SUSE Manager Server 4.1

Release Notes
2021-07-04 21:29:45 +0200
Table of Contents

  * Version Revision History
  * About SUSE Manager 4.1
      + Expanded Operating System support and Cluster integration and
        management
          o Simplify management and regain control with SUSE Manager 4.1
          o Simplify cluster operations with the first cluster-aware version of
            SUSE Manager
      + Lower costs and streamline management with enhanced usability, virtual
        machine management and monitoring capabilities
      + Scale SUSE Manager 4.1 to tens of thousands of client devices without
        compromise
  * Keep Informed
  * Installation
      + Requirements
      + Update from previous versions of SUSE Manager Server
      + Migrating from Red Hat Satellite
      + Scaling SUSE Manager
      + High availability
      + Channels with a large number of packages
  * Major changes since SUSE Manager Server 4.1 GA
      + Features and changes
          o Version 4.1.9
          o Version 4.1.8
              # Deprecated products
              # Salt 3002
              # Calendar widget for maintenance windows
              # Monitoring updates
              # Retracted patches
              # Unsynchronized patches warning
          o Version 4.1.7.1
          o Version 4.1.7
              # New products enabled
              # API deprecation warning
              # Reactivation keys in bootstrap scripts
              # Ubuntu Universe repository changes
              # Oracle Linux UEK repository
              # Performance improvements
          o Version 4.1.6
              # Performance improvements
              # Redfish power management
              # OpenSCAP from SSM
              # Enable SAN SSL certificates
              # Prometheus Exporter Exporter for Debian
          o Version 4.1.5.1
              # Fixes for Salt security issues
          o Version 4.1.5
              # New products enabled
              # Debian
              # Ubuntu and Debian package version comparison
              # One-time database migration when Ubuntu and/or Debian are
                present
              # CPU mitigations formula
              # Autoinstallation of older operating systems
              # CentOS 6 URLs
              # New countries and timezones
              # Monitoring updates
              # Resolved known issues
          o Version 4.1.4
              # New products enabled
              # SAP content
              # Vendor change on SP migration
              # RHEL and CentOS ppc64le clients
              # Prometheus reverse proxy for RHEL-class clients
              # Oracle Linux ULN repositories
              # Cluster management: upgrade plan
              # Yomi refresh
          o Version 4.1.3
              # Recent Salt CVEs remediation
              # Web UI themes
              # Grafana 7.1.5
              # Prometheus Exporter Exporter
              # XML-RPC power management API
              # Third-party errata information on vendor channels
              # Japanese translation
              # Bootstrap repositories no longer flushed by default
          o Version 4.1.2
              # SUSE Manager Hub
              # Monitoring
          o Version 4.1.1
              # Maintenance windows
              # Monitoring: multiple exporters with a single exposed port
              # Added new type of "Virtual Host Manager": Nutanix AHV
              # Salt module.run compatibility state
              # SLE15 and python3-M2Crypto
      + Patches
          o Version 4.1.9
          o Version 4.1.8
          o Version 4.1.7.1
          o Version 4.1.7
          o Version 4.1.6
          o Version 4.1.5.1
          o Version 4.1.5
          o Version 4.1.4
          o Version 4.1.3
          o Version 4.1.2
          o Version 4.1.1
  * Major changes since SUSE Manager Server 4.0
      + New SUSE branding
      + New products enabled
          o CentOS
          o Oracle Linux
          o Ubuntu 20.04 LTS
      + Cluster Management
      + Recurring highstate scheduling
      + Monitoring enhancements
          o Federation
          o Pre-configured default alerting rules
          o CaaSP dashboards
          o Updated Grafana and Prometheus
          o Updated Node Exporter
      + Virtual storage pool support
      + Performance improvements
          o Reposync
          o Content Lifecycle Magement
          o Prometheus Service Discovery
      + Usability
          o Automatic generation of bootstrap repositories
          o Automatic database schema migrations and fail-over mechanism
          o Third-party GPG keys now included
          o Onboarding of clients with SSH keys
          o Service Pack migration: remember settings
          o Subscription warning
          o Proxy visibility in Systems Overview
          o Improved sync status visibility
          o Single Page Application UI (SPA)
      + RHEL 8 enhancements
          o Content Lifecycle Management filters for AppStreams
          o Prometheus exporters
      + SUSE Manager for Retail
          o SLEPOS 15 SP2 clients
          o Small stores
          o EFI HTTP booting
      + Custom headers for reposync
      + New documentation
      + OpenVPN formula
      + spacewalk-utils
      + Single Sign-On (SSO)
      + Technology previews
          o SUSE Manager Hub XML-RPC API
          o Yomi
      + Salt 3000
      + PostgreSQL 12
      + Base system upgrade
      + Dropped features
          o Unpublished patches
              # API breakage
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Support
      + Supportconfig confidentiality disclaimer
      + Supportability of embedded software components
      + Support for older products
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Ubuntu Clients
      + Support for Debian Clients
      + L1 support for RHEL and CentOS ppc64le clients
      + Browser support
      + SUSE Manager installation
  * Known issues
      + Single Sign On, API and CLI tools
      + EPEL and Salt packages
      + RHEL native clients
      + RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations
      + Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager
        as Salt minions
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE?s distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version Revision History

  * July 7th, 2021: 4.1.9 release

  * June 22nd, 2021: 4.1.8 release

  * April 15th, 2021: 4.1.7 release

  * March 19th, 2021: 4.1.6 release

  * February 25th, 2021: 4.1.5.1 release

  * January 27th, 2021: 4.1.5 release

  * December 10th, 2020: 4.1.4 release

  * November 5th, 2020: 4.1.3 release

  * October 1st, 2020: 4.1.2 release

  * August 28th, 2020: 4.1.1 release

  * July 21st, 2020: 4.1.0 release

About SUSE Manager 4.1

SUSE Manager 4.1, the latest release from SUSE based on SLES 15 SP2 and the
Uyuni Project, delivers a best-in-class open source infrastructure management
and automation solution that lowers costs, identifies risk, enhances
availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.1
delivers the following new or enhanced capabilities to your Edge, Cloud &
Datacenter environments.

Expanded Operating System support and Cluster integration and management

Simplify management and regain control with SUSE Manager 4.1

You can now get even better control of complex heterogeneous IT environments
with extended target operating system support now including: Red Hat Enterprise
Linux 8 (including modular repositories flattening), CentOS 6, 7 and 8, Oracle
Linux 6, 7 and 8, openSUSE Leap 15.2 and Ubuntu 20.04 LTS.

Only SUSE Manager combines software content lifecycle management (CLM) with a
centrally staged repository, class leading configuration management and
automation, plus optional state of the art monitoring capabilities, for all
major Linux distributions.

You can also significantly simplify your patch and configuration management
stacks by standardizing on SUSE Manager across all Linux distributions and
deployment modes (physical, virtual, and public cloud).

Simplify cluster operations with the first cluster-aware version of SUSE
Manager

As you modernize your IT landscape and make use of Software Defined
Infrastructure stacks based on technologies like Kubernetes and Ceph, your
focus of managing the IT infrastructure has to move from managing individual
Linux servers and VMs to managing infrastructure clusters. Multiple cluster
types will be supported in coming releases, with SUSE Manager 4.1 initially
providing support for managing SUSE CaaS Platform clusters.

