<span class="current_version">5.0.1</span>

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • August 2024: 5.0.1 release

  • July 16th 2024: 5.0 GA

About SUSE Manager 5.0

SUSE Manager 5.0, the latest release from SUSE Manager based on the Uyuni Project, delivers a best-in-class open source infrastructure management and automation solution that is designed to seamlessly manage and automate your infrastructure. It helps lower costs, reduce complexity, and enhance availability across Edge, Cloud, and Datacenter environments.

As an integral part of modern software-defined infrastructure, SUSE Manager 5.0 brings forth the following new or improved capabilities to your Edge, Cloud, and Datacenter environments.

Containerization

SUSE Manager 5.0 represents a significant evolution with its delivery in containers, offering enhanced modularity and efficiency. In version 4.3, the SUSE Manager Proxy and Retail Branch Server were containerized. However, with this release, the SUSE Manager Server is now delivered in containers.

This shift allows for improved portability, simplifying deployment and management in modern container-centric environments. By containerizing the Server, flexibility is increased and it becomes easier to adapt to various infrastructure setups. This is the first step toward further modularization, preparing SUSE Manager Server for resilience and scalability. Future versions of SUSE Manager are expected to continue this journey.

Containerization streamlines deployment and management processes, resulting in better resilience and improved infrastructure availability. These changes reflect a commitment to delivering a more adaptable and efficient solution for managing different environments.

These enhancements are expected to greatly benefit users, providing them with a more flexible and efficient SUSE Manager.

Native AppStream support

AppStreams in Red Hat Enterprise Linux (RHEL) are repositories that provide curated software packages, solving the problem of discovering and installing applications, libraries, and development tools efficiently on RHEL systems while simplifying the required list of RPM repositories.

However, SUSE Manager has been supporting RHEL 8 and RHEL 9 by removing modular data from the AppStream. This process involved flattening the repository by removing the modular data, essentially reverting it to a traditional repository format.

With SUSE Manager 5.0, we will be removing this limitation so SUSE Manager can natively support AppStreams. This enhancement will significantly improve the user experience, enabling users to manage systems consistently both from SUSE Manager and directly from the clients using DNF.

Confidential Computing Attestation

Confidential Computing is becoming increasingly crucial in our industry. While there is significant ongoing work in the industry and within SUSE on this topic, SUSE Manager will play a role in aiding confidential computing attestation. We will adopt a phased approach, starting with a small-scale implementation and gradually expanding. Initially, our offering will be exclusively on AMD-based hardware, aligning with available tools.

Enhanced CVE Audit

SUSE Manager’s CVE audit feature scans systems and images for known security vulnerabilities (CVEs), providing administrators with visibility and enabling prioritization and mitigation based on severity. Previously, it relied on channel metadata to determine system vulnerability, leading to limitations in distinguishing between unaffected systems and those lacking needed patches.

To expand this, we are enhancing the approach by integrating OVAL data provided by the upstream. This helps us avoid false positives and allows for system scanning without the need to synchronize channels. Channel information will continue to be for patch application and remediation.

Expanded operating system support

With the release of SUSE Manager 5.0, the platform now supports next-generation SL Micro 6.0, SLE 15 SP6 family, and Liberty 7 LTSS, allowing for centralized management of Enterprise Linux distributions irrespective of their location.

SUSE Manager now boasts management capabilities for various distributions, such as SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Server Micro, Red Hat Enterprise Linux, openSUSE, SUSE Liberty Linux, Oracle Linux, CentOS, AlmaLinux, Rocky Linux, Ubuntu, Debian, and Amazon Linux.

Health Check Tool

SUSE Manager 5.0 will introduce a standalone Health Check tool. This tool provides a detailed dashboard, metrics, and logs from a SUSE server, showcasing its current health status. Users can efficiently evaluate the health of their running instance and identify any potential errors for effective troubleshooting.

Installation

Requirements

SUSE Manager 5.0 will not be a base product. Instead, it will be an extension for SUSE Linux Enterprise Micro 5.5, provided through the SUSE Customer Center. This extension will include all the necessary tools to install and manage SUSE Manager. It is compatible with SUSE Enterprise Linux Micro 5.5 and supports x86_64, s390x, IBM POWER (ppc64le) and now also ARM64 (AArch64) architectures.

