SUSE Manager Server 4.1

Release Notes
2020-11-05 15:48:15 +0100
Table of Contents

  * Version Revision History
  * About SUSE Manager 4.1
      + Expanded Operating System support and Cluster integration and
        management
          o Simplify management and regain control with SUSE Manager 4.1
          o Simplify cluster operations with the first cluster-aware version of
            SUSE Manager
      + Lower costs and streamline management with enhanced usability, virtual
        machine management and monitoring capabilities
      + Scale SUSE Manager 4.1 to tens of thousands of client devices without
        compromise
  * Keep Informed
  * Installation
      + Requirements
      + Update from previous versions of SUSE Manager Server
      + Migrating from Red Hat Satellite
      + Scaling SUSE Manager
      + High availability
          o Channels with a large number of packages
  * Major changes since SUSE Manager Server 4.1 GA
      + Features and changes
          o Version 4.1.3
              # Recent Salt CVEs remediation
              # Web UI themes
              # Grafana 7.1.5
              # Prometheus Exporter Exporter
              # XML-RPC power management API
              # Third-party errata information on vendor channels
              # Japanese translation
              # Bootstrap repositories no longer flushed by default
          o Version 4.1.2
              # SUSE Manager Hub
              # Monitoring
          o Version 4.1.1
              # Maintenance windows
              # Monitoring: multiple exporters with a single exposed port
              # Added new type of "Virtual Host Manager": Nutanix AHV
              # Salt module.run compatibility state
              # SLE15 and python3-M2Crypto
      + Patches
          o Version 4.1.3
          o Version 4.1.2
          o Version 4.1.1
  * Major changes since SUSE Manager Server 4.0
      + New SUSE branding
      + New products enabled
          o CentOS
          o Oracle Linux
          o Ubuntu 20.04 LTS
      + Cluster Management
      + Recurring highstate scheduling
      + Monitoring enhancements
          o Federation
          o Pre-configured default alerting rules
          o CaaSP dashboards
          o Updated Grafana and Prometheus
          o Updated Node Exporter
      + Virtual storage pool support
      + Performance improvements
          o Reposync
          o Content Lifecycle Magement
          o Prometheus Service Discovery
      + Usability
          o Automatic generation of bootstrap repositories
          o Automatic database schema migrations and fail-over mechanism
          o Third-party GPG keys now included
          o Onboarding of clients with SSH keys
          o Service Pack migration: remember settings
          o Subscription warning
          o Proxy visibility in Systems Overview
          o Improved sync status visibility
          o Single Page Application UI (SPA)
      + RHEL 8 enhancements
          o Content Lifecycle Management filters for AppStreams
          o Prometheus exporters
      + SUSE Manager for Retail
          o SLEPOS 15 SP2 clients
          o Small stores
          o EFI HTTP booting
      + Custom headers for reposync
      + New documentation
      + OpenVPN formula
      + spacewalk-utils
      + Single Sign-On (SSO)
      + Technology previews
          o SUSE Manager Hub XML-RPC API
          o Yomi
      + Salt 3000
      + PostgreSQL 12
      + Base system upgrade
      + Dropped features
          o Unpublished patches
              # API breakage
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Support
      + Supportconfig confidentiality disclaimer
      + Supportability of embedded software components
      + Support for older products
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Ubuntu Clients
      + L1 support for Debian clients
      + Browser support
      + SUSE Manager installation
  * Known issues
      + Compatibility with the Development Tools Module
      + Single Sign On, API and CLI tools
      + EPEL and Salt packages
      + RHEL native clients
      + RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations
      + Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager
        as Salt minions
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE?s distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version Revision History

  * November 5th, 2020: 4.1.3 release

  * October 1st, 2020: 4.1.2 release

  * August 28th, 2020: 4.1.1 release

  * July 21st, 2020: 4.1.0 release

About SUSE Manager 4.1

SUSE Manager 4.1, the latest release from SUSE, delivers a best-in-class open
source infrastructure management and automation solution that lowers costs,
identifies risk, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.1
delivers the following new or enhanced capabilities to your Edge, Cloud &
Datacenter environments:

Expanded Operating System support and Cluster integration and management

Simplify management and regain control with SUSE Manager 4.1

You can now get even better control of complex heterogeneous IT environments
with extended target operating system support now including: Red Hat Enterprise
Linux 8 (including modular repositories flattening), CentOS 6, 7 and 8, Oracle
Linux 6, 7 and 8, openSUSE Leap 15.2 and Ubuntu 20.04 LTS.

Only SUSE Manager combines software content lifecycle management (CLM) with a
centrally staged repository, class leading configuration management and
automation, plus optional state of the art monitoring capabilities, for all
major Linux distributions.

You can also significantly simplify your patch and configuration management
stacks by standardizing on SUSE Manager across all Linux distributions and
deployment modes (physical, virtual, and public cloud).

Simplify cluster operations with the first cluster-aware version of SUSE
Manager

As you modernize your IT landscape and make use of Software Defined
Infrastructure stacks based on technologies like Kubernetes and Ceph, your
focus of managing the IT infrastructure has to move from managing individual
Linux servers and VMs to managing infrastructure clusters. Multiple cluster
types will be supported in coming releases, with SUSE Manager 4.1 initially
providing support for managing SUSE CaaS Platform clusters.

Lower costs and streamline management with enhanced usability, virtual machine
management and monitoring capabilities

Operations and DevOps staff can now streamline the setup, daily use and
maintenance of SUSE Manager simplifying and automating routine tasks; such as
the mass on boarding of rootless or password-less clients.

With enhanced virtual machine management capabilities the management of highly
distributed virtualized server infrastructures becomes a lot easier. If you run
virtual machine environments at the edge such as telco, manufacturing or
retail, SUSE Manager now enables the efficient management of tens to thousands
of VMs across an entire estate.

If you run SAP workloads virtualized on SLES, with SUSE Manager 4.1 you can
eliminate complexity and simplify deployments by reducing the number of vendors
in your software defined infrastructure management stack (OS, virtualization
and virtualization management and monitoring all come from SUSE). SUSE Manager
also significantly simplifies your environments where the frequent setup of
virtualized test deployments of SAP workloads are required.

Need to virtualize Kubernetes to best leverage your powerful hardware? You can
accelerate and maximize implementations by gaining higher scale from your
container platform while simplifying deployments (no need for separate VMware
layer, high automation from bare metal deployment to VMs to cluster). You can
now also use virtualization to securely separate multiple clusters/tenants in a
Kubernetes environment.

To keep your infrastructure safe and healthy SUSE Manager 4.1 expands the new
Prometheus/Grafana-based monitoring stack introduced with version SUSE Manager
4 with enhanced support for large federated and non-routable network
environments. Allowing your Linux systems and devices to be monitored wherever
they reside and irrespective of how they are network connected.