Lower costs and streamline management with enhanced usability, virtual machine
management and monitoring capabilities

Operations and DevOps staff can now streamline the setup, daily use and
maintenance of SUSE Manager simplifying and automating routine tasks; such as
the mass on boarding of rootless or password-less clients.

With enhanced virtual machine management capabilities the management of highly
distributed virtualized server infrastructures becomes a lot easier. If you run
virtual machine environments at the edge such as telco, manufacturing or
retail, SUSE Manager now enables the efficient management of tens to thousands
of VMs across an entire estate.

If you run SAP workloads virtualized on SLES, with SUSE Manager 4.1 you can
eliminate complexity and simplify deployments by reducing the number of vendors
in your software defined infrastructure management stack (OS, virtualization
and virtualization management and monitoring all come from SUSE). SUSE Manager
also significantly simplifies your environments where the frequent setup of
virtualized test deployments of SAP workloads are required.

Need to virtualize Kubernetes to best leverage your powerful hardware? You can
accelerate and maximize implementations by gaining higher scale from your
container platform while simplifying deployments (no need for separate VMware
layer, high automation from bare metal deployment to VMs to cluster). You can
now also use virtualization to securely separate multiple clusters/tenants in a
Kubernetes environment.

To keep your infrastructure safe and healthy SUSE Manager 4.1 expands the new
Prometheus/Grafana-based monitoring stack introduced with version SUSE Manager
4 with enhanced support for large federated and non-routable network
environments. Allowing your Linux systems and devices to be monitored wherever
they reside and irrespective of how they are network connected.

Scale SUSE Manager 4.1 to tens of thousands of client devices without
compromise

With ever growing Linux footprints you need your management tool be able to
scale to tens of thousands of Linux devices and beyond. With the performance
and scalability enhancements in 4.1, your SUSE Manager deployment can easily
scale in your environment in any direction, while providing better performance
than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your
business needs, with the peace of mind that SUSE Manager will be able to manage
your large estate, and the cost implications of growing their footprint will
not be exaggeratedly high.

With the "SUSE Manager Hub" multi-server architecture we are gradually
introducing a framework that allows you to scale SUSE Manager deployments to
hundreds of thousands of nodes using tiered management servers.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 4.1 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the SUSE Manager discussion forum

Installation

Requirements

SUSE Manager Server 4.1 is provided through SUSE Customer Center and can be
installed with the unified installer for SUSE Linux
Enterprise 15 Service Pack 2. It is available for x86-64, POWER (ppc64le), or
IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system
roles are used to customize the installation for each product. The unified
installer provides an easier way to install the operating system and the SUSE
Manager Server application together with specific pre-configured system
settings. This addresses the need for enterprise deployments to standardize on
the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database
is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 is supported.

For SUSE Manager 3.2 Server users, the supported upgrade method is to migrate
the data from your SUSE Manager Server 3.2 installation to SUSE Manager
Server 4.1 and perform a clean installation. If your SUSE Manager Server 3.2
uses an older version of PostgreSQL, you will need to upgrade to PostgreSQL 10
before performing the migration.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://
documentation.suse.com/suma/4.1/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager
Server 4.1 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE
sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand
clients, when deployed according to the instructions in the Installation Guide
on https://documentation.suse.com/suma/4.1/. Scaling beyond that number needs
special consideration.

For more information and instructions on large-scale deployments, see the Large
Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales
engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific
configuration and tuning for each use case is needed. Please get in touch with
SUSE Consulting for the details.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red
Hat Enterprise Linux, come with a very large number of packages that may cause
taskomatic to run out of memory. If this occurs, we recommended that you
increase the maximum amount of memory allowed for taskomatic by editing /etc/
rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If
taskomatic continues to run out of memory, you can increase the number further.
However, keep in mind that this will affect the total memory required by SUSE
Manager Server.

Major changes since SUSE Manager Server 4.1 GA

Features and changes

Version 4.1.9

Bugfix release.

Version 4.1.8

This is a bugfix release which also introduces several features, backported
from SUSE Manager 4.2.

Deprecated products

  * Red Hat Enterprise Linux 6

  * SUSE Linux Enterprise Server Expanded Support 6

  * Oracle Linux 6

  * CentOS 6

  * Ubuntu 16.04 LTS

The support policy of SUSE Manager clients can be summarized as: "if the
operating system is under general support by its vendor, then SUSE Manager
supports it as a client".

RHEL 6 (and clones: CentOS 6, Oracle Linux 6, SLES ES 6) ended upstream general
support on November 30th, 2020. After a grace period of 7 months, we are now
ending support for these operating systems.

Ubuntu 16.04 LTS ended upstream general support on April 30th, 2021. After a
grace period of 3 months, we are now ending support for these operating
systems.

Please note "end of support" from the SUSE Manager side means these products
and their client tools remain available in the SUSE Manager product tree and
can still be added, mirrored and used. But in case they stop working at some
point in time, support will only be provided as on a best-effort basis (which
in general means if the issue can be reproduced with a supported operating
system, it will be fixed; but if the issue is specific to the unsupported
operating system, a fix should not be expected).

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches,
backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and
Client Tools (where the client operating system supports Python 3.5+; otherwise
Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  * Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle
    Linux and SLES Expanded Support), Ubuntu 18.04 and 20.04, and Debian 10.
    Only a Python 3 version is provided.

  * Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones:
    CenOS, Oracle Linux and SLES Expanded Support) and Debian 9. Only a Python
    2 version is provided. SLE 12 additionally provides a Python 3 version.

  * Salt 2016.11 is still the version of Salt for SLE 11 SP4. Only a Python 2
    version is provided.

We intend to regularly upgrade Salt to more recent versions, including those
which are still on Salt 3000.

For more details about changes in your manually-created Salt states, see the
Salt 3001 and Salt 3002 upstream release notes.

Calendar widget for maintenance windows

The raw iCal output that was displayed when creating maintenance windows has
been replaced with a graphical control ("widget"), making scheduling
maintenance windows easier:

  * An interactive calendar has replaced the display of the iCalendar file in
    the details view

  * An interactive web calendar replaces the list of upcoming maintenance
    windows in the details of a maintenance schedule, and events associated
    with that schedule are displayed.

Monitoring updates

Updated Prometheus

Prometheus has been updated from version 2.21.1 to version 2.26.0, which brings
a number of bugfixes and improvements (such as securing connections using TLS).

For details on what changed in each version between 2.21.1 and 2.26.0, see:

  * https://github.com/prometheus/prometheus/releases/tag/v2.22.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.23.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.26.0

Updated Grafana

Grafana has been updated from version 7.1.5 to version 7.4.2 in the Client
Tools channels.

Check the upstream documentation for details on what has changed:

  * Changes from 7.1 to 7.2

  * Changes from 7.2 to 7.3

  * Changes from 7.3 to 7.4

Updated Node Exporter

The Prometheus Node Exporter has been update from version 1.0.1 to version
1.1.2.

