This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • September, 2022: 4.3.1 release

  • 20th June, 2022: 4.3 GA

About SUSE Manager 4.3

SUSE Manager 4.3, the latest release from SUSE based on SUSE Linux Enterprise Server 15 SP4 and the Uyuni Project, delivers a best-in-class open source infrastructure management and automation solution that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.3 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Expanded operating system support

Adding to its extensive list of Linux distributions, SUSE Manager 4.3 introduces support for Debian 11, further enabling the management of all your Enterprise Linux distributions from a single tool – no matter where they are located.

SUSE Manager now supports the management of SLE, SLE-Micro, RHEL, openSUSE, Oracle Linux, CentOS, AlmaLinux, Rocky Linux, Ubuntu, Debian, and Amazon Linux.

Scaling SUSE Manager

With the "SUSE Manager Hub" multi-server architecture we are gradually introducing a framework that allows you to scale SUSE Manager deployments to hundreds of thousands of nodes using tiered management servers.

SUSE Manager 4.3 further introduces new features in Hub framework, optimizing it for the edge deployments, and fill the gaps by introducing centralized reporting and enhancing ISSv2 by adding capabilities to transfer OS Images and configuration channels from Hub to peripheral servers.

With ever growing Linux footprints you need your management tool be able to scale to tens of thousands of Linux devices and beyond. With the performance and scalability enhancements in 4.3, your SUSE Manager deployment can easily scale in your environment in any direction, while providing better performance than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your business needs, with the peace of mind that SUSE Manager will be able to manage your large estate, and the cost implications of growing their footprint will not be exaggeratedly high.

Before you begin , you should always get advice from a SUSE partner, sales engineer, or consultant.

Updating and Configuration Management

With SUSE Manager 4.3, one of the goal is to make typical system administration tasks even more easier. There will be number of improvments when it comes to SSM, action status at given time, to name a few.


One of the main areas that we wanted to improve with SUSE Manager 4.3 is interoperability. Our goal was to make SUSE Manager play well with the existing tools that users already have.

Salt bundle

One effort in this regard has been around salt. SUSE Manager 4.3 comes with salt-bundle. The Salt Bundle can be used on systems that already run another Salt Minion or systems which do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by SUSE Manager.


Another goal that we want to achieve in a long run is to enable SUSE Manager to be deployed in container-only environments, independently from the base OS. Allow SUSE Manager components (specifically Proxies/Retail Branch servers) to run in more resource-constrained environments. Edge market is our main audience here with this effort. It will allow users to install SUSE Manager components on top of kubernetes, increasing flexibility and future viability

Enabling SUSE Manager Proxy and Retail Branch Servers to also run in containers, is in SUSE Manager 4.3 scope.


With SUSE Manager 4.3, in addition to the current XML-RPC API, a new JSON over HTTP API will also be provided to make SUSE Manager API even easier to consume.

SUSE Manager is seeing more and more use in automated scenarios, where it is a part of a bigger system and is driven via its APIs. The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:



SUSE Manager Server 4.3 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 4. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.1 and 4.2 is supported.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Installation and Upgrade Guide

Major changes since SUSE Manager Server 4.3 GA

Features and changes

Version 4.3.1

GPG key handling in SUSE Manager

SUSE Manager is now taking care of trusting the required GPG keys on the clients, in order to install packages from assigned channels

The GPG key URL can be defined for Software Channels which will be used to find the key needed for that channel.

When the channel is assigned to the client the key will be trusted on repository refresh or when installing a package out of the channels.

For more information, check the documentation.

Disabling locally defined repositories

To prevent problems with local defined repositories providing wrong or unwanted packages, we disable now all these repositories as the first step in bootstraping.

Additionlly we try to keep local repositories disabled and perform this in the channel state which is also used during highstate.

For more information, check the documentation.

Technology Preview: Helm chart to deploy containerized SUSE Manager Proxy and Retail Branch Server

Deploying Proxy and Retail Branch Servers as containers is now also possible using a Helm chart.

