluster managed virtual machine in Client Configuration Guide

  • Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate.

  • In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065).

  • Update OpenSCAP section in the Administration Guide for usability.

  • Added documentation on new database migration script

  • Added example for live patching based on a system filter template in content lifecycle management

  • Added a custom scrape configuration documentation to the Salt guide

susemanager-docs_en:

  • Updated Image Management chapter in Administration Guide; Python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)

  • Add procedure to create cluster managed virtual machine in Client Configuration Guide

  • Documented transfer between organizations in Reference and Administration Guide; this features was previously called migrate.

  • In Product Migration chapter of the Client Configuration Guide add a note to install pending updates before starting the migration (bsc#1187065).

  • Update OpenSCAP section in the Administration Guide for usability.

  • Added documentation on new database migration script

  • Added example for live patching based on a system filter template in content lifecycle management

  • Added a custom scrape configuration documentation to the Salt guide

susemanager-schema:

  • Add 'test' flag to Ansible playbook actions

  • Use the right URLs for the AlmaLinux 8 Uyuni client tools

susemanager-sls:

  • Fix parameters for 'runplaybook' state (bsc#1188395)

  • Fix Salt scap state to use new 'xccdf_eval' function

  • Fix product detection for native RHEL products (bsc#1187397)

  • When bootstrapping with ssh-push with tunnel use the port number for fetching GPG keys from the server (bsc#1187441)

susemanager-sync-data:

uyuni-common-libs:

  • Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)

Major changes since SUSE Manager Server 4.1

New products enabled

  • SUSE Linux Enterprise 15 SP3

  • SUSE Linux Enterprise Micro 5.0 (tech preview)

  • openSUSE Leap 15.3

  • AlmaLinux 8

  • Amazon Linux 2

  • MicroFocus Open Enterprise Server 2018 SP3

Technology Preview: SLE Micro

SLE Micro is an ultra-reliable, lightweight operating system purpose built for edge computing. It leverages the enterprise hardened security and compliance components of SUSE Linux Enterprise and merges them with a modern, immutable, developer-friendly OS platform.

SUSE Manager 4.2 provides limited support for SLE Micro 5.0 clients. The following features work:

  • Client registration

  • Salt remote commands

  • Formulas and Formulas with Forms

  • Installed software packages, updates, patches, etc are listed

  • Refreshing installed package list

  • Package installation, update, patching, removal

  • Content Lifecycle Management

  • State and configuration channels

  • Autoinstallation with AutoYaST and Yomi

Known issues:

  • transactional-update versions 3.2.2-1.1 or older contain a bug and will not work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon, which will enable it with Salt and SUSE Manager 4.2.

  • Package and patch installation, removal and update work but after installation, the WebUI will not show the actual patch state of the system, and it will not notify a reboot is required for those changes to be enabled. As a workaround, you can manually schedule a reboot.

  • Action chains will fail

  • Container management. SUSE Manager cannot manage podman containers at the moment but you can use Salt remote commands for that.

  • Maintenance windows in SLE Micro are currently independent from SUSE Manager’s

  • First releases of SLE Micro 5.0 contained a broken salt-minion package. Please make sure you use the latest version available in the SLE Micro Update channel.

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

The missing features will be added in upcoming releases of SUSE Manager.

Amazon Linux 2

SUSE Manager is now able to manage Amazon Linux 2 clients as salt-minion or salt-ssh clients, as well as all other features that work for RHEL 7. Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with Amazon Linux 2 clients.

Support for Amazon Linux 2 is currently only available for the x86_64 architecture. New architectures will be added in a future release of SUSE Manager.

AlmaLinux 8

SUSE Manager is now able to manage AlmaLinux 8 clients as salt-minion or salt-ssh clients, as well as all other features that work for RHEL 8. Check the Client Configuration Guide for information about how to configure SUSE Manager Server to work with AlmaLinux clients.