Scale SUSE Manager 4.1 to tens of thousands of client devices without
compromise

With ever growing Linux footprints you need your management tool be able to
scale to tens of thousands of Linux devices and beyond. With the performance
and scalability enhancements in 4.1, your SUSE Manager deployment can easily
scale in your environment in any direction, while providing better performance
than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your
business needs, with the peace of mind that SUSE Manager will be able to manage
your large estate, and the cost implications of growing their footprint will
not be exaggeratedly high.

With the ?SUSE Manager Hub ? Tech Preview? multi-server architecture we are
gradually introducing a framework that allows for scaling SUSE Manager
deployments to the hundreds of thousands of nodes with tiered management
servers.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 4.1 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the SUSE Manager discussion forum

Installation

Requirements

SUSE Manager Server 4.1 is provided through SUSE Customer Center and can be
installed with the unified installer for SUSE Linux
Enterprise 15 Service Pack 2. It is available for x86-64, POWER (ppc64le), or
IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system
roles are used to customize the installation for each product. The unified
installer provides an easier way to install the operating system and the SUSE
Manager Server application together with specific pre-configured system
settings. This addresses the need for enterprise deployments to standardize on
the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database
is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 is supported.

For SUSE Manager 3.2 Server users, the supported upgrade method is to migrate
the data from your SUSE Manager Server 3.2 installation to SUSE Manager
Server 4.1 and perform a clean installation. If your SUSE Manager Server 3.2
uses an older version of PostgreSQL, you will need to upgrade to PostgreSQL 10
before performing the migration.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://
documentation.suse.com/suma/4.1/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager
Server 4.1 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE
sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand
clients, when deployed according to the instructions in the Installation Guide
on https://documentation.suse.com/suma/4.1/. Scaling beyond that number needs
special consideration.

For more information and instructions on large-scale deployments, see the Large
Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales
engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific
configuration and tuning for each use case is needed. Please get in touch with
SUSE Consulting for the details.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red
Hat Enterprise Linux, come with a very large number of packages that may cause
taskomatic to run out of memory. If this occurs, we recommended that you
increase the maximum amount of memory allowed for taskomatic by editing /etc/
rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If
taskomatic continues to run out of memory, you can increase the number further.
However, keep in mind that this will affect the total memory required by SUSE
Manager Server.

Major changes since SUSE Manager Server 4.1 GA

Features and changes

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592. You
should patch all your SUSE Manager Server, Proxy, Retail Branch Server and Salt
minions as soon as possible.

Web UI themes

SUSE Manager now supports themes. Users can select what theme they want to use
in the User Preferences page in the Web UI. Initially, we are providing three
themes:

  * SUSE Manager light: default light, low-contrast theme

  * SUSE Manager dark: high-contrast theme based on the light theme

  * Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing
which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light

Grafana 7.1.5

Grafana Server has been updated to version 7.1.5 in the Client Tools channels.

Main changes:

  * Flux and InfluxDB 2.x support in the Influx Datasource

  * Azure Monitor Datasource improvements

  * Deep linking for Google Cloud Monitoring (former Google Stackdriver)

  * Query history search

  * Unification of Explore modes

For more details see the upstream documentation.

Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port
no matter how many exporters are running on the client, is now available for
Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management
will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu
20.04 LTS channels without cloning them, as described in the documentation. The
known issue present in previous releases of SUSE Manager 4.1 has been fixed.

Japanese translation

The SUSE Manager Web UI and command-line tools are now available in Japanese
thanks to the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order
to allow users to select Japanese in their User Preferences in the Web UI, add
the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Bootstrap repositories no longer flushed by default

In SUSE Manager 4.1 GA, we automated the generation of bootstrap repositories
on channel sync. Bootstrap repositories were not only autogenerated but also
autoflushed, which caused disappearing packages problems to some customers (e.
g. in the case of multi-architecture bootstrap repositories).

Starting with SUSE Manager 4.1.3, bootstrap repositories are not flushed by
default. If you want to save some disk space, you can manually flush them using
mgr-create-bootstrap-repo --flush.

Version 4.1.2

SUSE Manager Hub

XML-RPC API is stable

Starting with SUSE Manager 4.1.2, the SUSE Manager Hub architecture is declared
stable. This means we do not expect large changes in the feature, how it
operates, or its API.

The Hub is the SUSE Manager multi-server architecture, which can be used in
environments with a large number (more than a few tens of thousands) of clients
per server, poorly-connected sites requiring full management, or multitenancy,
among others. With SUSE Manager 4.1.2, multiple peripheral servers (other SUSE
Manager Servers) can be managed from a single Hub Server, as a supported
feature.

You will find all the documentation and details about the Hub architecture in
the Large Deployments Guide.

Formula for peripheral server management (Technology Preview)

As the Hub XML-RPC API is declared stable, we are introducing Salt formulas to
make management of peripheral SUSE Manager Servers easier. The formulas allow
you to have consistent entities in each peripheral server, including:

  * Organizations, users and system groups

  * User access to system groups and software channels

To use the formula to manage peripheral servers, run zypper in
uyuni-config-formula on the SUSE Manager Hub Server, and enable the formula in
the WebUI.

Monitoring

Reverse proxy for SLE 12

The golang-github-QubitProducts-exporter_exporter reverse proxy exporter is now
also available for SUSE Linux Enterprise 12. More operating systems will follow
in a future release of SUSE Manager 4.1.

Node Exporter updated

The Prometheus Node Exporter has been updated to version 1.0.1 on SLE 12 and
15. Other operating systems will receive the update in a future release of SUSE
Manager 4.1.

Version 4.1.1

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions
(like package installation or upgrade) to occur during a scheduled one-time or
recurrent maintenance window period on selected systems. These actions cannot
be executed outside of the specified period.

To define maintenance windows, iCalendar data is used, which can be exported
from your favorite calendaring or ITSM tool: Microsoft Outlook, Google
Calendar, ServiceNow, etc. If you need help integrating your ITSM tool with
SUSE Manager, please contact SUSE Consulting.

For more information about maintenance windows, check the Administration Guide

Monitoring: multiple exporters with a single exposed port

Prometheus fetches metrics using a pull mechanism, so the Prometheus Server
must be able to establish TCP connections to each exporter on the monitored
clients, each on a different port on the client.

The new reverse proxy for monitoring feature simplifies your firewall
configuration: by installing the reverse proxy (package
golang-github-QubitProducts-exporter_exporter) on the clients, you can get all
the metrics for all the exporters on a single TCP port.

Check the Monitoring Guide for information about how to setup.

This feature is initially available only for SUSE Linux Enterprise 15 and
openSUSE Leap 15. Support for other operating system platforms will come in
future releases of SUSE Manager 4.1.

Added new type of "Virtual Host Manager": Nutanix AHV

In SUSE Manager 4.1.1, we have added a new type of Virtual Host Manager in
order to gather virtual machines from Nutanix AHV infrastructure.

Creating VHM to gather virtual instances from the Nutanix AHV will enable the
subscription matcher to match 1-2 virtual machines subscriptions for those
instances that are running on the same virtualization host.