Check the upstream documentation for details on what has changed:

  * Changes from 1.0.1 to 1.1.0

  * Changes from 1.1.0 to 1.1.1

  * Changes from 1.1.1 to 1.1.2

Updated Prometheus Exporters formula

The Prometheus Exporters formula can now be used to configure the Prometheus
Exporter Exporter (reverse proxy) on Ubuntu clients.

Retracted patches

When an operating system vendor releases a new patch, it might happen that the
patch has undesirable side effects (security, stability, boot no longer
working, etc) on some scenario that was not identified by testing. When that
happens (very rarely), vendors typically release a new patch, which may take
from hours to days, depending on the internal processes in place by that
vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back
such patches in minutes by simply removing the bad patch from the repository
metadata and resorting to the previously working patch. These patches receive
the advisory status "retracted" (instead of the usual "final" or "stable").

SUSE Manager now supports retracted paches across all the lifecycle:

  * Retracted patches can be synchronized

  * When a patch is retracted, it will be noted as such with its own specific
    icon and status

  * Retracted patches can be cloned

Following the behavior defined in zypper:

  * Once a retracted patch is installed, it will not be uninstalled unless you
    uninstall it explicitly. SUSE Manager will never automatically uninstall
    anything from your systems on its own.

  * Once a patch has been retracted by the vendor, the retracted patch cannot
    be installed via normal patch, update and installations.

  * Retracted patches remain available in the software channels and can be
    forcefully-installed/updated-to by speficying the exact version you want to
    install (e. g. by using zypper directly or by using the exact version in a
    Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly
different than usual:

  * When a Content Lifecycle Management project uses a source channel which
    contains a now-retracted patch, a warning is displayed so that you are
    aware you should build and propagate the patch as soon as possible.

  * When a retracted patch is synchronized, it will not be cloned to the cloned
    channels by default. You will need to propagate it explicitly, like any
    other patch.

  * In contrast, once a retracted patch has been added one Content Lifecycle
    Management project and the project software channels built, the retracted
    patch will be automaticaly propagated all the other projects where that
    (now retracted) patch is available.

Unsynchronized patches warning

When a Content Lifecycle Management project has source channels which contain
patches, and channels are not synchronized, the project will now display a
warning.

Version 4.1.7.1

This release fixes a regression that made CentOS disappear from the product
tree (bsc#1184861). There are no other changes.

Version 4.1.7

New products enabled

  * MicroFocus Open Enterprise Server 2018 SP3

API deprecation warning

The following API functions have been deprecated for a long time and will be
removed in SUSE Manager 4.2:

  * ActivationKeyHandler addPackageNames(User loggedInUser, String key, List
    packageNames)

  * ActivationKeyHandler removePackageNames(User loggedInUser, String key, List
    packageNames)

  * ChannelHandler listRedHatChannels(User loggedInUser)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel)

  * ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid,
    List<String> channelLabels)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate, String endDate)

  * ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List
    <String> labels)

  * ChannelSoftwareHandler unsubscribeChannels(User user, List<Integer> sids,
    String baseChannel, List<String> childLabels)

  * ErrataHandler listByDate(User loggedInUser, String channelLabel)

  * KickstartHandler listKickstartableTrees(User loggedInUser, String
    channelLabel)

  * ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  * SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  * SystemHandler listChildChannels(User loggedInUser, Integer sid)

  * SystemHandler applyErrata(User loggedInUser, Integer sid, List<Integer>
    errataIds)

  * UserHandler getLoggedInTime(User loggedInUser, String login)

  * SystemHandler setChildChannels(User loggedInUser, Integer sid, List
    channelIdsOrLabels)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, String
    channelLabel)

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software
channels, configuration channels, entitlements, etc to a system while
registering.

Reactivation keys can be used to re-register a previously registered client and
regain all SUSE Manager settings. This is useful for cases such as moving
clients from directly registered to the SUSE Manager Server, to registered to a
SUSE Manager Proxy (or Retail Branch Server), or when reinstalling, or in
several other cases.

SUSE Manager now supports the combination of reactivation keys and bootstrap
scripts: you can specify a reactivation key in the bootstrap script to
re-register systems. For example, this helps if your SUSE Manager Server has
too many clients directly attached and you want to bulk move them to a SUSE
Manager Proxy (or Retail Branch Server).

Ubuntu Universe repository changes

Ubuntu 20.04 LTS provides the OpenSCAP scanner in the Universe repository,
which made mirroring Universe a requirement for OpenSCAP analysis to work on
Ubuntu 20.04 LTS clients. We are now providing the OpenSCAP scanner package in
the SUSE Manager Client Tools for Ubuntu 20.04 LTS channel, therefore mirroring
Ubuntu Universe is no longer required and has become an optional channel.

For users who still want to mirror Ubuntu Universe, we have added the
universe-update and universe-security repositories to the Product Wizard, as
optional.

Oracle Linux UEK repository

The Oracle Unbreakable Enterprise Kernel repository is now available from the
Product Wizard as an optional channel for Oracle Linux 6, 7 and 8.

Performance improvements

Optimized add packages to channel feature, resulting in a faster experience in
the WebUI when adding packages from another channel.

Version 4.1.6

Performance improvements

A number of database queries and error conditions have been optimized,
resulting in a faster experience in the WebUI, especially in all pages related
to software installation and patching.

Redfish power management

Redfish is a suite of specifications that deliver an industry standard protocol
for the management of servers, storage, networking, and converged
infrastructure.

SUSE Manager now supports power management using Redfish, in addition to the
existing IPMI power management.

OpenSCAP from SSM

Mass-auditing Salt clients with OpenSCAP is now possible from the System Set
Manager.

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various
values to be associated with a security certificate using a subjectAltName
field. This is commonly used to generate SSL certificates that protect multiple
domains with a single certificate.

Since this kind of certificate is becoming popular amongst users with their own
Certificate Authority, we have implemented support.

Prometheus Exporter Exporter for Debian

The reverse proxy exporter, which simplifies security and networking policies,
is now also available on Debian 9 and Debian 10.

With this addition, the Exporter Exporter is available for almost all the
operating systems SUSE Manager supports: SLES 12 and 15, RHEL 7 and 8 (and
clones: CentOS 7 and 8, Oracle Linux 7 and 8, SLES ES 7 and 8) and Ubuntu 18.04
and 20.04.

Version 4.1.5.1

Fixes for Salt security issues

Fixes for several Salt critical security issues: CVE-2020-28243, CVE-2020-28972
, CVE-2021-3148, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-3144,
CVE-2021-25284, CVE-2021-3197 and CVE-2020-35662.

You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and
Salt minions as soon as possible.

Version 4.1.5

New products enabled

  * SUSE Linux Enterprise Server 15 SP1 LTSS

  * SUSE Linux Enterprise 15 SP3 Beta

  * openSUSE Leap 15.3 Beta

  * Debian 9 and Debian 10

Debian

Starting with SUSE Manager 4.1.5, Debian 9 "Stretch" and Debian 10 "Buster" on
the amd64 (also known as x86_64) architecture are supported as client operating
systems. Debian clients are supported as a Salt clients (agentful with
salt-minion or agentless with salt-ssh).