AlmaLinux 8 is currently only available for the x86_64 architecture. Support for AlmaLinux 8 will continue to improve, including support for other architectures as they are added to AlmaLinux.

Deprecated products

  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • Ubuntu 16.04 LTS

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

RHEL 6 (and clones: CentOS 6, Oracle Linux 6, SLES ES 6) ended upstream general support on November 30th, 2020. After a grace period of 7 months, we are now ending support for these operating systems.

Ubuntu 16.04 LTS ended upstream general support on April 30th, 2021. After a grace period of 3 months, we are now ending support for these operating systems.

Please note "end of support" from the SUSE Manager side means these products and their client tools remain available in the SUSE Manager product tree and can still be added, mirrored and used. But in case they stop working at some point in time, support will only be provided as on a best-effort basis (which in general means if the issue can be reproduced with a supported operating system, it will be fixed; but if the issue is specific to the unsupported operating system, a fix should not be expected).

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  • Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, and Debian 10. Only a Python 3 version is provided.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided. SLE 12 additionally provides a Python 3 version.

  • Salt 2016.11 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details about changes in your manually-created Salt states, see the Salt 3002 upstream release notes.

Technology Preview: Ansible integration

SUSE Manager uses Salt internally, with the SUSE Manager Server acting as a salt-master, and supports Salt clients both as salt-minion (with agent) and salt-ssh (agentless) clients.

Ansible is another popular automation tool, mainly promoted by other vendors and tools. To lower the barrier of entry for users who want to migrate to SUSE Manager, we have now integrated Ansible in SUSE Manager:

  • Ansible 2.9 (current LTSS version) is provided in the SUSE Manager Client Tools channel for SLE15

  • A new system type "Ansible Control Node" has been added. This will automatically install the ansible package and make an Ansible tab show in the System Details

  • SUSE does not provide Ansible packages for non-SUSE operating systems. Use third-party packages in that case

  • The "Ansible Control Nodes" must be registered as Salt clients (salt-minon or salt-ssh) in SUSE Manager

  • Multiple Ansible Control Nodes are supported

  • Configure the paths to Ansible playbooks and inventories in the Ansible tab of the Ansible Control Nodes to explore and display them

  • Schedule Ansible playbook execution in your Ansible control nodes as you would do with any other action in SUSE Manager

SUSE Manager uses the AnsibleGate Salt module to execute Ansible playbooks natively.

In SUSE Manager 4.2 GA, Ansible integration is a technology preview that supports a limited subset of functionality and will be enhanced in upcoming maintenance updates and releases. Namely, the following features are not yet supported in this technology preview:

  • Adding or editing Ansible playbooks from SUSE Manager. Do that in the Ansible control node.

  • Job templates (passing parameters to Ansible playbooks). You can do that via Salt states using AnsibleGate.

  • Conditional execution. You can do that via Salt states using AnsibleGate.

Please provide feedback on this feature via your SUSE Customer Service or Sales representatives, SUSE forums, or the upstream Uyuni Project community.

Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server

The "Service Pack Migration" feature has been renamed "Product Migration".

In SUSE Manager 4.2, the Product Migration feature allows two different use cases:

  • Migration from one service pack to another within the same major version of SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)

  • Migration from openSUSE Leap to the equivalent version of SLES (e. g. from Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is required, which can be obtained from SCC for free.

Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to SLE 15) is not possible using the Product Migration feature. Use autoinstallation profiles for that.

Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not available at the moment.

"Migrate" has been renamed to "Transfer" to avoid confusion.

Usability

Client systems forwarded to SUSE Customer Center

Until SUSE Manager 4.1, the SUSE Manager Server was listed in SCC but the managed clients were not. This surprised users, who did not understand why clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients connected with SUSE Manager would not.

Responding to this often-asked question and feature request, we have now implemented client list forwarding to SCC in SUSE Manager 4.2.