SUSE Manager Server, Proxy, and Retail Branch Server will be delivered in containers, accessible from the SUSE Registry.

Only the containerized versions of SUSE Manager Server, Proxy and Retail Branch Server will be available for SUSE Manager 5.0.

No separate subscription is required for SUSE Linux Enterprise Micro. Additionally, VM images are provided for simplified setup, featuring preloaded configurations for easy customization.

Currently, the PostgreSQL database is locally deployed within the same container environment as the Server. In an upcoming version of SUSE Manager, we are considering adding support for remote PostgreSQL databases.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/5.0/.

Important

SUSE Linux Enterprise Micro 5.5 has been chosen as the supported host OS for SUSE Manager 5.0 and will remain so throughout SUSE Manager 5.0 lifecycle. Please do not upgrade the host OS where SUSE Manager 5.0 is running to a newer version unless explicitly instructed otherwise.

Important

In SUSE Manager 5.0, Netavark is the only supported network management tool for containerized environments. If it does not meet your requirements and you prefer an alternative, please contact our support team for evaluation.

Upgrade from previous version of SUSE Manager Server

Please be aware that an in-place upgrade from SUSE Manager Server 4.3 is not supported. However, SUSE Manager 5.0 comes equipped with the necessary tools to streamline the migration process. This involves running both versions in parallel and transferring data from the existing 4.3 Server to the new 5.0 Server though.

Important

After successfully running the `mgradm migrate command for migration, the Salt setup on all minions will still point to the old server. To redirect them to the new server (destination server), it is required to rename the new server at the infrastructure level (DHCP and DNS) to use the same Fully Qualified Domain Name and IP address as old server (source server).

Once the migration is complete, all connected clients will seamlessly continue to run without any changes.

For detailed instructions on upgrading, please refer to the Upgrade Guide available at https://documentation.suse.com/suma/5.0/.

Virtual Machine images for SUSE Manager Server 5.0

SUSE Manager 5.0 will come with virtual machine images tailored for KVM and VMware. These images will support x86_64, s390x, IBM POWER (ppc64le), and now also ARM64 (AArch64) architectures.

These virtual machine images provide pre-configured environments that can be quickly deployed in KVM and VMware environments, saving time and effort in setting up virtual machines from scratch.

Using these images is the recommended and supported method for deploying new instances of SUSE Manager Server on these platforms.

For detailed instructions, see the Deploy as a Virtual Machine section in the official documentation.

Important

On transactional systems like SLE Micro, the system is automatically updated and restarted nightly by the reboot manager. Although we have disabled this feature in the VM images we provide, it remains enabled by default if SUSE Manager is installed using the SLE Micro ISO. We highly recommend disabling this on the system running SUSE Manager. Users can do so by:

systemctl --now disable transactional-update.timer

Major changes since SUSE Manager Server 5.0 GA

Features and changes

Version 5.0.1

SUSE Manager Server cloud images

With this update, we are excited to announce the availability of Pay-as-you-go (PAYG) and Bring-your-own-subscription (BYOS) images on Amazon Cloud and Microsoft Azure. These new options complement our existing on-premises deployment model, giving you more flexibility in how you use SUSE Manager.

The PAYG model allows you to pay only for what you use, eliminating complex billing structures and offering a straightforward way to manage your cloud infrastructure.

For more detailed information, please refer to the PAYG and BYOS section under Public cloud guide in the SUSE Manager 5.0 documentation.

Configure AppStreams via Activation Keys

With the 5.0 release, we removed the restriction on flattening AppStream repositories. This improvement allows users to manage their clients both from SUSE Manager and directly on the client using DNF if needed.

We had also introduced a new Web UI page under System > Software > AppStreams, where users can enable or disable modules and their streams on the client.

This enhancement now extends to Activation Keys as well. You can configure an activation key with the desired AppStreams modules, and when a client will be onboarded using that Activation Key, the correct AppStream modules will be automatically enabled on that client.