In addition to the Salt packages, the spacecmd tool is also provided, which
makes it possible to remotely manage SUSE Manager from a Debian client.

SUSE-provided Prometheus exporters will be included in a future release of SUSE
Manager. You may use the exporters provided by the operating system in the
meanwhile.

The section in this release notes mentioning Debian was only L1-supported and
only through Uyuni Client Tools has now been removed.

Ubuntu and Debian package version comparison

The package version comparison algorithm has been completely redone for Ubuntu
and Debian clients, which fixes occasional problems with package updates on
Debian and Ubuntu.

There is no need to re-mirror Ubuntu and Debian. The already-downloaded
packages can be kept and their metadata will be updated in the database.

One-time database migration when Ubuntu and/or Debian are present

IMPORTANT: When updating to SUSE Manager 4.1.5, SUSE Manager deployments where
Ubuntu and/or Debian channels were synchronized should expect the database
migration time to take between 30 min and several hours, depending on how many
Debian or Ubuntu operating system versions and how many clients were
registered.

CPU mitigations formula

Unsupported clients are now handled gracefully and mitigations have been added
for the Xen hypervisor.

Autoinstallation of older operating systems

Autoinstallation provisioning is now compatible with GRUB and ELILO in addition
to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and
clones) systems.

CentOS 6 URLs

CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project
moved its repositories to the vault archive. URLs in the product wizard have
been updated. If you were using CentOS 6, you must refresh your product list to
receive the new URLs.

Other operating systems in the same class also reached end-of-life but require
no change, since they will continue to work as-is: SUSE Linux Enterprise Server
Expanded Support 6 (URLs not changed), Oracle Linux 6 (URLs not changed) and
Red Hat Enterprise Linux 6 (URLs are provided by users).

New countries and timezones

The countries and timezones list have been refreshed, adapting to the latest
timezone and geopolitical changes.

Monitoring updates

Prometheus 2.22.1

The core of our monitoring solution, Prometheus, has been updated from version
2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.

Notable improvements:

  * Web: Remove APIv2.

  * React UI: Implement missing TSDB head stats section.

  * UI: Add Collapse all button to targets page.

  * UI: Clarify alert state toggle via checkbox icon.

  * Gracefully handle unknown WAL record types.

  * Issue a warning for 64-bit systems running 32-bit binaries.

  * TSDB: Memory-map full chunks of Head (in-memory) block from disk. This
    reduces memory footprint and makes restarts faster.

  * TSDB: Reduced contention in isolation for high load.

  * Discovery: Added discovery support for Triton global zones.

  * Remote Read: Added prometheus_remote_storage_remote_read_queries_total
    counter to count the total number of remote read queries.

  * Added time range parameters for label names and label values API.

For details on what changed in each version between 2.18.0 and 2.22.1, see:

  * https://github.com/prometheus/prometheus/releases/tag/v2.22.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.22.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.19.3

  * https://github.com/prometheus/prometheus/releases/tag/v2.19.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.19.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.19.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.18.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.18.1

Grafana 7.3.1

Grafana Server has been updated to version 7.3.1 which brings a number of
bugfixes and improvements.

Notable improvements:

  * Add monitoring mixing for Grafana.

  * New Cloudwatch metrics

  * Elasticsearch: Support multiple pipeline aggregations for a query.

  * Support request cancellation properly for PostgreSQL, Loki and Prometheus

  * Postgres: Support Unix socket for host

  * Loki: Re-introduce running of instant queries

  * Prometheus: Support request cancellation properly. Add $__rate_interval
    variable

  * API improvements

  * Variables: enables cancel for slow query variables queries

  * Table: Adds column filtering

Breaking changes:

  * CloudWatch: The AWS CloudWatch data source?s authentication scheme has
    changed. See the upgrade notes for details and how this may affect you.

  * Units: The date time units YYYY-MM-DD HH:mm:ss and MM/DD/YYYY h:mm:ss a
    have been renamed to Datetime ISO and Datetime US respectively.

A detailed changelog is available upstream.

Prometheus Exporter Exporter for Ubuntu 18.04 LTS

The reverse proxy exporter, which simplifies security and networking policies,
is now also available on Ubuntu 18.04.

More operating systems will be added in future releases of SUSE Manager.

Resolved known issues

Enabling the Development Tools Module 15 SP2 on the SUSE Manager Server 4.1
system is now supported.

Version 4.1.4

New products enabled

  * SUSE Linux Enterprise 15 SP3 family (beta)

  * SUSE Linux Enterprise HPC 15 SP2 LTSS

  * SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)

  * RHEL and CentOS 7 and 8 ppc64le clients (see RHEL on ppc64le)

SAP content

SUSE Manager is the best tool to manage your Linux workloads.

SUSE Linux Enterprise Server for SAP applications is the best operating system
to run your SAP workloads.

In order to make SUSE Manager the best tool to manage your SUSE Linux
Enterprise Server for SAP applications, this release of SUSE Manager includes
content which provides added value to SLES for SAP users:

  * Documentation: SAP QuickStart Guide

  * Formulas:

      + saphanabootstrap-formula: SAP HANA deployment Salt formula. This
        formula can install SAP HANA nodes, enable system replication and
        configure SLE-HA cluster with the SAPHanaSR resource agent, using
        standalone Salt or via SUSE Manager formulas with forms.

      + sapnwbootstrap-formula: SAP Netweaver deployment Salt formula. This
        formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and
        perform some basic actions to optimize their usage.

      + drbd-formula: DRBD deployment Salt formula (requires drbd-utils)

      + habootstrap-formula: HA cluster salt deployment formula. This formula
        can boostrap an HA cluster ((init, join, remove) using standalone Salt
        or via SUSE Manager formulas with forms.

  * Salt state modules:

      + salt-shaptools: Salt modules and states for SAP Applications and SLE-HA
        components management

  * Grafana dashboards:

      + grafana-sap-hana-dashboards: Grafana Dashboards displaying metrics
        about SAP HANA databases.

      + grafana-sap-netweaver-dashboards: Grafana Dashboards displaying metrics
        about a SAP NetWeaver landscape.

      + grafana-ha-cluster-dashboards: Grafana Dashboards displaying metrics
        about a Pacemaker/Corosync High Availability Cluster.

      + grafana-sap-providers: Automated configuration provisioners leveraged
        by other packages to enable a zero-config installation of Grafana
        dashboards.

The formulas and Salt state modules are included in the SUSE Manager Server
channel. The Grafana dashboards are included in the SUSE Manager Client Tools
for SLE 12 and SLE 15 channels.

Vendor change on SP migration

Vendor change (changing the repository where a package comes from) can now be
optionally enabled during service pack migration.

This feature is useful where the client system is using unofficial packages and
you want to move back to official packages, or to switch from an official
package to a third-party version of a package. Instead of performing the SP
migration within the same vendor and then manually installing the package from
the new vendor, you can now do everything in a single action.

RHEL and CentOS ppc64le clients

RHEL 7 and 8, and CentOS 7 and 8 are now enabled as client operating systems
using the ppc64le architecture. Use the client tools provided by the upstream
Uyuni project, which comes with certain support limitations. See the specific
section for more details.