For more information check this README file. The information will be part of the SUSE Manager official documentation in a future release.

WARNING: The container images configuration has a new format and it is now packaged as tar.gz file. All previously deployed container Proxies and Retail Branch Servers will need to get their configuration regenerated and deployed again before pulling these images.


The SUSE Patch Finder is a simple online service to view released patches.

Version 4.3.1


  • Fix the URL for the package

  • Declare the LICENSE file as license and not doc


  • Fix the URL for the package

  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Update to version 0.1.1658330139.861779d

    • Fix deleting of unused boot images

    • Support deltas for system images (bsc#1201498)

    • Do not try to show changes in images (bsc#1199998)


  • Version 0.2.3

    • Compress exported sql data #16631


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Update to version 0.1.1658330139.861779d


  • Fix wrong logic on find_proxy method causing proxy not being used


  • Bump up the maxsize on a fixed-size C buffer to avoid breaking on some autogenerated rust packages

  • Flush stdout and stderr before execv of an end hook

  • Add support for Zstd compressed debs

  • Added alternative package name for db4-devel.


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Version 4.3.14-1

    • Fix missing argument on system_listmigrationtargets (bsc#1201003)

    • Show correct help on calling kickstart_importjson with no arguments

    • Fix tracebacks on spacecmd kickstart_export (bsc#1200591)

    • Change proxy container config default filename to end with tar.gz


  • Version 4.3.5-1

    • Simplified PostgreSQL14 requirement.

    • Update server-migrator to dist-upgrade to openSUSE 15.4


  • Version 4.3.15-1

    • cleanup leftovers from removing unused xmlrpc endpoint

    • Fix issues with "http proxy" not being used by reposync in some cases


  • Version 4.3.14-1

    • traditional stack bootstrap: install product packages (bsc#1201142)

    • display messages to restart services after certificate change

    • improve CA Chain checking by comparing authorityKeyIdentifier with subjectKeyIdentifier


  • Version 4.3.11-1

    • Update translation strings


  • Version 4.3.9-1

    • fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found


  • Version 4.3.35-1

    • Modify parameter type when communicating with the search server (bsc#1187028)

    • Fix hibernate error on deleting an image with delta

    • Changed logout method to POST on HTTP API (bsc#1199663)

    • Turned API information endpoints public (bsc#1199817)

    • Fix typo and ordering of JSON over HTTP API example scripts

    • Improved log handling in HTTP API (bsc#1199662)

    • set Channel GPG Key info from SCC data

    • set GPG Key Url as channel pillar data (bsc#1199984)

    • new API endpoint for addErrataUpdate, that take multiple servers as argument

    • Move ImageSync pillars to database (bsc#1199157)

    • Fix conflict when system is assigned to multiple instances of the same formula (bsc#1194394)

    • Fix initial profile and build host on Image Build page (bsc#1199659)

    • Convert formula integer values when upgrading (bsc#1200347)

    • Cleanup salt known_hosts when generating proxy containers config

    • Modify proxy containers configuration files set output

    • Change proxy containers config to tarball with yaml files

    • Fixed date format on scheduler related messages (bsc#1195455)

    • Improved dropdown layout handling

    • Fix download CSV

    • Hide authentication data in PAYG UI (bsc#1199679)

    • Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)

    • Show reboot alert message on all system detail pages (bsc#1199779)

    • Show patch as installed in CVE Audit even if successor patch affects additional packages (bsc#1199646)

    • Fix refresh action confirmation message when no system is selected

    • Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)

    • Fix notification message on system properties update to ensure style consistency (bsc#1172179)

    • Fix containerized proxy configuration machine name

    • Improve CLM channel cloning performance (bsc#1199523)

    • Keep the websocket connections alive with ping/pong frames (bsc#1199874)

    • add detection of Ubuntu 22.04

    • fix missing remote command history events for big output (bsc#1199656)

    • fix api log message references the wrong user (bsc#1179962)

    • Consistently use conf value for SPA engine timeout

    • fix download of packages with caret sign in the version due to missing url decode

    • Add specific requirement for Cobbler 3.2.1 to not conflict with Leap 15.4

    • Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629) (CVE-2022-31248)


  • Version 4.3.6-1

    • Add method to handle session id as String

    • Migrated from log4j1.x.x to log4j2.x.x

    • update ivy development files


  • Version 4.3.10-1

    • spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356)

    • Allow alternative usage of perl-Net-LibIDN2.