Additionally, this update also introduces addAppStreams and removeAppStreams methods to the ActivationKey namespace, allowing users to configure activation keys and achieve the same through the API.

Migration: Prepare command

SUSE Manager 5.0 comes with the migrate command to facilitate the upgrade from 4.3 to 5.0. However, for large deployments with a substantial number of packages and a large database, the migration process can be complex and time-consuming.

To address this, we’ve added a --prepare option to the mgradm migrate command. This option uses rsync to pre-copy content, significantly reducing the time required for the actual migration. Additionally, the source server doesn’t need to be stopped during this pre-copy phase. Since it uses rsync, this command can be run multiple times without any issues.

During the final migration, services on the source server are stopped, and the migration command is executed to rsync everything once more and perform the necessary transformations.

Transactional-update.timer Disabled

On transactional systems, such as SLE Micro, the transactional-update.timer service will be automatically disabled during onboarding. This prevents unexpected updates and reboots, giving users full control over system management through SUSE Manager.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 5.0.1

rhnlib:

  • Version 5.0.4-0

    • Add the old TLS code for very old traditional clients still on python 2.7 (bsc#1228198)

spacewalk-admin:

  • Version 5.0.8-0

    • Remove mgr-check-payg service

spacewalk-backend:

  • Version 5.0.9-0

    • Support more NEVRA types when importing module metadata

    • yum_src: use proper name variable name for subprocess.TimeoutExpired

    • Check and populate PTF attributes at the time of importing packages (bsc#1225619)

    • reposync: introduce timeout when syncing DEB channels (bsc#1225960)

    • Refresh channel newest packages after importing Appstreams metadata

spacewalk-certs-tools:

  • Version 5.0.7-0

    • Support multiple certificates for root-ca-file and server-cert-file

spacewalk-client-tools:

  • Version 5.0.7-0

    • Update translation strings

spacewalk-config:

  • Version 5.0.4-0

    • Trust the Content-Length header from ajp (bsc#1226439)

spacewalk-java:

  • Version 5.0.12-0

    • Update setup wizard UI

    • Report a server/report id mismatch when calling getCoCoAttestationResultDetails

    • Prevent the API for confidential computing to work on systems without OS support

    • Ensure getCoCoAttestationConfig works when a configuration is not present

    • Prevent error while serializing an attestation report without an attested date

    • Add missing support for field attest on boot in the getCoCoAttestationConfig and setCoCoAttestationConfig API

    • Require byte-buddy and byte-buddy-dep using maven dependencies

    • Fix NullPointerException when context has no timezone set

    • Enhance optional type adapter to parse legacy JSON data from DB

    • Update last sync refresh timestamp only when at least one time products were synced before

    • Prevent error when listing history events without completion time (bsc#1146701)

    • Autoinstallation: prevent "duplicate IP address" issues cause by container networks (bsc#1226461)

    • Check the correct Salt package before product migration (bsc#1224209)

    • Remove reboot from uptodate state, introduce reboot and rebootifneeded states

    • Add API calls getNotifications, makeNotificationRead, makeAllNotificationsRead, deleteNotification to UserNotificationHandler

    • Configure AppStreams via Activation Keys

    • Fix package profile update on CentOS 7 when yum-utils is not installed (bsc#1227133)

    • Fix layout of advanced package search page

    • Add info URL for Cobbler to clean the system profile (bsc#1219645)

    • Fix the URL to download the autoinstallation file (bsc#1226313)

    • Fix input alignment and style issues on schedule creation page

    • Add entry to apidoc faqs about methods listed more than ones (bsc#1217248)

    • Remove unused MinionActionChainCleanup job

    • Allow free products and SUSE Manager Proxy being managed by SUSE Manager Server PAYG

    • Fix a race condition during PAYG setup by re-detecting compliance when the instance report BYOS but payg_compliance.json is available

    • Show SUSE Manager Proxy for different architectures when using SUSE Manager Server PAYG

    • Do not explicitly trigger Cobbler sync when adding a system via SUMA API (bsc#1219450)

    • Improve SQL queries and performance to check for PTF packages (bsc#1225619)

    • Fix false positive SSH key generation error (bsc#1226491)

    • Change syncAll call at start-up to be asynchronous (bsc#1224004)

    • Fix transactional update check for SL Micro (bsc#1227406)

    • Fix Appstream queries to avoid duplicates in packages lists

spacewalk-web:

  • Version 5.0.12-0

    • Update the WebUI version

  • Version 5.0.11-0

    • Fix btn-info style in new theme

    • Fix missing margin in CVE audit list on cve page

    • Fix broken layout of system formulas configuration page

    • Fix table filters for description, first character dropdown and toggle button.