For more information about how to setup this new type, see the new
documentation

Please keep in mind that installation of the virtual-host-gatherer-Nutanix
package is required.

Salt module.run compatibility state

A new mgrcompat.module_run custom compatibility state for Salt is available for
registered systems.

In Salt 2019.2, a new syntax for module.run was introduced. Up until Salt 3000
(the version currently shipped by SUSE Manager), Salt has supported both the
old syntax and the new syntax.

From Salt 3001 on, Salt will no longer support the old syntax. This means any
custom SLS file or "Configuration State Channel" that is using a module.run
state needs to be adapted to the new syntax. This turns even more problematic
when you have minions with different Salt versions (e. g. SLES 11 with Salt
2016.11), because some minions would accept the new syntax but others would
fail with it, so the SLS files would require extra logic to handle the
different Salt versions and configurations.

SUSE Manager will ship Salt 3001 in a future release. In preparation for this
syntax breakage, SUSE has developed the new mgrcompat.module_run compatibility
state. This is a wrapper over module.run which accepts the old syntax and takes
care of tailoring the parameters for the new module.run if necesasary according
to the specific minion version and configuration.

To make your Salt states compatible with all versions of Salt, including Salt
3001 and newer, you only need to change module.run to mgrcompat.module_run in
your SLS files and "Configuration State Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would look like this once adapted:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

All users are encouraged to migrate their Salt states. Once Salt 3001 comes to
SUSE Manager, not migrated states will simply fail.

SLE15 and python3-M2Crypto

If you still have SLE15 but no LTSS subscription, you will see errors when
generating the bootstrap repositories, as python3-M2Crypto is missing on SLE15
and is only part of SLE15 LTTSS.

However even with the error, the bootstrap repository itself will work and will
provide Salt 2019.2.0 until an LTSS subscription is available.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.3

bind-formula:

  * Temporarily disable dnssec-validation as hotfix for bsc#1177790

grafana-formula:

  * Use variable for product name

  * Add HA/SAP dashboards

  * Add support for system groups in Client Systems dashboard

image-sync-formula:

  * Do not use .gz suffix for default initrd symlink

  * Keep the old symlink "initrd.gz" for compatibility

prometheus-formula:

  * Disable Alertmanager clustering (bsc#1178145)

  * Use variable for product name

prometheus-exporters-formula:

  * Fix empty directory values initialization

  * Add systemd collector as default for node_exporters since otherwise some
    SAP/HA grafana dashboards will be empty

  * Disable reverse proxy on default

pxe-formula:

  * Change default to "initrd" without .gz suffix

py26-compat-salt:

  * Properly validate eauth credentials and tokens on SSH calls made by Salt
    API (bsc#1178319, bsc#1178362, bsc#1178361) (CVE-2020-25592,
    CVE-2020-17490, CVE-2020-16846)

python-susemanager-retail:

  * Use name "initrd" without .gz suffix

salt-netapi-client:

  * Version 0.18.0. See: https://github.com/SUSE/salt-netapi-client/releases/
    tag/v0.18.0

saltboot-formula:

  * Allow setting terminal kernel parameters in saltboot formula

spacecmd:

  * Python3 fixes for errata in spacecmd (bsc#1169664)

  * Added support for i18n of user-facing strings

  * Python3 fix for sorted usage (bsc#1167907)

spacewalk-admin:

  * Show info message when applying schema upgrade

spacewalk-backend:

  * Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-branding:

  * Enable to switch to multiple webUI theme

spacewalk-client-tools:

  * Remove RH references in Python/Ruby localization and use the product name
    instead

spacewalk-java:

  * Remove expiration date from ics files (bsc#1177892)

  * Execute Salt SSH actions in parallel (bsc#1173199)

  * Enable to switch to multiple webUI theme

  * Fix action chain resuming when patches updating salt-minion don?t cause
    service to be restarted (bsc#1144447)

  * Renaming autoinstall distro didn?t change the name of the Cobbler distro (
    bsc#1175876)

  * Fix the links for downloading the binaries in the package details UI (bsc#
    1176603)

  * Allow nightly ISS sync to also cover custom channels

  * Fix: reinspecting a container image (bsc#1177092)

  * Add power management xmlrpc api

  * Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (
    bsc#1176159)

  * Log exception trace on fatal Taskomatic startup error

  * Fix max password length check at user creation (bsc#1176765)

  * Notify about missing libvirt or hypervisor on virtual host

  * Redesign maintenance schedule systems table to use paginated data from
    server

  * Fix SP migration after dry run for cloned channels (bsc#1176307)

  * Filter not available optional channels out

  * Use correct eauth module and credentials for Salt SSH calls (bsc#1178319)

spacewalk-search:

  * Change default maximum memory to 512 MB, preventing OutOfMemoryError

spacewalk-web:

  * Enable to switch to multiple webUI theme

  * Only refresh the virtual storage list when pool events are received

  * Drop node-fetch to fix CVE-2020-15168

  * Notify about missing libvirt or hypervisor on virtual host

  * Redesign maintenance schedule systems table to use paginated data from
    server

susemanager:

  * Create bootstrap repo should not flush by default (bsc#1175843)

  * Improve detection of base channels for products (bsc#1177478)

  * Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the
    bootstrap definitions as some packages from LTSS are required (bsc#1177524)

  * Fix logrotate config

  * Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629)

susemanager-build-keys:

  * Replace "SuSE" user-facing references with "SUSE"

susemanager-doc-indexes:

  * Documented zypper autorefresh feature in Upgrade Guide

  * Update SP Migration chapter in Client Configuration Guide

  * In Client Configuration and Upgrade Guide, add link to valid autoyast
    upgrade settings

  * Move client upgrade related sections from Reference and Upgrade Guide to
    Client Configuration Guide

  * Updated Requirements chapter in Installation Guide.

  * Edits OpenSCAP section in Admin Guide (bsc#1176413)

  * Updated Terminology section in Salt Guide

  * Added on-demand images content to Install Guide

  * New book Quick Start - SAP

  * Adds webUI locale choice to Ref & Admin Guides

  * Adds new System Types section to Client Cfg

  * Updates supported client matrix in Install Guide

  * Add note about log file to Upgrade Guide

  * Removes outdated content from Activation Keys section (bsc#1177396)

  * Adds note about PAM Auth during migration (bsc#1177730)

  * Fixed broken table in admin guide

susemanager-docs_en:

  * Documented zypper autorefresh feature in Upgrade Guide

  * Update SP Migration chapter in Client Configuration Guide

  * In Client Configuration and Upgrade Guide, add link to valid autoyast
    upgrade settings

  * Move client upgrade related sections from Reference and Upgrade Guide to
    Client Configuration Guide

  * Updated Requirements chapter in Installation Guide.