  • Version 4.3.13-1

    • change gpg key urls to file urls where possible

    • spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356)

    • spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler

    • Add repositories for Ubuntu 22.04 LTS

    • Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels

    • Add missing SLES 15 SP4 client tools repositories to spacewalk-common-channels.ini

    • add deprecation warning for spacewalk-clone-by-date

    • Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini

    • openSUSE Leap 15.4 repositories


  • Version 4.3.23-1

    • Update the version for the WebUI

    • Fix initial profile and build host on Image Build page (bsc#1199659)

    • Handle multi line error messages in proxy containers config creation

    • Hide authentication data in PAYG UI (bsc#1199679)

    • add textarea to formulas

    • Consistently use conf value for SPA engine timeout

    • Remove nodejs-packaging as a build requirement

    • Update translation strings


  • Declare the LICENSE file as license and not doc


  • Version 4.3.18-1

    • Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)

    • Add clients tool product to generate bootstrap repo on OpenSUSE 15.x (bsc#1201189)

    • Add Oracle Linux 9 bootstrap repositories for Uyuni

    • Add AlmaLinux 9 bootstrap repositories for Uyuni

    • Add Red Hat Enterprise Linux 9 repositories for Uyuni

    • Make the Salt Bundle optional for bootstrap repositories for Debian 9 and SUSE Manager Proxy 4.2

    • Enable bootstrapping for Ubuntu 22.04 LTS

    • fix comment: migration without creating backup use -f option

    • bootstrap repo: set optional packages

    • Add python3-contextvars and python3-immutables to missing bootstrap repos (bsc#1200606)

    • Update server-migrator to dist-upgrade to openSUSE 15.4


  • Version 15.4.3

    • Add Uyuni Client Tools key

    • Install keys for Client Tools Channels in salt filesystem to be able to deploy them to clients

    • Add openEuler 22.03 key

    • Add AlmaLinux 9 key

    • Add Oracle Linux 9 keys

    • RPM-GPG-KEY-openEuler

    • RPM-GPG-KEY-AlmaLinux-9

    • RPM-GPG-KEY-oracle

    • RPM-GPG-KEY-oracle-backup


  • Described disabling local repositories in Client Configuration Guide

  • Remove misleading installation screen shots in the Installation and Upgrade Guide (bsc#1201411)

  • Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224)

  • Removed sle-module-pythonX in VM Installation chapter of Installation and Upgrade Guide because SUSE Manager 4.3 does not require it

  • In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly

  • Removed SUSE Linux Enterprise 11 from the list of supported client systems

  • Update section about changing SSL certificates

  • Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532)

  • Fixed 'fast' switch ('-f') of the database migration script in Installation and Upgrade Guide

  • Updated Virtualization chapter in Client Configuration Guide; more on limitation other than Xen and KVM

  • Added information about registering RHEL clients on Azure in the Import Entitlements and Certificates section of the Client Configuration Guide (bsc#1198944)

  • Fixed VisibleIf documentation in Formula section of the Salt Guide

  • Added note about importing CA certifcate in Installation and Upgrade Guide (bsc#1198358)

  • Documented defining monitored targets using file-based service discovery provided in the Prometheus formula in the Salt Guide

  • In Supported Clients and Features chapter in Client Configuration Guide, remove SUSE Linux Enterprise 11 (bsc#1199147)

  • Improve traditional client deprecation statement in Client Configuration Guide (bsc#1199714)


  • Version 4.3.13-1

    • update GPG key urls in channels set by spacewalk-common-channels

    • add gpg key info to suseProductSCCRepository (bsc#1199984)

    • Move ImageSync pillars to database (bsc#1199157)