    • Fix channel selection using SSM (bsc#1226917)

    • Fix broken layout in monitoring page

    • Fix missing margin between inline radio buttons

    • Fix OpenSCAP search page layout

    • Remove Bare metal systems tab from General Configuration page

    • Update setup wizard UI

    • Remove reboot from uptodate state, introduce reboot and rebootifneeded states

    • Fix space between radio button and label in forms

    • Fix layout of SSM subpages in updated theme

    • Fix broken layout of build image page

    • Fix layout of advanced package search page

    • Fix badege color in salt key table

    • Fix hidden section issue in Monitoring and General Configuration pages

    • Fix double padding in recurring actions table

    • Fix missing top border in table footer

    • Fix broken layout of system highstate page

    • Fix input alignment and style issues on schedule creation page

    • Fix datetime selection when using maintenance windows (bsc#1228036)

    • Configure AppStreams via Activation Keys

susemanager:

  • Version 5.0.9-0

    • Create special bootstrap data for SUSE Manager Server 4.3 with LTSS updates for Hub scenario (bsc#1211899)

    • Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data

susemanager-build-keys:

  • Vesion 15.5.1

    • extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339)

      • gpg-pubkey-39db7c82-66c5d91a.asc

susemanager-schema:

  • Version 5.0.11-0

    • Remove unused MinionActionChainCleanup job

    • Execute the cobbler-sync-default task once per 5 minutes by default (bsc#1219450)

    • Introduce new attributes to detect PTF packages (bsc#1225619)

    • Remove reboot from uptodate state, introduce reboot and rebootifneeded states

    • Fix queries related to Appstreams to avoid inconsistencies when listing packages

susemanager-sync-data:

susemanager-sls:

  • Version 5.0.10-0

    • Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)

    • Start using DEB822 format for repository sources beginning with Ubuntu 24.04

    • Disable transactional-update.timer on SUSE Linux Enterprise Micro at bootstrap

    • sumautil: properly detect bridge interfaces (bsc#1226461)

    • Fix typo on directories to cleanup when deleting a system (bsc#1228101)

    • Granslate GPG URL if URL has server name and client behind proxy (bsc#1223988)

    • Fix yum-utils package missing on CentOS7 minions (bsc#1227133)

    • Remove reboot from uptodate state, introduce reboot and rebootifneeded states

    • Fix package profile update on CentOS 7 when yum-utils is not installed (bsc#1227133)

spacecmd:

  • Version 5.0.9-0

    • Update translation strings

uyuni-payg-timer:

  • Version 5.0.2-0

    • Adapt packages to check for modifications

  • Version 5.0.1-0

    • Do not check for billing-data-service outside of the container

    • Fix accessing 'has_metering_access' on BYOS systems (bsc#1226483)

    • Implement a timer to collect PAYG data of the Uyuni host and copy them in the container

uyuni-storage-setup:

  • Version 5.0.1-0

    • Provide uyuni-storage-setup-server

uyuni-tools:

  • Version 0.1.21-0

    • mgrpxy: Fix typo on Systemd template

  • Version 0.1.20-0

    • Update the push tag to 5.0.1

    • mgrpxy: expose port on IPv6 network (bsc#1227951)

  • Version 0.1.19-0

    • Skip updating Tomcat remote debug if conf file is not present

  • Version 0.1.18-0

    • Setup Confidential Computing container during migration (bsc#1227588)

    • Add the /etc/uyuni/uyuni-tools.yaml path to the config help

    • Split systemd config files to not loose configuration at upgrade (bsc#1227718)

    • Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026)

    • Allow building with different Helm and container default registry paths (bsc#1226191)