By default, all the clients (even non-SUSE operating systems) managed by SUSE Manager Server (connected directly or via Proxy or Retail Branch Server) will be listed in SCC. When a client is removed from SUSE Manager, it will also be removed from SCC.

The information transferred is limited to that which is already collected and transferred by SUSEconnect, RMT and SMT:

  • Client OS name and version

  • Hostname

  • Number of CPU sockets

  • Architecture

  • UUID of the system

  • Hypervisor and cloud provider information

  • Login: SUSE Manager insance id + client system id

  • Password: random string generated by SUSE Manager. Not used.

This information is used for statisical and product research purposes only.

In case you want to completely disable client list submission to SCC, set this parameter in /etc/rhn/rhn.conf and restart SUSE Manager (spacewalk-service restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an upcoming update in SCC.

Configuration state summary

In SUSE Manager, configuration may come from many different places: SUSE Manager itself, configuration channels assigned to your organization, configuration channels assigned to the system groups your clients belong to, configuration channels assigned directly to a client system or formulas with forms.

When managing a large number of clients distributed across several organizations, with multiple system groups, channels, etc, knowing what is exactly the configuration that will be applied may become a daunting task.

In SUSE Manager 4.2, we have added the configuration state summary to the Highstate page of the client. With this, you can see exactly where state is coming from.

Live patching made easy with filter templates

SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.

Setting up Live Patching requires installing specific kernel versions which are enabled for live patches, and installing the specific live patches.

SUSE Manager 4.2 implements filter templates, which are a set of pre-defined filters for a specific use case. The first filter template we are including in SUSE Manager 4.2 makes it easy to configure live patching for a specific SUSE product (e. g. SLE 15 SP2). New filter templates and additional information about the lifecycle of the live kernel will be added in upcoming versions of SUSE Manager.

Allow setting system primary FQDN

The System > Details > Hardware page allows to view and set the primary FQDN of a client system.

This feature is useful when managing clients which do not know their own external IP address or DNS name, such as client systems on public cloud, or routed clients. The primary FQDN is used to configure the default target address for monitoring.

Calendar widget for maintenance windows

The raw iCal output that was displayed when creating maintenance windows has been replaced with a graphical control ("widget"), making scheduling maintenance windows easier:

  • An interactive calendar has replaced the display of the iCalendar file in the details view

  • An interactive web calendar replaces the list of upcoming maintenance windows in the details of a maintenance schedule, and events associated with that schedule are displayed.

Easier system group and configuration channel assignment

We have simplified the screens where system groups and configuration channels were assigned by removing the tabs and subtabs. All the information and actions are now in the same screen.

Enhanced CLM filter list

The Content Lifecycle Management filter list screen how allows filter selection, deletion and sorting and search by project.

Notify beacon for DEB-based clients

While the recommended way to manage clients is to install, remove, patch, etc from SUSE Manager, which triggers the correct actions, sometimes users run the package managers directly. When doing this on Debian and Ubuntu clients, the WebUI showed an outdated package list for some time.

SUSE Manager now hooks directly into the package manager database on the client to identify local package management and trigger a package refresh from the Server to make sure the list of packages is always up to date.

Logging

mgr-create-bootstrap-repo will now log under /var/log/rhn/mgr-create-bootstrap-repo and will rotate the log files daily, keeping an history of 30 days. Clean up any leftover log file in /var/log/rhn/mgr-create-bootstrap-repo.* by archiving or deleting them.

Security: OpenSCAP enhancements

The OpenSCAP auditing feature has been in SUSE Manager for years, relying on content provided externally.

In SUSE Manager 4.2, SUSE is providing SCAP profiles to audit SLES, openSUSE, RHEL, CentOS, Oracle Linux, Ubuntu and Debian. Remediation scripts and Ansible playbooks are also provided.

Check the Administration Guide for more details on how to use this feature:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager/administration/openscap.html

Additionally, OpenSCAP auditing is now possible for multiple Salt clients at the same time using the Systems Set Manager.