  • Version 4.3.24-1

    • Fix issue bootstrap issue with Debian 9 because missing python3-contextvars (bsc#1201782)

    • Fix deploy of SLE Micro CA Certificate (bsc#1200276)

    • disable local repos before bootstrap and at highstate (bsc#1191925)

    • deploy GPG keys to the clients and define trust in channels (bsc#1199984)

    • Enable basic support for Ubuntu 22.04

    • Add port parameter to mgrutil.remove_ssh_known_host

    • Prevent possible tracebacks on calling from mgrcompat by setting proper globals with using LazyLoader

    • Fix bootstrapping for Ubuntu 18.04 with classic Salt package (bsc#1200707)

    • create CA certificate symlink on Proxies which might get lost due to de-installation of the ca package


  • Version 4.3.5-1

    • Fix reposync issue about 'rpm.hdr' object has no attribute 'get'


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc


  • Declare the LICENSE file as license and not doc

Major changes since SUSE Manager Server 4.2

Base system upgrade

The base system has been upgraded to SUSE Linux Enterprise Server 15 SP4.

PostgreSQL 14

The database engine has been updated from PostgreSQL 13 to PostgreSQL 14, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.3 will refuse to start until the database migration from PostgreSQL 13 to PostgreSQL 14 has been completed successfully.


Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports, and enhancements by SUSE, for the SUSE Manager Server, Proxy, and Client Tools.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3004 upstream release notes.

Salt as a Bundle

One of the areas that we want to address in SUSE Manager 4.3 is to co-exist with other configuration management tools, especially Salt-based, and Salt Bundle is what the team came up with as the solution. The Salt Bundle can be used on systems that already run another Salt Minion, that does not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by SUSE Manager.

Salt Bundle is a single package called venv-salt-minion containing the Salt Minion, Python, and all Python modules. It is exactly the same version and codebase for the current salt-minion RPM package.

SUSE Manager 4.3 comes with the salt bundle and use it as the default way to bootstrap systems for all the supported operating systems.

On bootstrapping new clients the Salt Bundle package will be used instead of salt-minion if the package venv-salt-minion is present in the bootstrap repo.

Clients already registered will not be changed, but can be switched to Salt Bundle by applying the state util.mgr_switch_to_venv_minion to them. For more information see the Client Configuration Guide.

Salt SSH now uses the Salt Bundle

The Salt Bundle is now used to handle Salt SSH executions on the client side. The bootstrap of new Salt clients using webUI or API is now also using the Salt Bundle.

To ensure bootstrap works in the proper way, the bootstrap repositories for the clients must be regenerated before bootstrapping new clients.

The bootstrap repository regeneration happens for any given product when a resync for the product repositories happens:

  • For products provided by the SUSE Customer Center, added via de Setup Wizard or mgr-sync, this happens each night.

  • For products added via spacewalk-common-channels there is no automated resync by default, unless it was configured after adding the product. In this case, the regeneration needs to be trigger manually.

To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo at the SUSE Manager Server.


Reporting Database

The reporting database provides SUSE Manager data used for reports in a simplified schema and is accessible by any reporting tool with support for SQL databases as content sources.

This new database is isolated from the one used for the SUSE Manager Server, and created automatically.

The tool uyuni-setup-reportdb-user can create new users who have read-only access to the data.

For more information on this topic, see Hub reporting.

Reporting Database documentation

The reporting database schema is now fully documented.

The documentation describes the schema in detail, showing all the tables and the views available and highlighting the relationships among them.

You can access it from the SUSE Manager Server WebUI, at Help > Report Database Schema, from the left navigation bar.

spacewalk-report now uses data from the reporting database

spacewalk-report will use the data from the report database by default. This change affects both new and updated setups.

This means that the newly generated reports will differ in the structure and the format of the data and might break existing integrations.

If this change causes trouble in your use case, the new option --legacy-report can be used to fall back to the old report engine.

For a comprehensive list of what is changed and what reports are affected, see the section "Generate Reports" at the Administration Guide.