    • Fix recursion in mgradm upgrade podman list --help

    • Setup hub xmlrpc API service in migration to Podman (bsc#1227588)

    • Setup disabled hub xmlrpc API service in all cases (bsc#1227584)

    • Clean the inspection code to make it faster

    • Properly detect IPv6 enabled on Podman network (bsc#1224349)

    • Fix the log file path generation

    • Write scripts output to uyuni-tools.log file

    • Add uyuni-hubxml-rpc to the list of values in mgradm scale --help

    • Use path in mgradm support sql file input (bsc#1227505)

    • On Ubuntu build with go1.21 instead of go1.20

    • Enforce Cobbler setup (bsc#1226847)

    • Expose port on IPv6 network (bsc#1227951)

    • show output of podman image search --list-tags command

    • Implement mgrpxy support config command

    • During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183)

    • During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings

    • Disable node exporter port for Kubernetes

    • Fix start, stop and restart in Kubernetes

    • Increase start timeout in Kubernetes

    • Fix traefik query

    • Fix password entry usability (bsc#1226437)

    • Add --prepare option to migrate command

    • Fix random error during installation of CA certificate (bsc#1227245)

    • Clarify and fix distro name guessing when not provided (bsc#1226284)

    • Replace not working Fatal error by plain error return (bsc#1220136)

    • Allow server installation with preexisting storage volumes

    • Do not report error when purging mounted volume (bsc#1225349)

    • Preserve PAGER settings from the host for interactive sql usage (bsc#1226914)

    • Add mgrpxy command to clear the Squid cache

    • Use local images for Confidential Computing and Hub containers (bsc#1227586)

uyuni-java-parent:

  • Version 5.0.5-0

    • Update for next release

uyuni-java-common:

  • Version 5.0.5-0

    • Update for next release

coco-attestation:

  • Version 5.0.5-0

    • Ensure the report and the nonce are not empty before attempting to validate

    • Mark Secure Boot as succeeded only if the correct message is present

init-image:

  • Version 5.0.8

    • Update for next release

server-attestation-image:

  • Version 5.0.5

    • Correctly handle podman stop command

server-helm:

  • Version 5.0.7

    • Update for next release

server-hub-xmlrpc-api-image:

  • Version 5.0.7

    • Update for next release

server-image:

  • Version 5.0.8

    • Update for next release

server-migration-14-16-image:

  • Version 5.0.8

    • Update for next release

Major changes since SUSE Manager Server 4.3

Base system changed

SUSE Manager 4.3 was built on SUSE Linux Enterprise 15 SP4. SUSE Manager 5.0, moves to SUSE Linux Enterprise Micro 5.5 as the container host system. This change was made because SLE Micro is designed for container workloads and has a longer lifecycle. The SLE Micro subscription for the Server will be included in the SUSE Manager subscription, eliminating the need for customers to purchase the underlying OS subscription separately.

The supported container host is SLE Micro 5.5, while the image itself will be based on bci-init image, which is then based on SLES 15 SP6.

Salt 3006.0

SUSE Manager 5.0, continues to use Salt 3006.0. It is considered by upstream to be a long-term support (LTS) version. Our plan is to upgrade to the next LTS version, which will be 3008.0 when available. Short-term support (STS) versions of salt are not supported for use with SUSE Manager.

Throughout this process, all critical bug fixes, including CVEs, L3 fixes, and essential features needed for SUSE Manager, will be provided.

Note

The Python version for the Salt bundle has been upgraded from 3.10 to 3.11. This upgrade aligns with the Python version available in SLE and also offers better performance.

PostgreSQL 16

The database engine has been updated from PostgreSQL 14 to PostgreSQL 16, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

Upgrade to Java 17

In SUSE Manager 5.0, we’re upgrading to the next LTS version of Java, which is Java 17. This update brings several new features, security enhancements, including support for new TLS versions and improved certificate validation.

New products enabled

SUSE Manager 5.0 supports an even wider range of operating systems as clients. The following additional OS releases will be supported in SUSE Manager 5.0.