  * Edits OpenSCAP section in Admin Guide (bsc#1176413)

  * Updated Terminology section in Salt Guide

  * Added on-demand images content to Install Guide

  * New book Quick Start - SAP

  * Adds webUI locale choice to Ref & Admin Guides

  * Adds new System Types section to Client Cfg

  * Updates supported client matrix in Install Guide

  * Add note about log file to Upgrade Guide

  * Removes outdated content from Activation Keys section (bsc#1177396)

  * Adds note about PAM Auth during migration (bsc#1177730)

  * Fixed broken table in admin guide

susemanager-schema:

  * Execute Salt SSH actions in parallel (bsc#1173199)

  * Show info message when applying schema upgrade

  * Add web_theme user preferences column (bsc#1178204)

susemanager-sls:

  * Fix action chain resuming when patches updating salt-minion don?t cause
    service to be restarted (bsc#1144447)

  * Make grub2 autoinstall kernel path relative to the boot partition root (bsc
    #1175876)

  * Move channel token information from sources.list to auth.conf on Debian 10
    and Ubuntu 18 and newer

  * Add support for activation keys on server configuration Salt modules

  * Ensure the yum/dnf plugins are enabled

  * Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (
    bsc#1176159)

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  * Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  * Update to 1.0.1

      + Changes to build specification + Modify spec: update golang version to
        1.14 + Remove update tarball script + Add _service file to allow for
        updates via osc service disabledrun

      + Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 +
        [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix
        build tags for collectors #1745 + [BUGFIX] Handle no data from
        powersupplyclass #1747, #1749

  * Update to 1.0.0

      + Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #
        1380 + [BUGFIX] Renamed label state to name on
        node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil
        reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint
        labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 +
        [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in
        cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #
        1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX]
        Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix
        network speed math #1580 + [BUGFIX] collector/systemd: use regexp to
        extract systemd version #1647 + [BUGFIX] Fix initialization in perf
        collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally
        empty lines in meminfo_linux #1671

      + Several enhancements + See https://github.com/prometheus/node_exporter/
        releases/tag/v1.0.0

  * Update to 1.0.0-rc.0

      + The netdev collector CLI argument --collector.netdev.ignored-devices
        was renamed to --collector.netdev.device-blacklist in order to conform
        with the systemd collector. #1279

      + The label named state on node_systemd_service_restart_total metrics was
        changed to name to better describe the metric. #1393

      + Refactoring of the mdadm collector changes several metrics
        node_md_disks_active is removed node_md_disks now has a state label for
        "fail", "spare", "active" disks. node_md_is_active is replaced by
        node_md_state with a state set of "active", "inactive", "recovering",
        "resync".

      + Additional label mountaddr added to NFS device metrics to distinguish
        mounts from the same URL, but different IP addresses. #1417

      + Metrics node_cpu_scaling_frequency_min_hrts and
        node_cpu_scaling_frequency_max_hrts of the cpufreq collector were
        renamed to node_cpu_scaling_frequency_min_hertz and
        node_cpu_scaling_frequency_max_hertz. #1510

      + Collectors that are enabled, but are unable to find data to collect,
        now return 0 for node_scrape_collector_success.

  * Add missing sysconfig file in rpm bsc#1151557

hibernate5:

  * Address CVE-2019-14900 (bsc#1172079)

  * Add patch

hub-xmlrpc-api:

  * One configuration flag was renamed for clarity

  * Added USE_SSL flag to https insted of plain http

  * Updated docs

  * Bugfixes

  * Changed configuration to plain variables

  * Bugfixes

patterns-suse-manager:

  * Change PostgreSQL requirements to require at least PostgreSQL 12

prometheus-exporters-formula:

  * Bugfix: Handle <NoneType> arguments (bsc#1176844)

salt-netapi-client:

  * Fix text resource usage

spacecmd:

  * Fix softwarechannel_listlatestpackages throwing error on empty channels (
    bsc#1175889)

spacewalk-backend:

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Only regenerate bootstrap repositories when linking new packages (bsc#
    1174636)

  * Support installer_updates flag in ISS

  * Remove duplicate languages and update translation strings

spacewalk-branding:

  * Re-enable language picker for user creation

spacewalk-certs-tools:

  * Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  * Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  * Remove duplicated languages and update translation strings

spacewalk-java:

  * Force disable SPA for non-navigation links (bsc#1175512)

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Pass the log level parameter to matcher

  * Add language picker to user preferences and user creation

  * Detect client organization from connected proxy (bsc#1175545)

  * Fix EntityExistsException on migration from traditional to salt minion via
    proxy (bsc#1175556)

  * Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529
    )

  * Add java.allow_adding_patches_via_api to allow adding errata to vendor
    channels

  * Fix alignment on icon on entitlement page

  * Support installer update channels during autoinstallation

  * Filter machines not in maintenance mode for remote commands

  * Reset the server path on minion registration (bsc#1174254)

  * Data null means the sync never ran yet (bsc#1174357)

spacewalk-utils:

  * Avoid exceptions on the logs when looking for channels that do not exist (
    bsc#1175529)

spacewalk-web:

  * Fix the jQuery selector in SP Migration page (bsc#1176500)

  * Fix JavaScript error caused by SPA navigation event with empty event field
    (bsc#1176503)

  * Force disable SPA for non-navigation links (bsc#1175512)

  * Add translation support for react t() function

  * Fix striping on react tables

  * Update translation strings

subscription-matcher:

  * Allow matching any guest products for Unlimited Virtualization
    subscriptions (bsc#1165287)

  * Only report confirmed matches in the output.json

  * Expose the log level setting to the command line

  * In the subscriptions CSV output, print the active subscriptions first

susemanager:

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Support installer update channels during autoinstallation

  * Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS bootstrap
    problems (bsc#1176913)

susemanager-build-keys: - Trust PackageHub key (bsc#1175103)

susemanager-doc-indexes:

  * Remove old certs before renaming in Administration Guide (bsc#1171836)

  * Reference example scripts for SP Mass Migration in Upgrade Guide

  * Move PoS Terminal Requirements to the Requirements sections in the Retail
    Guide

  * Updated SP Mass Migration section in Upgrade Guide for clarity

  * Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  * New section Upgrade Uyuni Proxy in Upgrade Guide

  * New section Upgrade Uyuni Server in Upgrade Guide

  * Add GPG information about Oracle clients to SUMA (bsc#1173520)

  * Add hostname admonition to public cloud sections (bsc#1173621)

  * Add error wording to Taskomatic troubleshooting (bsc#1172263)

  * Add required URLs to Installation Guide

  * Replaces removed instructions for adding channels on older Ubuntu clients
    using the CLI in SUMA (bsc#1174025)

  * Added more concepts to Client Cfg

  * Documented maintenance windows feature in Admin Guide

  * Some reorganization of Client Cfg & Admin Guides

  * Updates storage device requirements in Install Guide

  * Adds new section for SUMA formulas in the Salt Guide

  * Updates storage device requirements in Install Guide

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * Add note about CentOS upstream repository (bsc#1173603)

  * Add firewall troubleshooting to Admin Guide

  * Fix Azure command in Install Guide (thanks Rahul-CTS)

  * Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  * Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  * Adds Uyuni Config Modules to the Salt Guide as tech preview

  * Fix contrast problem for visited links (bsc#1176862)

susemanager-docs_en:

  * Remove old certs before renaming in Administration Guide (bsc#1171836)

  * Reference example scripts for SP Mass Migration in Upgrade Guide

  * Move PoS Terminal Requirements to the Requirements sections in the Retail
    Guide

  * Updated SP Mass Migration section in Upgrade Guide for clarity

  * Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  * New section Upgrade Uyuni Proxy in Upgrade Guide

  * New section Upgrade Uyuni Server in Upgrade Guide

  * Add GPG information about Oracle clients to SUMA (bsc#1173520)

  * Add hostname admonition to public cloud sections (bsc#1173621)

  * Add error wording to Taskomatic troubleshooting (bsc#1172263)

  * Add required URLs to Installation Guide

  * Replaces removed instructions for adding channels on older Ubuntu clients
    using the CLI in SUMA (bsc#1174025)

  * Added more concepts to Client Cfg

  * Documented maintenance windows feature in Admin Guide

  * Some reorganization of Client Cfg & Admin Guides

  * Updates storage device requirements in Install Guide

  * Adds new section for SUMA formulas in the Salt Guide

  * Updates storage device requirements in Install Guide

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * Add note about CentOS upstream repository (bsc#1173603)

  * Add firewall troubleshooting to Admin Guide

  * Fix Azure command in Install Guide (thanks Rahul-CTS)

  * Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  * Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  * Adds Uyuni Config Modules to the Salt Guide as tech preview

  * Fix contrast problem for visited links (bsc#1176862)

susemanager-schema:

  * Support installer update channels during autoinstallation

  * Prevent a deadlock error involving delete_server and update_needed_cache (
    bsc#1173073)

susemanager-sls:

  * Add uyuni-config-modules subpackage with Salt modules to configure Servers

  * Fix reporting of missing products in product.all_installed (bsc#1165829)

Version 4.1.1

cobbler:

  * More old modules naming fixes (bsc#1169553)

image-sync-formula:

  * Allow image-sync state on regular minion. Image sync state requires
    branch-network pillars to get the directory where to sync images. Use
    default /srv/saltboot if that pillar is missing so image-sync can be
    applied on non branch minions as well.

mgr-libmod:

  * Remove unnecessary array wrap in 'list_modules' response object

mgr-osad:

  * Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#
    1174405)

openvpn-formula:

  * Add hint that ssl certs must be on system (bsc#1172279)

patterns-suse-manager:

  * Add Recommends for golang-github-QubitProducts-exporter_exporter

prometheus-exporters-formula:

  * Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)

  * Add support for exporters proxy (exporter_exporter)

pxe-default-image-sle15:

  * Rollback the workaround for bsc#1172807, as dracut is now fixed

saltboot-formula:

  * Better fix for rounding errors (bsc#1136857)

spacecmd:

  * Fix softwarechannel update for vendor channels (bsc#1172709)

  * Fix escaping of package names (bsc#1171281)

spacewalk-backend:

  * Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  * Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  * Adds basic functionality for gpg check

  * Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-branding:

  * Implement Maintenance Windows

  * Fix typo on spacewalk-branding license

spacewalk-certs-tools:

  * Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

  * Fix centos detection (bsc#1173584)

spacewalk-java:

  * use media.1/products from media when not specified different (bsc#1175558)

  * Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  * Fix error when rolling back a system to a snapshot (bsc#1173997)

  * Implement maintenance windows backend

  * Add check for maintainence window during executing recurring actions

  * Implement maintenance windows in struts

  * XMLRPC: Assign/retract maintenance schedule to/from systems

  * Fix softwarechannel update for vendor channels (bsc#1172709)

  * Avoid deadlock when syncing channels and registering minions at the same
    time (bsc#1173566)

  * Change system list header text to something better (bsc#1173982)

  * Set CPU and memory info for virtual instances (bsc#1170244)

  * Add virtual network Start, Stop and Delete actions

  * Add virtual network list page

  * Fix httpcomponents and gson jar symlinks (bsc#1174229)

  * Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

  * Provide comps.xml and modules.yaml when using onlinerepo for kickstart

  * Refresh virtualization pages only on events

  * Fix up2date detection on RH8 when salt-minion is used for registration

  * Improve performance of the System Groups page with many clients (bsc#
    1172839)

  * Include number of non-patch package updates to non-critical update counts
    in system group pages (bsc#1170468)

  * Bump XMLRPC API version number to distinguish from Spacewalk 2.10

  * Cluster UI: return to overview page after scheduling actions

  * Fix NPE on auto installation when no kernel options are given (bsc#1173932)

  * Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)

  * Adapt expectations for jobs return events after switching Salt states to
    use 'mgrcompat.module_run' state.

spacewalk-utils:

  * Add aarch64 for openSUSE Leap 15.1 and 15.2

spacewalk-web:

  * Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  * Fix JS linting errors/warnings

  * Enable Nutanix AHV virtual host gatherer.

  * Web UI: Implement managing maintenance schedules and calendars

  * Warn when a system is in multiple groups that configure the same formula in
    the system formula?s UI (bsc#1173554)

  * Add virtual network start, stop and delete actions

  * Add virtual network list page

  * Fix internal server error when creating module filters in CLM (bsc#1174325)

  * Fix VM creation page when there is no volume in the default storage pool

  * Refresh virtualization pages only on events

  * Product list in the Wizard doesn?t show SLE products first (bsc#1173522)

  * Cluster UI: return to overview page after scheduling actions

  * Changes in the logic to update the tick icon.

  * For the postgres localhost:5432 case, use the

  * Fix internal server errors by returning 0 instead of dying

  * Add missing dependency to spacewalk-base-minimal (bsc#678126)

  * Change kickstart to autoinstallation in navigation on pxt pages

  * Debranding

suseRegisterInfo:

  * Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

susemanager:

  * Migrate all occurrences of kickstart to autoinstall in cobbler database (
    bsc#1169780)

  * Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

  * Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
    required to get python3-M2crypto (bsc#1174167)

susemanager-doc-indexes:

  * Ubuntu clients using the CLI in SUMA (bsc#1174025)

  * Left navigation structure cleaned up

  * Fixed several broken xrefs

  * Added hostname admonition for public cloud sections

  * Clarified Branch Proxy configuration instructions

  * Fixed index page pdf links, urls were 1 step to deep

  * SUSECOM 2020 branding update

  * PDF 2020 branding update

  * WEBUI 2020 branding update

  * Added maintenance window documentation

  * Added SLE client chapter

  * Added 508 compliance

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Added docs for nutanix VHM

susemanager-docs_en:

  * Ubuntu clients using the CLI in SUMA (bsc#1174025)

  * Left navigation structure cleaned up

  * Fixed several broken xrefs

  * Added hostname admonition for public cloud sections

  * Clarified Branch Proxy configuration instructions

  * Fixed index page pdf links, urls were 1 step to deep

  * SUSECOM 2020 branding update

  * PDF 2020 branding update

  * WEBUI 2020 branding update

  * Added maintenance window documentation

  * Added SLE client chapter

  * Added 508 compliance

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Added docs for nutanix VHM

susemanager-frontend-libs:

  * Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

  * Add new states and types for virtual instances in order to support Nutanix
    AHV.