Improved image management

SUSE Manager 4.3 comes with a lot of improvements for image management.

  • Kiwi images:

    • Uses name and version from Kiwi config file, revision is increased on each build

    • Built image files are referenced in the database and deleted with the image entry

    • Image pillars are stored in the database

    • The build log is visible in the User Interface

  • Docker images:

    • Use a new database entry for each revision

    • Old revision can be shown with the "Show obsolete" checkbox

  • Updated XML RPC API to manipulate with images, image files and pillars:

Technology Previews

Containerized SUSE Manager Proxy and Retail Branch Server

Starting with SUSE Manager 4.3, it will be possible to run the SUSE Manager proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason. Additionally, the ability to run SUSE Manager Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS. Moreover in the future, it will allow users to install SUSE Manager components on top of Kubernetes, increasing flexibility and future viability.


With SUSE Manager 4.3, in addition to the current XML-RPC API, a new JSON over HTTP API will also be provided to make SUSE Manager API even easier to consume.

SUSE Manager is seeing more and more use in automated scenarios, where it is a part of a bigger system and is driven via its APIs. The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.

The API documentation has been updated to reflect the changes to support the HTTP API, and is available at the SUSE Manager Server WebUI under About > API, and at the online documentation

Usage examples can be found in the "Sample scripts" section of the documentation.

With the addition of the JSON over HTTP API documentation:

  • Mandatory names to the input parameters for each method were added

  • Information about the HTTP request type (GET or POST) was added

  • Example scripts to consume the HTTP API via Curl were added

New products enabled

  • Debian 11

  • SUSE Linux Enterprise 15 SP4

  • SUSE Linux Enterprise Micro 5.2 (tech preview)

For more information about the registration process, refer Registration section, and for more information about supported features, consult Supported Features.


HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

SUSE Manager allows enabling HSTS, to enable it for a SUSE Manager Server:

  • Edit /etc/apache2/conf.d/zz-spacewalk-www.conf

  • Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  • Restart Apache with systemctl restart apache2

To enable it for SUSE Manager Proxies:

  • Edit /etc/apache2/conf.d/spacewalk-proxy.conf

  • Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  • Restart Apache with systemctl restart apache2

IMPORTANT: Once HSTS is enabled while using the default SSL certificate generated by SUSE Manager or a self-signed certificate, browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by SUSE Manager, you can trust it by importing the file located at http://<SERVER-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT to the browsers of all users.


Grafana 8.3.5

SUSE Manager 4.3 comes withe the newer Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

  • XSS vulnerability in handling data sources (CVE-2022-21702)

  • Cross-origin request forgery vulnerability (CVE-2022-21703)

  • Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)

  • GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  • New Alerting for Grafana 8

  • CloudWatch: Add support for AWS Metric Insights

  • CloudWatch: Add AWS RoboMaker metrics and dimension

  • CloudWatch: Add AWS Transfer metrics and dimension

  • CloudWatch: Add AWS LookoutMetrics

  • CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  • CloudMonitoring: Add support for preprocessing

  • CloudWatch: Add AWS/EFS StorageBytes metric

  • CloudWatch: Add Amplify Console metrics and dimensions

  • CloudWatch: Add metrics for managed RabbitMQ service

  • Elasticsearch: Add support for Elasticsearch 8.0

  • AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  • AzureMonitor: Add Azure Resource Graph

  • AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  • Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.

SUSE Manager does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.

Prometheus 2.32.1

SUSE Manager 4.3 comes withe the newer Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the SUSE Manager is updated.

Breaking changes:

  • Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.

  • As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

  • Introduced generic HTTP-based service discovery.

  • New expression editor with advanced autocompletion, inline linting, and syntax highlighting.

  • Discovering Kubernetes API servers using a kubeconfig file.

  • Faster server restart times via snapshotting.

  • Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.


Adding systems with failed/completed actions to System Set Manager

It is now possible to select and add systems that failed or completed actions, with a new button Add Selected to SSM that shows for the actions at "Completed Systems" and "Failed Systems".