  • SUSE Linux Enterprise Server 15 SP6 Family

  • SUSE Linux Micro 6.0

  • openSUSE Leap 15.6

For more information about the registration process, refer Registration section, and for more information about supported features, consult Supported Features.

Native support for AppStream repositories

Following the integration of modularity and modular repositories in Red Hat Enterprise Linux and its derivatives, SUSE Manager initially implemented modularity through Content Lifecycle Management (CLM) and the introduction of AppStream filters. These filters effectively removed the modularity features from a repository by flattening it, enabling consumption through the SUSE Manager UI and API. However, this approach introduced complexity and limited functionality, prompting the need for a more comprehensive solution.

With this milestone, we have eliminated the restriction on flattening the AppStream repositories. This enhancement allows users to manage their clients, both from SUSE Manager and directly from the client using DNF if necessary.

Additionally, a new UI page has been introduced under System > Software > AppStreams. This page enables users to select the modules and their respective streams they wish to enable/disable on the client.

SUSE Manager 5.0 also introduces two new API namespaces: channel.appstreams and system.appstreams. These namespaces provide different endpoints that can be used to retrieve more information about available module streams, and enable or disable them on a specific system using API.

For further details about these endpoints, please refer to the SUSE Manager API Documentation.

Confidential Computing Attestation

SUSE Manager will be assisting in supporting Confidential Computing Attestation, specifically for AMD SEV-SNP clients. This functionality is compatible with hardware featuring either an AMD EPYC Milan CPU or an AMD EPYC Genoa CPU. Additionally, there is a Secure Boot module that handles the Secure Boot check in the context of Confidential Computing Attestation. For the Secure Boot module, offline RPMs for aarch64, ppc64le, and s390x will be made available with the next MU 5.0.1, while the RPM for x86_64 is already available.

SUSE Manager offers both a user-friendly UI and API to simplify the utilization of this feature for users.

For more information, please refer to the Confidential Computing

New update-salt recurring state

SUSE Manager 5.0 also comes with new state to update Salt in recurring states. Additionally, we enhance the detection of needed reboots and the update-to-date state.

These improvements have led to the update of a common workflow for keeping the system up to date with SUSE Manager.

For more information, please refer to Clients Update Using Recurring Actions workflow in the official documentation.

System getRelevantErrata API endpoint

A new API endpoint, System.getRelevantErrata , has been introduced. This endpoint accepts a list of systems and returns all errata relevant to those systems.

For further details about these endpoint, please refer to the SUSE Manager API Documentation

Monitoring

Node exporter upgraded to 1.7.0

golang-github-prometheus-node_exporter has been updated from version 1.5.0 to 1.7.0

The update includes also several bug fixes and features but no breaking changes.

Please note that supervisord and ntp collectors have been deprecated in version 1.6.0 and they will be removed in future versions.

Check the upstream changelogs for more details:

Grafana upgraded to 9.5.18

Grafana has been updated from version 9.5.16 to 9.5.18, signifying a minor update that addresses several bugs.

This update also fixes the following security vulnerability:

For detailed information about the fixes and features, you can refer to the following links:

Changed behaviour of repo-sync

Repositories are now kept strictly in sync with the upstream repository. For example, when a package is removed from the upstream repo, it is also removed from the channel directly connected to that repo. Cloned channels will remain unchanged unless the admin syncs them with the original parent channel.

Users can disable this behavior for custom channels; however, it cannot be changed for vendor channels.

Removed features

Traditional Stack removed

Starting with the SUSE Manager 4.3 release, the traditional client stack was marked as deprecated. Now, with the release of SUSE Manager 5.0, we are completely removing support for the traditional (Spacewalk client) stack.

For additional details on migrating traditional clients to Salt clients, please refer to Migrate traditional clients to Salt clients.

Important

In SUSE Manager 5.0, the same set of client tools as in SUSE Manager 4.3 is utilized to deliver the necessary packages for the clients. However, it is essential to recognize that while certain traditional stack-related packages are still supported in 4.3, they are no longer supported in 5.0. Therefore, although users may still observe some of these packages, and zypper may list them as L3 supported sources, they are only supported within the context of SUSE Manager 4.3. Any packages related to the traditional stack are not supported in SUSE Manager 5.0.