Prometheus reverse proxy for RHEL-class clients

The Prometheus Exporter Exporter, which allows you to put all your exporters
under one public port, is now available for RHEL, CentOS, SLES ES and Oracle
Linux versions 7 and 8.

Oracle Linux ULN repositories

Oracle Unbreakable Linux Network repositories are now supported in Software >
Manage > Repositories. Oracle Linux users with a subscription from Oracle can
use this to manually add the repositories for KSplice and others.

Cluster management: upgrade plan

When upgrading a cluster, the upgrade plan is now shown in the WebUI. This
makes it easier to verify that an upgrade will be conducted as expected.

Yomi refresh

The formulas that make autoinstallation of SLES and openSUSE systems simpler
have been upgraded to the latest version provided by the Yomi project. The
updated formulas are more intuitive, harder to misuse, and allow you to specify
additional advanced options.

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490, and CVE-2020-25592. You
should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and
Salt minions as soon as possible.

Web UI themes

SUSE Manager now supports themes. Users can select what theme they want to use
in the User Preferences page in the Web UI. Initially, we are providing three
themes:

  * SUSE Manager light: default light, low-contrast theme

  * SUSE Manager dark: high-contrast theme based on the light theme

  * Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing
which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light

Grafana 7.1.5

Grafana Server has been updated to version 7.1.5 in the Client Tools channels.

Main changes:

  * Flux and InfluxDB 2.x support in the Influx Datasource

  * Azure Monitor Datasource improvements

  * Deep linking for Google Cloud Monitoring (former Google Stackdriver)

  * Query history search

  * Unification of Explore modes

For more details see the upstream documentation.

Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port
no matter how many exporters are running on the client, is now available for
Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management
will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu
20.04 LTS channels without cloning them, as described in the documentation. The
known issue present in previous releases of SUSE Manager 4.1 has been fixed.

Japanese translation

The SUSE Manager Web UI and command-line tools are now available in Japanese
thanks to the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order
to allow users to select Japanese in their User Preferences in the Web UI, add
the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Bootstrap repositories no longer flushed by default

In SUSE Manager 4.1 GA, we automated the generation of bootstrap repositories
on channel sync. Bootstrap repositories were not only autogenerated but also
autoflushed, which caused disappearing packages problems to some customers (e.
g. in the case of multi-architecture bootstrap repositories).

Starting with SUSE Manager 4.1.3, bootstrap repositories are not flushed by
default. If you want to save some disk space, you can manually flush them using
mgr-create-bootstrap-repo --flush.

Version 4.1.2

SUSE Manager Hub

XML-RPC API is stable

Starting with SUSE Manager 4.1.2, the SUSE Manager Hub architecture is declared
stable. This means we do not expect large changes in the feature, how it
operates, or its API.

The Hub is the SUSE Manager multi-server architecture, which can be used in
environments with a large number (more than a few tens of thousands) of clients
per server, poorly-connected sites requiring full management, or multitenancy,
among others. With SUSE Manager 4.1.2, multiple peripheral servers (other SUSE
Manager Servers) can be managed from a single Hub Server, as a supported
feature.

You will find all the documentation and details about the Hub architecture in
the Large Deployments Guide.

Formula for peripheral server management (Technology Preview)

As the Hub XML-RPC API is declared stable, we are introducing Salt formulas to
make management of peripheral SUSE Manager Servers easier. The formulas allow
you to have consistent entities in each peripheral server, including:

  * Organizations, users and system groups

  * User access to system groups and software channels

To use the formula to manage peripheral servers, run zypper in
uyuni-config-formula on the SUSE Manager Hub Server, and enable the formula in
the WebUI.

Monitoring

Reverse proxy for SLE 12

The golang-github-QubitProducts-exporter_exporter reverse proxy exporter is now
also available for SUSE Linux Enterprise 12. More operating systems will follow
in a future release of SUSE Manager 4.1.

Node Exporter updated

The Prometheus Node Exporter has been updated to version 1.0.1 on SLE 12 and
15. Other operating systems will receive the update in a future release of SUSE
Manager 4.1.

Version 4.1.1

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions
(like package installation or upgrade) to occur during a scheduled one-time or
recurrent maintenance window period on selected systems. These actions cannot
be executed outside of the specified period.

To define maintenance windows, iCalendar data is used, which can be exported
from your favorite calendaring or ITSM tool: Microsoft Outlook, Google
Calendar, ServiceNow, etc. If you need help integrating your ITSM tool with
SUSE Manager, please contact SUSE Consulting.

For more information about maintenance windows, check the Administration Guide

Monitoring: multiple exporters with a single exposed port

Prometheus fetches metrics using a pull mechanism, so the Prometheus Server
must be able to establish TCP connections to each exporter on the monitored
clients, each on a different port on the client.

The new reverse proxy for monitoring feature simplifies your firewall
configuration: by installing the reverse proxy (package
golang-github-QubitProducts-exporter_exporter) on the clients, you can get all
the metrics for all the exporters on a single TCP port.

Check the Monitoring Guide for information about how to setup.

This feature is initially available only for SUSE Linux Enterprise 15 and
openSUSE Leap 15. Support for other operating system platforms will come in
future releases of SUSE Manager 4.1.

Added new type of "Virtual Host Manager": Nutanix AHV

In SUSE Manager 4.1.1, we have added a new type of Virtual Host Manager in
order to gather virtual machines from Nutanix AHV infrastructure.

Creating VHM to gather virtual instances from the Nutanix AHV will enable the
subscription matcher to match 1-2 virtual machines subscriptions for those
instances that are running on the same virtualization host.

For more information about how to setup this new type, see the new
documentation

Please keep in mind that installation of the virtual-host-gatherer-Nutanix
package is required.

Salt module.run compatibility state

A new mgrcompat.module_run custom compatibility state for Salt is available for
registered systems.

In Salt 2019.2, a new syntax for module.run was introduced. Up until Salt 3000
(the version currently shipped by SUSE Manager), Salt has supported both the
old syntax and the new syntax.

From Salt 3001 on, Salt will no longer support the old syntax. This means any
custom SLS file or "Configuration State Channel" that is using a module.run
state needs to be adapted to the new syntax. This turns even more problematic
when you have minions with different Salt versions (e. g. SLES 11 with Salt
2016.11), because some minions would accept the new syntax but others would
fail with it, so the SLS files would require extra logic to handle the
different Salt versions and configurations.

SUSE Manager will ship Salt 3001 in a future release. In preparation for this
syntax breakage, SUSE has developed the new mgrcompat.module_run compatibility
state. This is a wrapper over module.run which accepts the old syntax and takes
care of tailoring the parameters for the new module.run if necesasary according
to the specific minion version and configuration.

To make your Salt states compatible with all versions of Salt, including Salt
3001 and newer, you only need to change module.run to mgrcompat.module_run in
your SLS files and "Configuration State Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would look like this once adapted:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

All users are encouraged to migrate their Salt states. Once Salt 3001 comes to
SUSE Manager, not migrated states will simply fail.

SLE15 and python3-M2Crypto

If you still have SLE15 but no LTSS subscription, you will see errors when
generating the bootstrap repositories, as python3-M2Crypto is missing on SLE15
and is only part of SLE15 LTTSS.