You can the find the actions at the SUSE Manager Server WebUI, at Schedule on the left navigation bar.

This can be useful to fix issues with systems that failed to complete actions, or to run more actions on those that completed them.

Product Migration

With SUSE Manager 4.3, it is now possible to migrate products even if the target product doesn’t have some of the successors. This is a common scenario in the case of LTSS, where migrating from an LTSS version to the next service pack doesn’t have LTSS successor module.

Now it is up to the user to decide if they want to migrate or not. SUSE Manager will display enough information about the missing successors.

Besides the UI, it is also possible to do it using the API.

New XML-RPC API version 26

SUSE Manager 4.3 updates the XML-RPC API version from 25 to 26.

As CaaSP support has been dropped that also means that corresponding cluster Management APIs have been also removed.

If any of your scripts are checking for the version 25, you can change them to use version 26 without any further changes.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

  smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

   smdba system-check autotuning [--max_connections=<number>] [--ssd]

Dropped features

CaaSP support

We had added CaaSP support in previous versions but unfortunately, CaaSP got disconnected and no further development will be happening there.

The currently released versions of CaaSP will soon be going EOL and this naturally implies that we should also remove all the bits related to it from SUSE Manager.

Deprecated features

Traditional Stack has been deprecated

With SUSE Manager 4.3 release, traditional stack has been deprecated.

The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

'spacewalk-clone-by-date' has been deprecated

With SUSE Manager 4.3 release, spacewalk-clone-by-date tool has been deprecated. With CLM (Content Lifecycle Management), we believe customers have a better alternative to spacewalk-clone-by-date, which is much more flexible and powerful. CLM provides a comprehensive API to cover all the important features that spacewalk-clone-by-date tool offers.

We highly encourage users to migrate their workload and scripts to CLM.

Unsupported products

  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • Ubuntu 16.04

  • SUSE Linux Enterprise Server 11

We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis.

Deprecated products

  • Debian 9 (after EOL 2022-06-30)

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.


Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.3 works with SUSE Manager Proxy 4.1/4.2 and SUSE Manager Retail Branch Server 4.1/4.2 but only for upgrade purposes. The product is not intented to be used in a mixed-version scenario in production. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

There is a known issue when migrating to 4.3, please consult the Known Issues section for more detail.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.


Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Support for SLE Micro

SLE Micro is only supported as a Salt minion. The traditional stack will not be supported.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 7 and 8 minor release clients. Older minor releases might still work but will only be supported on a limited and reasonable-effort basis.

The same rule applies to CentOS, Oracle Linux and SLES Expanded Support.

CentOS Stream is explicitly not supported by SUSE. You may try to register CentOS Stream clients by:

  1. Using the spacewalk-common-channels command-line tool to synchronize the product

  2. Using the CentOS Stream client tools from the upstream Uyuni Project.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS and 20.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 10 "Buster" & Debian 11 "bullseye" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 client tools from Uyuni can be enabled using spacewalk-common-channels. CentOS 8 is dead.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

SCAP Security Guide support

SUSE provide scap-security-guide package for different openscap profiles. In the current version of scap-security-guide, SUSE supports the following profiles:

  • DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  • PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  • HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied and not officially supported by SUSE.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of Minimal-VM images (formely known as SLE JeOS), are the only supported mechanisms to install SUSE Manager.

Known issues

GPG keys acceptance issue

Some Enterprise Linux distributions do not trust their own GPG key for package installation. In case of GPG key errors, try to import the GPG key manually. The key files are installed but the name depends on the OS

CentOS Linux 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'
CentOS Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial'
AlmaLinux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux'
Rocky Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial'
Red Hat Enterprise Linux Server 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Red Hat Enterprise Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Amazon Linux 2: '/etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-linux-2'
Oracle Linux 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle'
Oracle Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-oracle'

Workaround: Import the keys using the following command:

$> rpm --import /path/to/key/file

We are working on a final solution to automate this.