  * Implement Maintenance Windows

  * Add virtual network state change action

  * Internal fixes to avoid problems with the idempotency tests

susemanager-sls:

  * Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)

  * Fix: supply a dnf base when dealing w/repos (bsc#1172504)

  * Fix: autorefresh in repos is zypper-only

  * Add virtual network state change state to handle start, stop and delete

  * Add virtual network state change state to handle start and stop

  * Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)

  * Force a refresh after deleting a virtual storage volume

  * Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions
    (bsc#1173169)

  * Require PyYAML version >= 5.1

  * Log out of Docker registries after image build (bsc#1165572)

  * Prevent "module.run" deprecation warnings by using custom mgrcompat module

susemanager-sync-data:

  * Remove version from centos and oracle linux identifier (bsc#1173584)

uyuni-common-libs:

  * Fix issues importing RPM packages with long RPM headers (bsc#1174965)

virtual-host-gatherer:

  * Add new gatherer module for Nutanix AHV.

virtualization-host-formula:

  * Ensure kernel-default and libvirt-python3 are installed

  * Set bridge network as default

  * Fix conditionals (bsc#1175791)

yomi-formula:

  * Update to version 0.0.1+git.1595952633.b300be2:

      + pillar: install always kernel-default

      + chroot: python3-base is now a capability

      + Move systemctl calls inside chroot

      + Network: initial work for network declaration

      + MicroOS: Remove tmp subvolume

      + Update format following the new standard

      + Fix __mount_device wrapper

Major changes since SUSE Manager Server 4.0

New SUSE branding

The SUSE Manager 4.1 WebUI and documentation have been refreshed with the new
SUSE branding guidelines, as published in the SUSE Brand website and SUSE EOS
Design System.

The new theme is lighter and gives a bit more of free space between elements
for better readability.

New products enabled

  * SUSE Linux Enterprise Real Time 12 SP5

  * SUSE Linux Enterprise 15 SP2 family

  * openSUSE Leap 15.2

  * MicroFocus Open Enterprise Server 2018 SP2

  * CentOS 6, 7, and 8

  * Oracle Linux 6, 7 and 8

  * Ubuntu 20.04 LTS

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in
the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete
your existing channels, synchronize the channel information from SCC, and
reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows
in the product tree in the WebUI.

Ubuntu 20.04 LTS

The Ubuntu 20.04 LTS product is now managed as a vendor channel and repository
URLs (but not packages or metadata) come from SCC directly, so there is no need
to use spacewalk-common-channels or manually add the repository URLs.

Ubuntu 18.04 LTS and 16.04 LTS still require manually adding the repository
URLs via the WebUI or spacewalk-common-channels.

Cluster Management

As you modernize your IT landscape and make use of Software Defined
Infrastructure stacks based on technologies like Kubernetes and Ceph, your
focus of managing the IT infrastructure has to move from managing individual
Linux servers and VMs to managing infrastructure clusters. Multiple cluster
types will be supported in coming releases, with SUSE Manager 4.1 initially
providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecture: redundant servers,
scale out, high-availability, etc where you deploy different kinds of clusters,
such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a
whole piece of infrastructure instead of as discrete nodes puts you in charge.

SUSE Manager 4.1 implements cluster management of SUSE CaaS Platform 4.x
clusters. SUSE Manager works hand-in-hand with CaaS Platform to make sure that
all cluster operations are issued properly.

The following actions are currently supported:

  * Register an existing cluster to SUSE Manager

  * Add or remove nodes to the cluster

  * Promote SLES system to managing node

  * Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an
upcoming version of SUSE Manager.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified
schedule. You can apply recurring action to individual clients, to all clients
in a system group, or to an entire organization. The Recurring Actions section
in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent
releases of SUSE Manager, including maintenance windows and patch automation.

Monitoring enhancements

Federation

The new version of the Prometheus formula allows configuring federation and
pulling relevant metrics from Prometheus instances to provide a global
monitoring view. This configuration is useful for a number of cases, such as:

  * Remote sites, each one with its own Prometheus server

  * Collecting monitoring data from multiple applications, each one of them
    providing its own Prometheus server (e. g. multiple SUSE products: SUSE
    Manager, CaaSP, SES, HA)

The combined data can then be visualized using Grafana.

Note that suitable recording rules have to be configured on the Prometheus
instances (for example at CaaSP Prometheus instances). For more information
about Prometheus federation, check the official documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus
instances themselves (meta-monitoring) and the availability of configured
targets. These rules can be changed in the WebUI.

CaaSP dashboards

Specific Grafana dashboards for SUSE Container as a Service Platform have been
integrated and can be deployed via the WebUI.

Updated Grafana and Prometheus

Grafana has been updated to version 7.0.3 and Prometheus to version 2.18.

Updated Node Exporter

The Prometheus Node Exporter has been updated to version 0.18.1.

All the changes can be found in the changelog for the package, or upstream
(changelog for 0.18.0 and 0.18.1).

The new version includes some breaking changes:

  * Renamed interface label to device in netclass collector for consistency
    with other network metrics

  * The cpufreq metrics now separate the cpufreq and scaling data based on what
    the driver provides

  * The labels for the network_up metric have changed

  * Bonding collector now uses mii_status instead of operstatus

  * Several systemd metrics have been turned off by default to improve
    performance. These include unit_tasks_current, unit_tasks_max,
    service_restart_total, and unit_start_time_seconds

  * The systemd collector blacklist now includes automount, device, mount, and
    slice units by default

Virtual storage pool support

Virtual machine disks are stored in storage pools. Previously, SUSE Manager
could only list storage pools.

With SUSE Manager 4.1, it is now possible to create, edit, start, stop,
refresh, and delete storage pools. This is available from the WebUI, or through
Salt states.

Performance improvements

Reposync

Repository syncing has been optimized to perform in less time with respect to
past versions. The performance improvement could be up to 6 times faster,
depending on the hardware setup (specifically CPUs and network bandwidth) and
number of packages.

Content Lifecycle Magement

Content Lifecycle Management has been optimized, with basic operations (build,
promotion) up to two orders of magnitude faster and a quicker UI loading in
installations with many channels and organizations.

Prometheus Service Discovery

Thanks to a number of enhancements and optimizations, Prometheus Service
Discovery is now 10 times faster, on average, than it was in SUSE Manager 4.0.

Usability

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as
well as the required packages for registering Salt or traditional clients
during bootstrapping.

In SUSE Manager 4.0 and earlier, bootstrap repository creation was a manual
step, using the mgr-create-bootstrap-repo tool.

In SUSE Manager 4.1, bootstrap repositories are automatically created and
regenerated on the SUSE Manager Server after a product is synchronized (and all
mandatory channels have been fully mirrored).

More details, including how to revert to manual invocation, are available from
the Client Configuration Guide.