Bare metal discovery/provisioning

This feature was implemented using the traditional stack and will be dropped with SUSE Manager 5.0.

Visualization pages

Visualization pages have been removed from SUSE Manager 5.0.

Deprecated features

Virtualization

Starting from the SUSE Manager 5.0 release, the libvirt management feature will be deprecated and subsequently removed in future versions. If you still rely on VM management functionalities, we highly recommend considering alternatives like Harvester.

ISSv1

Starting from the SUSE Manager 5.0 release, ISSv1 will be deprecated and eventually removed in future versions. We strongly advise transitioning to ISSv2 or newer synchronization solutions. If you encounter any gaps or issues during this transition, please contact us.

Upgrade

Upgrading with SUSE Manager Proxy

Although SUSE Manager Server 5.0 works with SUSE Manager Proxy 4.3 and SUSE Manager Retail Branch Server 4.3, we highly recommend upgrading your Proxy and Retail Branch Server when feasible. The product is designed for optimal performance when used in a scenario where all components — SUSE Manager Server, SUSE Manager Proxy, and Retail Branch Server — are of the same version. It’s generally advised to avoid using mixed versions long-term in production environments.

When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on https://documentation.suse.com/suma/5.0/.

Important

Only the containerized versions of SUSE Manager Proxy and Retail Branch Server will be available for SUSE Manager 5.0.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Unsupported products

  • SUSE Linux Enterprise Server Expanded Support 6

  • SUSE Linux Enterprise Server 11

  • Red Hat Enterprise Linux 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • CentOS Stream

  • Ubuntu 16.04

  • Ubuntu 18.04

  • Debian 9

  • Debian 10

We encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis.

Deprecated products

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig or mgradm support, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for SUSE Liberty Linux

SUSE Manager supports SUSE Liberty Linux 7, 8 and 9. SUSE Liberty Linux clients are sometimes also called SUSE Linux Enterprise Server with Expanded Support (SLESES) or simply RES.

SUSE has offered LTSS support for SUSE Liberty Linux 7, and SUSE Manager will continue to support it throughout the LTSS phase.

For a detailed list of supported features, check the Client Configuration Guide.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports RHEL/Oracle Linux 8 and 9.

SUSE Manager has the ability to mirror all entitled content for the supported operating systems. Although SUSE Manager doesn’t assign content for specific systems using subscription-manager, it does rely on it initially to retrieve the list of repositories that are available. By utilizing the same EUS channels that Red Hat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE.

Note: Direct sync’ing ULN repos with SUSE Manager are not currently supported. An Oracle Local Distribution for ULN must be used. To set up a local ULN mirror, please consult the Oracle documentation provided at the following link

Support for Rocky Linux & AlmaLinux

SUSE Manager supports Rocky Linux 8/9 and AlmaLinux 8/9.

For a detailed list of supported features for AlmaLinux, check the Client Configuration Guide. For a detailed list of supported features for Rocky Linux, check the Client Configuration Guide.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 20.04 LTS and 22.04 LTS clients using Salt.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 12 "bookworm" & Debian 11 "bullseye" clients using Salt.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 client tools from Uyuni can be enabled using spacewalk-common-channels. There’s no CentOS 8 support.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

SCAP Security Guide support

SUSE provides scap-security-guide package for different OpenSCAP profiles. In the current version of scap-security-guide, SUSE supports the following profiles:

  • DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  • PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  • HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied and not officially supported by SUSE.

Browser support

To effectively manage your SUSE Manager environment via the Web UI, it’s essential to use an up-to-date web browser. SUSE Manager is compatible with:

  • The latest Firefox browser provided with SUSE Linux Enterprise Server

  • The latest Chrome browser across all operating systems

  • The latest Edge browser provided with Windows

Please note that Windows Internet Explorer is not supported. The SUSE Manager Web UI may not render correctly when accessed through Windows Internet Explorer.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The only supported methods for installing SUSE Manager is by utilizing images provided by SUSE, or the tools provided in the SUSE Manager 5.0 Extension, on top of SUSE Linux Enterprise Micro 5.5.