  • AlmaLinux 8 repository URLs have been changed to use the mirrors list. To use the new URLs on an existing installation, updating and then running "mgr-sync refresh" or waiting for its nightly execution is required. Please update as soon as possible. New updates for AlmaLinux cannot be fetched from the server until this change happened.

  • Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is providing a broken repository file (containing duplicated identificators). We have already reported this issue to AlmaLinux.

    Workaround: Update the package almalinux-release before registering the instance to SUSE Manager so at least the version 8.5-3 is installed.

UI discrepancies

SUSE Manager 4.3 comes with a new look and feel. We have fixed most of the known issues related to this but there could be still some UI discrepancies because susemanager-light and susemanager-dark themes are under active development. If the user faces any issue related to UI, we suggest reporting a bug. In the meanwhile, one can also choose to fall back to uyuni theme which is older but more mature.

To change a theme, the user needs to login into SUSE Manager and then choose the needed theme from the dropdown list under Home → My Preferences→ Style Theme.

Migration from 4.1 and 4.2 to 4.3

SUSE Manager 4.3 is the base product for SLE15 SP4, this applies to Server, Proxy, and Retail Branch Server. In SLE 15 SP4, sle-module-python2 is no longer available (in favor of sle-module-python3). This means that migration(using yast2 migration or zypper migration) from 4.1/4.2 to 4.3 will not work without deactivating this module first. yast2 and zypper raise the following error if the module is still activated during migration

Can't get available migrations from server: SUSE::Connect::ApiError: There are activated extensions/modules on this system that cannot be migrated.
Deactivate them first, and then try migrating again.
The product(s) are 'Python 2 Module 15 SP3 x86_64'.
You can deactivate them with:
SUSEConnect -d -p sle-module-python2/15.3/x86_64

As suggested in the error message one can deactivate the module using SUSEConnect -d -p sle-module-python2/15.3/x86_64.

After this, migration should work.

Migration of SUMA Proxy 4.2 to 4.3

When upgrading SUSE Manager Proxy 4.2 based on JeOS image to 4.3, before proceeding with the migration, please uninstall the kernel-default-base package, otherwise, the migration will not work.

CLM and custom repositories

When building a CLM project, if it includes custom channels with custom repositories. The custom repositories might not be selected in the new cloned custom channels. As workaround, one can go to the new cloned custom channels, select the custom repositories and synchronize them.

Container build host and salt bundle

Container build host will not work with salt bundle. We are working on the fix. In the meanwhile, in the case of Container build host, don’t use Salt bundle but rather a normal Salt.

SLE Micro

SLE Micro is only partially supported. Some WebUI features, such as showing the patch status of the system, or action chains, might not work properly.

Bootstrap with web UI using non-root user

Onboarding of clients with the non-root user from SUSE Manager UI fails the following error:

ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"

The root cause of this problem is wrong ownership of salt thin directory when using the salt bundle.

Workaround: Once bootstrap fails, the user can run chown -R $USER:$GROUP /var/tmp/.*_salt once and try onboarding again, it shouldn’t fail this time.

SLE Micro: Server CA certificate

Because of some recent change, the SSL CA certificate from the server never gets deployed into the registered SLE Micro instance during registration, Server SSL CA certificate doesn’t get deployed during registration in case of SLE micro. Therefore this instance will have SSL issues when trying to read the channels assigned by SUSE Manager.

Workaround: The user would need to manually run update-ca-certificate in the SLE Micro instance to get this issue fixed.

SLE Micro: Bootstapping

Bootstrapping of SLE Micro from the UI/API fails with error the following error:

SaltSSHError(3, Error: Unable to download https://susemanager.fqdn:443/pub/repositories/sle/5/2/bootstrap/venv-enabled-x86_64.txt file!

Workaround: User needs to manually configure the salt minion and restarting the service manually.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:


Latest product documentation:

Technical product information for SUSE Manager:

These release notes are available online:

Visit for the latest Linux product news from SUSE.

Visit for additional information on the source code of SUSE Linux Enterprise products.

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Managing Director/Geschäftsführer: Ivo Totev

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2022 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list ( All third-party trademarks are the property of their respective owners.


Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.