Automatic database schema migrations and fail-over mechanism

Database schema upgrades are now applied automatically during services startup,
so there is no need to call spacewalk-schema-upgrade manually. To prevent SUSE
Manager services from starting if the schema upgrade has not successfully
completed, a fail-over security mechanism has been implemented.

In case the database migration has not finished, or if it finishes with an
error:

  * The spacewalk-service start command fails, and information is provided
    about the error.

  * No services will start, including the Apache service. This means the WebUI
    will also be unavailable.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual
acceptance, and sometimes even manual installation, of the third-party keys for
products available from the product tree. Alternatively, an option to not
verify the GPG key signature was there.

In addition to SUSE?s, SUSE Manager 4.1 now includes the GPG keys used to sign
packages and/or metadata by other vendors whose products are available in the
product tree in the WebUI:

  * openSUSE

  * CentOS

  * Oracle Linux

  * Ubuntu

  * MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature
verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still
required for security reasons.

Onboarding of clients with SSH keys

In SUSE Manager 4.0, password authentication was the only authentication type
available to bootstrap clients from the Server.

SUSE Manager 4.1 introduces a new SSH private key authentication method,
including use of a passphrase on the private key. This is specially useful on
the public cloud, where images prefer to authenticate with SSH instead of user
and password.

To protect your security, the private key is only stored on the SUSE Manager
Server during the bootstrap procedure and removed immediately after
bootstrapping is complete, therefore the private key must be provided for each
bootstrap.

This feature is available in the WebUI for Salt clients.

From the API, the new method bootstrapWithPrivateSshKey in the namespace system
is documented in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase,
MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)

Service Pack migration: remember settings

A common source of errors in Service Pack Migrations is the human factor: a
complex migration is carefully crafted, dry-run to a success, only to
mysteriously fail in production. More often than not, the reason for this is
when re-creating the migration for production, some step was forgotten.

In SUSE Manager 4.1, the Service Pack Migration feature has gained memory: you
can now re-run successful dry-runs. This is especially useful when you have
configured a complex migration, tested it successfully, and would like to make
sure it runs in production with exactly the same settings it was designed to
run with. To do this, go to the System Event History of the Dry-run action.
There is a button "Run migration" which lets you execute the Service Package
Migration.

Subscription warning

SUSE Manager requires an active subscription to connect to the SUSE Customer
Center and download content and data.

We have now added a check in the Products page that will show a warning when
the subscription is not available for one of these reasons:

  * Subscription was not added

  * Subscription was disabled

  * Subscription expired

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with
system type "Proxy".

Improved sync status visibility

In the product page, a new sync status icon has been added to convey the right
information.

When a channel contains root and child products, separate feedback is provided
for each product, to make sure a synchornization failure in either the root
product, or a child product, will be immediately noticed.

Single Page Application UI (SPA)

In an effort to provide our WebUI users with a smoother navigation, we have
implemented large parts of the user interface as a single page application.

This enhancement was started in SUSE Manager 4.0 as an opt-in feature and now
becomes the default in SUSE Manager 4.1.

RHEL 8 enhancements

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS, and Oracle Linux 8 appstreams can now be mixed and
converted to flat repositories using a new type of CLM filter.

In order to make this feature easier to use, in SUSE Manager 4.1:

  * SUSE Manager will show an error and prevent the user from proceeding when
    there are module conflicts, a module is unavailable or modular filters are
    in use but no modular sources have been added (and viceversa)

  * Module names can be picked via a UI widget instead of typing this manually,
    thus avoiding errors

Prometheus exporters

Exporters for RHEL, SLES ES, CentOS, and Oracle Linux 8 are now available:

  * Node exporter: hardware and operating system metrics

  * Apache exporter: Apache HTTP server metrics

  * PostgreSQL exporter: PostgreSQL database metrics

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is
supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is
not feasible, it is now possible to use a Retail Branch Server running in a
remote datacenter or public cloud.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting
EFI terminals (systems) using HTTP in addition to TFTP.

Custom headers for reposync

Reposync can now send additional custom HTTP headers configured in the /etc/rhn
/spacewalk-repo-sync/extra_headers.conf file.

This new feature serves a number of special use cases, such as feeding special
data to network proxies, bypassing MFA or informing traffic inspection devices
your data is secure to avoid wasting resources inspecting e. g. large RPMs or
containers.

Details are available in the Reference Guide.

New documentation

Two new books have been added to the SUSE Manager 4.1 documentation:

  * Large Deployments Guide. Everything related to architecture and
    configuration for large (thousands of clients) deployments is contained in
    this guide. It contains all the documentation for the SUSE Manager Hub
    component. Some parts of the Salt guide that dealt with parameter tuning
    for large deployments have now been moved here too.

  * Public Cloud QuickStart Guide. This new guide shows you the fastest way to
    get SUSE Manager up and running in a public cloud. It includes instructions
    for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

  * A new section on how to configure Salt for GitFS to achieve GitOps has now
    been added to the Salt Guide

  * In-place automatic upgrade of SUSE Linux Enterprise clients is now
    documented, with a sample AutoYaST profile.

  * Example SSO implementation with Keycloak

  * Lots of revised and updated content across all guides

OpenVPN formula

As part of SUSE?s Home Office Workplace initiative in response to the crisis
caused by the COVID-19, the SUSE Manager team has created a formula with forms
to provision an OpenVPN Server node and manage client certificates from SUSE
Manager.

For more details, see the SUSE Home Office Workplace blog, documentation and
webinar.

spacewalk-utils

In SUSE Manager 4.0 and earlier, the spacewalk-utils package contained a mix of
L3 and L1 supported tools.

In SUSE Manager 4.1, we have split spacewalk-utils in two packages, with clear
support levels for each:

  * spacewalk-utils contains only fully-supported (i. e. L3) tools:

      + spacewalk-common-channels: add channels not provided by SCC

      + spacewalk-hostname-rename: change SUSE Manager Server hostname

      + spacewalk-clone-by-date: clone channels by a specific date

      + spacewalk-sync-setup: set up ISS master/slave organization mappings

      + spacewalk-manage-channel-lifecycle: manage channels lifecycle

  * spacewalk-utils-extras contains the tools for which SUSE only provides
    limited (i. e. L1) support:

      + apply_errata: apply errata to systems

      + delete-old-systems-interactive: remove idle systems

      + migrate-system-profile: migrate systems between organizations

      + spacewalk-api: alternative to spacecmd api

      + spacewalk-export: export Spacewalk 2.x and Red Hat Satellite 5 data

      + spacewalk-export-channels: export Spacewalk 2.x and Red Hat Satellite 5
        channels

      + spacewalk-final-archive: archive information from a running Spacewalk
        2.x and Red Hat Satellite 5 server prior to a final shutdown

      + spacewalk-manage-snapshots: report on and purge snapshot entries by age

      + sw-ldap-user-sync: creates new SUSE Manager accounts for users in a
        specific LDAP group and removes SUSE Manager accounts after deleting
        users from a specific LDAP group

      + sw-system-snapshot: list or delete system snapshots from the management
        server

      + taskotop: displays a summary of Taskomatic activities in progress

Tools in spacewalk-utils-extras are valuable but they are so specific, or
require additional customization for each customer, that it is not possible for
SUSE to fully support them. If you were using these scripts in spacewalk-utils
in SUSE Manager 4.0 or earlier, you will need to install spacewalk-utils-extras
in SUSE Manager 4.1.