However even with the error, the bootstrap repository itself will work and will
provide Salt 2019.2.0 until an LTSS subscription is available.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.9

cobbler:

  * Avoid traceback when building tftp files for ppc arch system when
    boot_loader is not set (bsc#1185679)

mgr-libmod:

  * Ignore self-dependencies (bsc#1186502)

py27-compat-salt:

  * Fix exception in yumpkg.remove for not installed package

  * Fix save for iptables state module (bsc#1185131)

  * Virt: use /dev/kvm to detect KVM

  * Zypperpkg: improve logic for handling vendorchange flags

  * Add bundled provides for tornado to the spec file

  * Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)

  * Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE
    distros

  * Detect Python version to use inside container (bsc#1167586) (bsc#1164192)

  * Handle volumes on stopped pools in virt.vm_info (bsc#1186287)

  * Grains.extra: support old non-intel kernels (bsc#1180650)

  * Fix missing minion returns in batch mode (bsc#1184659)

  * Parsing Epoch out of version provided during pkg remove (bsc#1173692)

spacecmd:

  * Enhance help for installation types when creating distributions (bsc#
    1186581)

spacewalk-backend:

  * Check if batch needs to be imported even after failure (bsc#1183151)

  * Fix downloading comps files by matching type in repomd.xml (bsc#1186653)

  * Added logging for dpkg repository detection

spacewalk-java:

  * Add missing task status strings (bsc#1186744)

  * Fix product migration when scheduled from the event page (bsc#1187066)

  * Fix permission problem with /srv/susemanager/salt/custom files (bsc#1186325
    )

  * Strip the modular metadata for newly created channels in CLM if modular
    filters present (bsc#1184118)

  * Fixing ISE when searching in docs for logged-in users (bsc#1186319)

  * Allow virtualization host entitlement on Xen Dom0 (bsc#1185522)

  * Fix start/end timestamps for xccdf scan details (bsc#1186016)

  * Fix report links for SCAP Scans (bsc#1186017)

  * Remove duplicate entries on AppStream filter channel browser

  * Fix problem reading product_tree.json from wrong location in offline setups
    (bsc#1184283)

  * XMLRPC: Endpoint for aligning channel metadata based on another channel (
    bsc#1182810)

  * Fix the problem with wrong icons for virtual systems (bsc#1185507)

  * Add group by clause to reduce the number of rows for groupAdvisoryTypes CTE
    to improve performance(bsc#1185015)

  * Fix file ownership and permissions in /srv/susemanager/pillar_data/ (bsc#
    1179954)

  * Fix disapearing Autoinstallation Menu for minions (bsc#1184813)

  * Catch not found repository and create a standard error page (bsc#1183992)

spacewalk-search:

  * Prevent writing error messages when just skipping the indexer run (bsc#
    1185628)

spacewalk-utils:

  * Align the modules.yaml of target channel after cloning errata (bsc#1182810)

  * Adapt hostname rename check to allow also short hostname in various
    hostname files on the filesystem (bsc#1176512)

  * Spacewalk-hostname-rename: change hostname in /root/.mgr-sync (bsc#1183994)

spacewalk-web:

  * Do not render the section toolbar if it is empty

susemanager:

  * Sort products in mgr-sync output

  * Fix creating deb bootstrap repos with packages having new checksums (bsc#
    1184330)

susemanager-doc-indexes:

  * Document update for openSUSE Leap 15.3

  * RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6,
    and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE
    as client operating systems.

susemanager-docs_en:

  * Document update for openSUSE Leap 15.3

  * RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6,
    and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE
    as client operating systems.

susemanager-sls:

  * Fix deleting stopped virtual network (bsc#1186281)

Version 4.1.8

cobbler:

  * Prevent some race conditions when writting tftpboot files and the
    destination directory is not existing (bsc#1186124)

  * Fix trail stripping in case of using UTF symbols (bsc#1184561)

  * Make "fence_ipmitool" a wrapper for "fence_ipmilan" using always lanplus (
    bsc#1184361)

  * Remove unused template for fence_ipmitool.

golang-github-prometheus-node_exporter:

  * Update to 1.1.2

      + Bug fixes + Handle errors from disabled PSI subsystem + Sanitize
        strings from /sys/class/power_supply + Silence missing netclass errors
        + Fix ineffassign issue + Fix some noisy log lines +
        filesystem_freebsd: Fix label values + Fix various procfs parsing
        errors + Handle no data from powersupplyclass + udp_queues_linux.go:
        change upd to udp in two error strings + Fix
        node_scrape_collector_success behaviour + Fix NodeRAIDDegraded to not
        use a string rule expressions + Fix node_md_disks state label from fail
        to failed + Handle EPERM for syscall in timex collector + bcache: fix
        typo in a metric name + Fix XFS read/write stats

      + Changes + Improve filter flag names + Add btrfs and powersupplyclass to
        list of exporters enabled by default

      + Features + Add fibre channel collector + Expose cpu bugs and flags as
        info metrics + Add network_route collector + Add zoneinfo collector

      + Enhancements + Add more InfiniBand counters + Add flag to aggr ipvs
        metrics to avoid high cardinality metrics + Adding backlog/current
        queue length to qdisc collector + Include TCP OutRsts in netstat
        metrics + Add pool size to entropy collector + Remove CGO dependencies
        for OpenBSD amd64 + bcache: add writeback_rate_debug status + Add check
        state for mdadm arrays via node_md_state metric + Expose XFS inode
        statistics + Expose zfs zpool state + Added an ability to pass
        collector.supervisord.url via SUPERVISORD_URL environment variable

  * Do not include sources (bsc#1151558)

  * Remove rc symlink

grafana-formula:

  * Fix Grafana dashboards requiring single series (bsc#1184471)

patterns-suse-manager:

  * Add require for py27-compat-salt (salt 3002 does not provide python2-salt
    anymore)

prometheus-exporter-formula:

  * Add support for schema migration (bsc#1186025)

pxe-yomi-image-sle15:

  * Remove PermitEmptyPasswords from SSH config (Fix bsc#1182744)

py26-compat-salt:

  * Prevent command injection in the snapper module (bsc#1185281)
    (CVE-2021-31607)

spacewalk-admin:

  * Stop jabberd when osa-dispatcher is enabled (bsc#1185042)

spacewalk-backend:

  * Fail traditional errata and package actions when they act on retracted
    items

  * Add advisory_status to reposync and ISS

  * Add minrate/timeout configuration values for downloading DEB/RPM packages

  * switch to www group for satellite logs (bsc#1185097)

  * Fix binary blob corruptions in tradidional config file deployment (bsc#
    1183864)

  * Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351)

spacewalk-branding:

  * Add the CSS class for retracted errata/packages

spacewalk-certs-tools:

  * Fix typo: activaion -> activation

  * Add support of DISABLE_LOCAL_REPOS=0 for salt minions (bsc#1185568)

  * Add missing environment variable SALT_RUNNING for pkg module to the minion
    configuration

spacewalk-java:

  * Speed up pages to compare or add packages to channels (bsc#1178767)

  * Bugfix: Remove the unneeded check that was stopping updating a virtual
    instance type (bsc#1180673)