Ubuntu Universe repository changes

Ubuntu 20.04 LTS provides the OpenSCAP scanner in the Universe repository, which made mirroring Universe a requirement for OpenSCAP analysis to work on Ubuntu 20.04 LTS clients. We are now providing the OpenSCAP scanner package in the SUSE Manager Client Tools for Ubuntu 20.04 LTS channel, therefore mirroring Ubuntu Universe is no longer required and has become an optional channel.

For users who still want to mirror Ubuntu Universe, we have added the universe-update and universe-security repositories to the Product Wizard, as optional.

Monitoring

Prometheus TLS

Prometheus and the Prometheus formulas now support TLS and basic authentication for HTTP endpoints. This provides a way to securely transfer metrics data.

Updated Grafana

Grafana has been updated from version 7.1.5 to version 7.4.2 in the Client Tools channels.

Check the upstream documentation for details on what has changed:

Updated Node Exporter

The Prometheus Node Exporter has been update from version 1.0.1 to version 1.1.2.

Check the upstream documentation for details on what has changed:

Updated Prometheus Exporters formula

The Prometheus Exporters formula can now be used to configure the Prometheus Exporter Exporter (reverse proxy) on Ubuntu clients.

Virtualization

Virtualization in SUSE Manager has received a number of enhancements:

  • Fine-tuning: CPU pinning and special memory configurations, such as those required when running SAP under KVM, can now be configured with Salt states.

  • Virtual networks: it is now possible to create, remove and edit virtual networks from the WebUI, and also using Salt states.

  • Autostart: automatically start needed networks and storage pools when creating/starting a VM

  • Virtual console: the virtual console monitors virtual machine state changes and can be opened even when the virtual machine is powered off. This helps in debugging startup issues, and allows to manage the VM even when it is running on another virtualization host.

  • The virtpoller beacon is now removed a replaced by a refresh action.

Custom data as pillar

Traditional stack clients could receive some custom information via macros but this feature was missing on Salt clients.

In SUSE Manager 4.2, we have implemented passing any custom information to Salt clients (both salt-minion and salt-ssh) via pillars:

salt \* pillar.get custom_info:key1
minion:
    val1

Retracted patches

When an operating system vendor releases a new patch, it might happen that the patch has undesirable side effects (security, stability, boot no longer working, etc) on some scenario that was not identified by testing. When that happens (very rarely), vendors typically release a new patch, which may take from hours to days, depending on the internal processes in place by that vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back such patches in minutes by simply removing the bad patch from the repository metadata and resorting to the previously working patch. These patches receive the advisory status "retracted" (instead of the usual "final" or "stable").

SUSE Manager now supports retracted paches across all the lifecycle:

  • Retracted patches can be synchronized

  • When a patch is retracted, it will be noted as such with its own specific icon and status

  • Retracted patches can be cloned

Following the behavior defined in zypper:

  • Once a retracted patch is installed, it will not be uninstalled unless you uninstall it explicitly. SUSE Manager will never automatically uninstall anything from your systems on its own.

  • Once a patch has been retracted by the vendor, the retracted patch cannot be installed via normal patch, update and installations.

  • Retracted patches remain available in the software channels and can be forcefully-installed/updated-to by speficying the exact version you want to install (e. g. by using zypper directly or by using the exact version in a Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly different than usual:

  • When a Content Lifecycle Management project uses a source channel which contains a now-retracted patch, a warning is displayed so that you are aware you should build and propagate the patch as soon as possible.

  • When a retracted patch is synchronized, it will not be cloned to the cloned channels by default. You will need to propagate it explicitly, like any other patch.

  • In contrast, once a retracted patch has been added one Content Lifecycle Management project and the project software channels built, the retracted patch will be automaticaly propagated all the other projects where that (now retracted) patch is available.

API

HTML documentation

The API documentation is now available in HTML format, in addition to the existing PDF document.