L1 support is limited to problem determination, which means technical support
designed to provide compatibility information, usage support, on-going
maintenance, information gathering and basic troubleshooting using available
documentation. Should you need more advanced help or customization with a tool
from spacewalk-utils-extras, please contact SUSE Consulting.

Single Sign-On (SSO)

SUSE Manager supports Single Sign-On authentication to the WebUI by
implementing the Security Assertion Markup Language (SAML) 2 protocol. This
feature, introduced in 4.0 as a Technology Preview, is now declared stable and
fully supported.

SUSE Manager must be reconfigured to use the IdP as the source of
authentication and post-login mapped users must be already created before
enabling SSO.

For more on configuring SSO, see the Authentication Methods chapter in the
Administration guide and the Example SSO implemenation with Keycloak.

Technology previews

SUSE Manager Hub XML-RPC API

The SUSE Manager Hub is a new multi-server architecture we are introducing as a
technology preview in SUSE Manager 4.1.

Multiple SUSE Manager Servers can be managed from a single Hub node. The Hub is
a Salt master itself and the managed SUSE Manager Server servers are both a
minion (to the hub) and a master (to their own minions).

SUSE Manager Hub Architecture

The Hub covers a number of use cases, such as:

  * Scalability: when a single SUSE Manager Server will no longer be enough

  * Intermittently connected and bandwidth-limited sites, which can now be
    managed with their own schedule thanks to the Hub

  * Multi-tenancy with individual SUSE Manager Servers. While SUSE Manager is
    multi-organization itself, in some scenarios, an even stronger separation
    is required. The Hub provides a way to manage and aggregate back
    information for all those SUSE Manager Server servers.

The Hub comprises a number of components that we will be releasing and
enhancing during the SUSE Manager 4.1 lifecycle. The first component of the Hub
we are now introducing as a Technology Preview is the Hub XML-RPC API, which
provides an extended version of the SUSE Manager Server XML-RPC API, targeted
for the multi-server case.

Everything related to the Hub is documented in the new Large Deployments Guide.

Yomi

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE
operating systems.

In SUSE Manager 4.1, Yomi can be used as part of provisioning new clients, as
an alternative to AutoYaST. Yomi consists of two components:

  * The Yomi formula, which contains the Salt states and modules required to
    perform the installation.

  * The operating system image, which includes the pre-configured salt-minion
    service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added
in coming releases.

Salt 3000

Salt has been upgraded to upstream version 3000, plus a number of patches,
backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and
Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are
included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto
library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old
syntax of the module.run module.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE
Manager 4.1 will refuse to start until the database migration from PostgreSQL
10 to PostgreSQL 12 has completed successfully.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Dropped features

Unpublished patches

The Unpublished Patches feature has been dropped in SUSE Manager 4.1.0.

This was a very old feature which originated more than 15 years ago when
Spacewalk was used internally by vendors to manage patches before making them
available to their customers. This functionality has been superseded a long
(more than 10 years) time ago by other features in Uyuni for sysadmins, and by
tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and
the SUSE Manager community, we received no feedback against the removal and
executed on it.

This will help us realize even further performance improvements in several
areas, including the commonly-used Content Lifecycle Management build and
promotion operations.

If you still have any unpublished patches, make sure you publish them with SUSE
Manager 4.0 before migrating to SUSE Manager 4.1.

API breakage

With the removal of the unpublished patches feature, some APIs have changed and
are therefore incompatible with SUSE Manager 4.0 and earlier:

  * Method errata.listUnpublishedErrata was removed

  * Method errata.create has one less parameter (the publish boolean, now
    always true) and it is now mandatory to specify at least one channel label
    in the last parameter (channelLabels). Previously specifying at least one
    channel label was mandatory only if publish was set to true.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and SUSE Manager
Retail Branch Server 4.0. When upgrading, upgrade the SUSE Manager Server
first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/4.1/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting, are only supported in the context of SUSE Manager. Stand-alone usage
(e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 6, 7 and 8 minor release clients.
Older minor releases might still work but will only be supported on a limited
and reasonable-effort basis.

The same rule applies to CentOS and Oracle Linux.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 16.04 LTS, 18.04 LTS and 20.04 LTS clients using
Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for Debian clients

For Debian clients, SUSE Manager only offers a subset of its functionality,
mostly aligned with Ubuntu. Client tools are not available yet from SCC but the
Debian 9 and Debian 10 client tools from Uyuni can be enabled using
spacewalk-common-channels.

Debian is only supported at L1 level support. L1 support is limited to problem
determination, which means technical support designed to provide compatibility
information, usage support, on-going maintenance, information gathering and
basic troubleshooting using available documentation. At this moment, any
problems or bugs specific Debian will only be fixed in a best-effort mode.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web
UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are
the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.1 on top of an existing SUSE Linux Enterprise
Server 15 SP2 is known to generate an incomplete installation. If you require
such a setup, please contact SUSE Consulting.

Known issues

Compatibility with the Development Tools Module

The Development Tools Module 15 SP2 is not enabled or used by default by SUSE
Manager.

Enabling the Development Tools Module 15 SP2 on the SUSE Manager Server 4.1
will break the taskomatic component in SUSE Manager Server, resulting in
actions not being scheduled or executed. This will be fixed in a future release
of SUSE Manager.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API
or CLI tools. This will be fixed in a future release of SUSE Manager.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or
compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages
from EPEL, which miss some features available in the SUSE Manager-provided Salt
packages. This is especially important since it will result in the bootstrap
repository containing the non-SUSE Salt packages. Therefore, this is an
unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt
packages from EPEL in advance.

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors
may be logged from the moment the official Red Hat channels are added until the
moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS or Oracle Linux.

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation
set is missing some packages required for the onboarding to work. It is
recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and
openssh-clients packages before onboarding.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it
to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client
works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion
will also work.

                  Works                                   Fails
RH Satellite 5.x ? SUSE Manager            RH Satellite 5.x ? SUSE Manager Salt
traditional                                minion

SUSE Manager traditional ? SUSE Manager
Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions, you will need to modify the bootstrap script to remove the Satellite
agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as
Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your
support contact or in the SUSE Forums:

https://forums.suse.com/forumdisplay.php?22-SUSE-Manager

Resources

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional
information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE LLC
Maxfeldstr. 5
D-90409 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG N?rnberg
Gesch?ftsf?hrer/Managing Director: Felix Imend?rffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erf?llungsort/Legal Venue: N?rnberg

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.

Last updated 2020-11-05 15:48:15 +0100