  * Exclude minions from the list of locally-managed/sandbox systems when
    copying config files (bsc#1184940)

  * Lower case fqdn comparation when calculating minion connection path (bsc#
    1184849)

  * Bugfix: Retracted Patches: Filter minion correctly when executing package
    install (bsc#1184929)

  * Implement retracted patches

  * For a SUSE system get metadata and package from same source (bsc#1184475)

  * Check if the directory exists prior to modular data cleanup (bsc#1184311)

  * Assign right base product for res8 (bsc#1184005)

  * Fix docs link in my organization configuration (bsc#1184286)

  * Only update the kickstart path in cobbler if necessary (bsc#1175216)

  * Do not require advisory_status to be set in ErrataHandler.create (bsc#
    1185965)

  * Change Prometheus exporters formula data schema to make it more generic and
    extendable

spacewalk-utils:

  * Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports

  * Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04

spacewalk-web:

  * Upgrade react-select to 4.3.0 and lodash to 4.17.21

  * Show the info about unsynced patches in the Content Lifecycle Management
    screens

susemanager:

  * Add bootstrap repo data for SUSE Manager 4.1 Proxy

  * Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15

  * Add bootstrap repo data for OES2018-SP3-x86_64 (bsc#1183845)

  * Enable bootstrap repository creation for openSUSE Leap 15.3 for Uyuni

  * Add python3-distro to RES8, SLE15, Ubuntu20.04 and Debian 10 bootstrap
    repositories to fix bootstrapping issues (bsc#1184332)

  * add python3-pycryptodome to Ubuntu and Debian 10 bootstrap repos (bsc#
    1186346)

  * add gnupg and its dependencies to debian 10 bootstrap repo

susemanager-doc-indexes:

  * Adds additional dependencies for Debian client registration in Client
    Configuration Guide (bsc#1183649)

  * Remove some openSUSE Leap 15.1 references

  * Add reposync configuration settings to Troubleshooting chapter of the
    Administration Guide

  * Update the entry about module.run for SAP Guide

susemanager-docs_en:

  * Adds additional dependencies for Debian client registration in Client
    Configuration Guide (bsc#1183649)

  * Remove some openSUSE Leap 15.1 references

  * Add reposync configuration settings to Troubleshooting chapter of the
    Administration Guide

  * Update the entry about module.run for SAP Guide

susemanager-schema:

  * DB schema & migrations for retracted patches

susemanager-sls:

  * Fix insecure JMX configuration (bsc#1184617)

  * Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)

  * Keep salt-minion when it is installed to prevent update problems with
    dependend packages not available in the bootstrap repo (bsc#1183573)

  * Enable certificate deployment for Leap 15.3 clients which is needed for
    bootstrapping (bsc#1186765)

  * Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506)

  * Add support for 'disable_local_repos' salt minion config parameter (bsc#
    1185568)

  * fix installation of gnupg on Debian 10

  * exclude openSUSE Leap 15.3 from product installation (bsc#1186858)

susemanager-sync-data:

  * Add OES2018 SP3 (bsc#1183845)

tika-core:

  * New upstream version 1.26. Fixes:

      + Infinite loop in the MP3Parser (bsc#1184892, CVE-2021-28657)

      + Out of memory error while loading a file in PDFBox before 2.0.23.

      + Infinite loop while loading a file in PDFBox before 2.0.23.

      + System.exit vulnerability in Tika?s OneNote Parser; out of memory
        errors and/or infinite loops in Tika?s ICNSParser, MP3Parser,
        MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser.

      + Excessive memory usage (DoS) vulnerability in Apache Tika?s PSDParser

      + Infinite Loop (DoS) vulnerability in Apache Tika?s PSDParser

uyuni-common-libs:

  * Maintainer field in debian packages are only recommended (bsc#1186508)

xstream:

  * Upgrade to 1.4.14

      + fixes bsc#1180994, CVE-2020-26217

Version 4.1.7.1

spacewalk-web:

  * Fix check for for mirrorlist URLs when refreshing products (bsc#1184861)

Version 4.1.7

golang-github-lusitaniae-apache_exporter:

  * Build with Go 1.15

mgr-libmod:

  * Support multiple stream versions for RHEL repos (bsc#1183038)

py26-compat-msgpack-python:

  * Added versioned Python2 for RHEL8

python-susemanager-retail:

  * Skip internal initialization of excluded formulas

rhnlib:

  * Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959)

spacecmd:

  * Handle SIGPIPE without a user-visible exception (bsc#1181124)

spacewalk-backend:

  * Deb_src repo plugin is not restoring config namespace on exception (bsc#
    1182197)

  * Fixing improper exception handling causing another exception in
    ThreadedDownloader

  * Avoid race condition due to multiple reposync import threads (bsc#1183151)

  * Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary
    mode (bsc#1181274)

spacewalk-certs-tools:

  * Add reactivation key support to bootstrap script (bsc#1181580)

spacewalk-client-tools:

  * Fallback to sysfs when reading info from python-dmidecode fails (bsc#
    1182603)

  * Log an error when product detection failed (bsc#1182339)

spacewalk-java:

  * Eliminate duplicate entries when displaying results from mgr-libmod

  * Speed up the system groups page (bsc#1182132)

  * Raise length limit for kernel options (bsc#1182916)

  * Adapt logging for testing accessability of URLs (bsc#1182817)

  * Fix: populate docker-registries on inspection (bsc#1178179)

  * Log shell command output on failure when checking known_hosts file
    permissions

  * Speed up pages to compare or add packages to channels (bsc#1178767)

  * Improve fromdir with better mapping of URL to local files

spacewalk-setup:

  * Set AJP parameters differently to prevent AH00992, AH00877 and AH01030:
    ajp_ilink_receive() can?t receive header errors (bsc#1179271)

spacewalk-utils:

  * Add the Universe Security repositories for Ubuntu

spacewalk-web:

  * Fix flow-bin runtime issues that were breaking the tests

susemanager-doc-indexes:

  * Remove Universe requirement for Ubuntu 20.04

  * Adds missing Salt steps for Replacing Proxy procedure in Installation Guide
    (bsc#1181580)

susemanager-docs_en:

  * Remove Universe requirement for Ubuntu 20.04

  * Adds missing Salt steps for Replacing Proxy procedure in Installation Guide
    (bsc#1181580)

susemanager-schema:

  * Raise length limit for kernel options (bsc#1182916)

  * Fix: increase password length in the database (bsc#1182687)

susemanager-sls:

  * Prevent useless package list refresh actions on zypper minions (bsc#1183661
    )

  * Skip removed product classes with satellite-sync

  * Handle GPG keys when bootstrapping ssh minions (bsc#1181847)

  * Require new kiwi-systemdeps packages (bsc#1184271)

susemanager-sync-data:

  * Define missing ubuntu universe update channels (bsc#1182842)

  * Define UEK repositories for Oracle Linux

Version 4.1.6

cobbler:

  * Fix string replacement for @@xyz@@

  * Better performing string replacements

grafana-formula:

  * Set supported to false for unsupported systems (bsc#1182001)

  * Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

mgr-libmod:

  * Fix 'list_modules' JSON serialization (bsc#1182492)

mgr-osad:

  * Adapt to new SSL implementation of rhnlib (bsc#1181807)

prometheus-exporters-formula:

  * Add Ubuntu support for Prometheus exporters' reverse proxy

prometheus-formula:

  * Set server hostname from pillar data (bsc#1180439)

py26-compat-salt:

  * Do not crash when unexpected cmd output at listing patches (bsc#1181290)

rhnlib:

  * Change SSL implementation to Python SSL for better SAN and hostname
    matching support (bsc#1181807)

smdba:

  * Do not remove the database if there is no backup and deal with manifest

spacewalk-backend:

  * Open repomd files as binary (bsc#1173893)

  * Fix requesting Release file in debian repos (bsc#1182006)

  * Reposync: Fixed Kickstart functionality.