The new HTML API documentation includes a search engine too:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager-api/index.html

New API calls

New API calls have been added:

  • Enhanced config channel API with list assigned groups

  • Enhanced server group API with config channel and formula access methods

  • Added an API endpoint to allow/disallow scheduling irrelevant patches

  • Added APIs to manage retracted patches

  • Added APIs to set and get the primary FQDN of a given system (system.getNetworkForSystems/system.setPrimaryFqdn)

Removed API calls

The following API functions were deprecated for a long time and have been removed in SUSE Manager 4.2:

  • ActivationKeyHandler addPackageNames(User loggedInUser, String key, List packageNames)

  • ActivationKeyHandler removePackageNames(User loggedInUser, String key, List packageNames)

  • ChannelHandler listRedHatChannels(User loggedInUser)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel)

  • ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid, List<String> channelLabels)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List<String> labels)

  • ChannelSoftwareHandler unsubscribeChannels(User user, List<Integer> sids, String baseChannel, List<String> childLabels)

  • ErrataHandler listByDate(User loggedInUser, String channelLabel)

  • KickstartHandler listKickstartableTrees(User loggedInUser, String channelLabel)

  • ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  • SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  • SystemHandler listChildChannels(User loggedInUser, Integer sid)

  • SystemHandler applyErrata(User loggedInUser, Integer sid, List<Integer> errataIds)

  • UserHandler getLoggedInTime(User loggedInUser, String login)

  • SystemHandler setChildChannels(User loggedInUser, Integer sid, List channelIdsOrLabels)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, String channelLabel)

spacecmd

The spacecmd commandset has been modified to match the current features of the product:

  • Add group_addconfigchannel and group_removeconfigchannel

  • Add group_listconfigchannels and configchannel_listgroups

  • Deprecated "Software Crashes" commands

Translations

SUSE Manager 4.2 is available in English, Simplified Chinese, Japanese and Korean. Additional languages may be available as community translations, which need to be enabled explicitly by a SUSE Manager administrator.

Language selection is per user and can be set in the User Preferences. There are separate settings for the WebUI and the documentation. Command-line tools are displayed in the language defined by the user locale settings.

At the moment, Formulas with Forms are only available in English.

English

As the main language of SUSE Manager, software and documentation are available in English first.

The English documentation is always the most up-to-date and considered authoritative in case of conflict between translation and English.

Simplified Chinese

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Chinese.

Japanese

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Japanese.

Korean

The WebUI, command-line tools and basic documentation (Installation Guide, Upgrade Guide and Client Configuration Guide) are available in Korean.

Community translations

The upstream Uyuni Community has translated Uyuni and SUSE Manager to more languages, which have not been reviewed by SUSE.

Since these additional translations have not been reviewed by SUSE, they are shipped in SUSE Manager but disabled by default. Please note these translations may be incomplete and quality may be lower than the official translations.

You need to specify the full list of languages you want to make available to users, including official translations. For instance, to enable community translations for Slovak and Czech, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,zh_CN,ko,ja,sk,cz

A restart of Tomcat is required.

As of SUSE Manager 4.2 GA, the most complete community translations are:

  • Brazilian Portuguese (pt_BR)

  • Slovak (sk)

  • Czech (cz)

  • Spanish (es)

  • Italian (it)

You can enhance the community translations, or start a new translation to your language, by translating Uyuni in the openSUSE WebLate instance: https://l10n.opensuse.org/projects/uyuni/

Cobbler

Cobbler has been updated to version 3.1.2, which enhances support for ppc64le, s390x, aarch64 and newer Linux distributions.

PostgreSQL 13

The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.2 will refuse to start until the database migration from PostgreSQL 12 (or 10, if upgrading from SUSE Manager 4.0) to PostgreSQL 13 has completed successfully.