Known issues

Permission denied error

After restarting the host machine running SUSE Manager, users may find that SUSE Manager doesn’t start because the PostgreSQL service is down. If you encounter this issue and see a "Permission denied" error when trying to access the /var/lib/pgsql/data/ directory in container, it is likely the same problem. We are actively working on a fix.

Workaround:

> mgradm stop
> sudo chcon -R  --reference=FOLDER_WITH_CORRECT_LABEL /var/lib/containers/storage/volumes/var-pgsql/_data/data
> mgradm start

Issues with Registering Extensions

Currently, attempting to register an extension with SCC using the transactional-update register command in SLE Micro 5.5 results in a zypper failure. This is a known bug in SUSEConnect, and the SUSEConnect team is actively working on a fix.

Migration: Confidential Computing Attestation service

If users migrate from SUSE Manager 4.3 to 5.0, the uyuni-server-attestation service for Confidential Computing Attestation might not start properly. This will be addressed in the upcoming maintenance update.

Workaround: After the migration, running the mgradm restart command will resolve the issue.

Installation with pre-existing volumes

Installation with pre-existing volumes currently results in an error. The issue has been identified, and a fix will be included in the next maintenance update.

Salt - IPv6 Connection refusal after migrating to SUSE Manager 5.0

In an IPv6-enabled environment, migrating from a 4.3 server to a new 5.0 server might result in Salt connections to ports 4505 and 4506 on the new server being refused.

Workaround: Inside the container, make sure /etc/salt/master has the following configuration:

# The address of the interface to bind to:
#interface: 0.0.0.0
interface: '::'

# Whether the master should listen for IPv6 connections. If this is set to True,
# the interface option must be adjusted, too. (For example: "interface: '::'")
#ipv6: False
ipv6: True

Monitoring for SUSE Linux Micro 6.0

Monitoring is currently unavailable on SUSE Linux Micro 6.0 clients. We are working on it and expect it to be resolved with upcoming maintenance updates.

Migration from SLE Micro 5.5 to SUSE Linux Micro 6.0

Currently, there are some issues with migrating from SLE Micro 5.5 to SUSE Linux Micro 6.0. Before a migration, users need to manually import the ALP key for SUSE Linux Micro 6.0 into SLE Micro 5.5 and additionally sync the SUSE Linux Extras 6.0 module too. This is a known bug, and once fixed, these manual steps will no longer be necessary.

Migration from SLES 15 SP3 to SLES 15 SP4 issue

In some cases, the action for product migration from SLES 15 SP3 minion to SLES 15 SP4 fails with the error message Unable to parse migration result, even though the actual migration was successful.

We are investigating this issue. For now, if the migration was successful, you can ignore this message.

Retail: Local boot issue of SLE12 SP5 based images

If, after PXE booting and rebooting, the SLES 12 SP5 terminal gets stuck at the "GRUB" message, users need to use the latest profile available in the SUSE/manager-build-profiles repository.

Transactional systems - Salt SSH execution

The Salt SSH execution utilized during the onboarding process may face inconsistencies if a Salt Minion or the Salt Bundle is already present on the Minion, which could potentially result in onboarding failure.

Workaround: If the salt-minion or venv-salt-minion packages are already installed, remove them, and then proceed to onboard the SUSE Linux Enterprise Micro or openSUSE Leap Micro system.

mgrpush tool

The mgrpush tool will be functional only from the client side. Although it remains on the Server for the time being, it will no longer function and will eventually be removed.

mgr-bootstrap tool removed from the Proxy

The mgr-bootstrap tool has been taken out from the Proxy and will be removed from the Server as well in future. Overall, several tools on both the Server and Proxy will be phased out in favor of the API or integrated into mgrpxy/mgradm.

If users wish to create a bootstrap script to register against the Proxy, they can do so using the following command from the Server container:

mgr-boostrap --hostname $proxyfqdn

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE Customer Service or Sales representatives

Resources

Latest product documentation: https://documentation.suse.com/suma/5.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/source-code/ for additional information on the source code of SUSE Linux Enterprise products.

SUSE Software Solutions Germany GmbH
Frankenstraße 146
D-90461 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2024 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Team.