Please note the database migration from PostgreSQL 10 (if migrating from SUSE Manager 4.0) or PostgreSQL 12 (if migrating from SUSE Manager 4.1) will rebuild the database indices. This may take several hours if you have thousands of software channels.

SUSE Manager for Retail

SLEPOS 15 SP3 clients

Pre-defined templates for SLEPOS 15 SP3 are now provided. SLEPOS 15 SP3 is supported for 7.5 years since the release date.

SLEPOS 15  aarch64 clients

The 64-bit ARM aarch64 architecture is now supported for SLEPOS clients, in addition to the existing x86_64 architecture.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP3.

Dropped features

Activation key dropped from system details

Activation keys can be used when registering new clients, or re-registering existing clients, to make sure the correct software entitlements, software channels, system groups, etc are applied when they come under SUSE Manager management.

After a client is registered to SUSE Manager, activation keys serve no purpose. Software channels, groups, etc can be changed independently from the activation key.

The fact the activation key remained in the System Details led users to think editing the activation key (e. g. changing the software channels assigned to that activation key) would change what was assigned to that client system. This is not true. To avoid that confusion, the Activation Key field has been removed from the System Details of registered clients.

Activation keys can still be used during client registration.

Software Crashes

The Software Crashes feature, based on the ABRT library, has been dropped in SUSE Manager 4.2. This was a very old feature which only worked on a limited set of clients and required careful configuration to actually submit crash reports to the SUSE Manager Server instead of upstream projects.

After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.2 works with SUSE Manager Proxy 4.1/4.0 and SUSE Manager Retail Branch Server 4.1/4.0 but only for upgrade purposes. The product is not intented to be used in a mixed-version scenario in production. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on https://documentation.suse.com/suma/4.2/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Future deprecation of the traditional stack

This version of SUSE Manager is compatible with Salt and traditional clients. SUSE will deprecate traditional clients and traditional proxies in the next SUSE Manager 4.3 release. The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

Support for SLE Micro

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting or Ansible for automation, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for Ansible package

Ansible package is only L2 supported on SUSE Linux Enteprise 15 SP3 or newer. It is also supported on SUSE Manager Proxy and SUSE Manager Retail Branch Server 4.2 and higher.

Ansible 'package' is not supported on SLE-Micro.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 7 and 8 minor release clients. Older minor releases might still work but will only be supported on a limited and reasonable-effort basis.

The same rule applies to CentOS, Oracle Linux, AlmaLinux and SLES Expanded Support.

CentOS Stream is explicitly not supported by SUSE. To register CentOS 8 Stream clients, use the spacewalk-common-channels command-line tool to add and mirror the product, and the CentOS Stream client tools from the upstream Uyuni Project.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS and 20.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.2 on top of an existing SUSE Linux Enterprise Server 15 SP3 is known to generate an incomplete installation. If you require such a setup, please contact SUSE Consulting.

Known issues

SLE Micro

SLE Micro is only partially supported. Some WebUI features, such as showing the patch status of the system, or action chains, will not work properly.

This will be fixed in an upcoming release of SUSE Manager.

Translations

Formulas with Forms are only available in English for the time being. This will be solved in an upcoming version of SUSE Manager.

In some cases, translated documentation might not be up to the most recent changes in the English version.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red Hat Enterprise Linux, come with a very large number of packages that may cause taskomatic to run out of memory. If this occurs, we recommended that you increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If taskomatic continues to run out of memory, you can increase the number further. However, keep in mind that this will affect the total memory required by SUSE Manager Server.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features available in the SUSE Manager-provided Salt packages. This is especially important since it will result in the bootstrap repository containing the non-SUSE Salt packages. Therefore, this is an unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt packages from EPEL in advance (for example, by removing the Salt packages in Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS, Oracle Linux or AlmaLinux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE Customer Service or Sales representatives.

You can also provide feedback using SUSE forums, or the upstream Uyuni Project community.

Resources

Latest product documentation: https://documentation.suse.com/suma/4.2/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2021 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.