  * Reposync: Fixed URLGrabber error handling.

  * Reposync: Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-client-tools:

  * Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-config:

  * Increase Apache SSL logs to include response code and process time

spacewalk-java:

  * Homogenizes style in filter buttons, facilitating testability

  * Cleanup sessions via SQL query instead of SQL function (bsc#1180224)

  * Rebuild and improve rendering of error pages 404 and 500 pages (bsc#1181228
    )

  * Fix user creation with PAM authentication and no password (bsc#1179579)

  * Fix action chains for saltssh minions (bsc#1182200)

  * FIX: Slow response of 'Software > Install' in Ubuntu minions (bsc#1181165)

  * Do not call page decorator in HEAD requests (bsc#1181228)

  * Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)

  * Ensure new files are synced just after writing them (bsc#1175660)

  * Enable openscap auditing for salt systems in SSM (bsc#1157711)

  * Detect debian products (bsc#1181416)

  * Show packages from channels assigned to the targeted system (bsc#1181423)

  * Add an API endpoint to allow/disallow scheduling irrelevant patches (bsc#
    1180757)

  * Open raw output in new tab for ScriptRunAction (bsc#1180547)

  * Default to preferred items per page in content lifecycle lists (bsc#1180558
    )

  * Fix modular data handling for cloned channels (bsc#1177508)

  * Fix: login gets an ISE when SSO is enabled (bsc#1181048)

spacewalk-utils:

  * Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-web:

  * Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)

  * Upgrade immer to fix CVE-2020-28477

  * Default to preferred items per page in content lifecycle lists (bsc#1180558
    )

  * Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)

subscription-matcher:

  * Update the xstream dependency to 1.4.15

susemanager:

  * Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)

  * Python3-dbus-python and dependencies not installed by default on JeOS SLE15
    images, add them to the bootstrap repository list of packages for
    traditional (bsc#1182071)

susemanager-doc-indexes:

  * Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.

  * Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide

  * Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)

  * Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)

  * Updated command for running configure proxy script when replacing a proxy

  * Fixed bad SUSE Customer Center URL

susemanager-docs_en:

  * Updated Command Line Registration with Salt section in the Client
    Configuration Guide for clarity.

  * Adds openSUSE Leap SP migration to the SP migration section of the Client
    Configuration Guide

  * Adds note that bootstrap procedure for selecting a parent channel is
    optional in Client Configuration Guide (bsc#1181635)

  * Adds note about checking for valid UUIDs in fstab when backing up (bsc#
    1181814)

  * Updated command for running configure proxy script when replacing a proxy

  * Fixed bad SUSE Customer Center URL

susemanager-schema:

  * Drop "pxt_session_cleanup" function (bsc#1180224)

  * Enable openscap auditing for salt systems in SSM (bsc#1157711)

susemanager-sls:

  * Ubuntu 18 has version of apt which does not correctly support auth.conf.d
    directory. Detect the working version and use this feature only when we
    have a higher version installed

xstream:

  * Upgrade to 1.4.15. Fixes bsc#1180146 (CVE-2020-26258) and bsc#1180145 (
    CVE-2020-26259)

  * Upgrade to 1.4.14. Fixes bsc#1180994 (CVE-2020-26217)

Version 4.1.5.1

salt:

  * VUL-0: salt: February 2021 release (bsc#1181550)

  * VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when
    an unprivileged user is able to create files in any non-blacklisted
    directory (bsc#1181556)

  * VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi
    servers does not always validate the SSL/TLS certificate (bsc#1181557)

  * VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted
    web requests to the Salt API via SSH client (bsc#1181558)

  * VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the
    wheel_async client (bsc#1181559)

  * VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is
    vulnerable to directory traversal (bsc#1181560)

  * VUL-0: CVE-2021-25283: salt: jinja render does not protect against
    server-side template injection attacks (bsc#1181561)

  * VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration
    (bsc#1181562)

  * VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the
    ?error? log level (bsc#1181563)

  * VUL-0: CVE-2021-3197: salt: Salt-API?s SSH client is vulnerable to a shell
    injection by including ProxyCommand in an argument (bsc#1181564)

  * VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL
    certificates (bsc#1181565)

Version 4.1.5

cpu-mitigations-formula:

  * Handle unsupported target systems gracefully (bsc#1179273)

  * add mitigations for Xen hypervisor

ical4j:

  * Use error-prone 2.4.0 to prevent build errors on OBS

mgr-libmod:

  * Improve modular dependency resolution algorithm (bsc#1177267)

mgr-osad:

  * Change the log file permissions as expected by logrotate (bsc#1177884)

smdba:

  * Fix smdba throws error on mgr-setup/installation

  * Raise an exception on failed external process call

  * Fix TablePrint formatting

  * Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#
    SLE-17030)

  * Revert modifying cpu_tuple_cost

spacecmd:

  * Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#
    1176823)

  * Added '-r REVISION' option to the 'configchannel_updateinitsls' command (
    bsc#1179566)

  * Fix: internal: workaround for future tee of logs translation

spacewalk-backend:

  * Drop Transfer-Encoding header from proxy respone to fix error response
    messages (bsc#1176906)

  * Prevent tracebacks on missing mail configuration (bsc#1179990)

  * Fix pycurl.error handling in suseLib.py (bsc#1179990)

  * Harden extratag key import by execute_values to ignore conflicts

  * Fix Debian package version comparison

  * Use sanitized repo label to build reposync repo cache path (bsc#1179410)

  * Quote the proxy settings to be used by Zypper (bsc#1179087)

  * Add the VirtualPC as virtualization type (bsc#1178990)

  * Truncate author name in the changelog (bsc#1180285)

spacewalk-java:

  * Fix CVE audit results for affected and patched entries (bsc#1180893)

  * Replace custom version comparison method with the standard one which also
    takes debian packages into account

  * Fix incorrect password autocompletions (bsc#1148357)

  * Improves misleading UI message displayed on systems with modules activated
    (bsc#1179525)

  * Fix reboot action race condition (bsc#1177031)

  * Fix availability check for debian repositories (bsc#1180127)

  * Added 'contents' argument to the 'configchannel.create' XMLRPC API method (
    bsc#1179566)

  * Ignore duplicate NEVRAs in package profile update (bsc#1176018)

  * Prevent deletion of CLM environments if they?re used in an autoinstallation
    profile (bsc#1179552)

  * Fix Debian package version comparison

  * Added 'revision' argument to the 'configchannel.updateInitSls' XMLRPC API
    method (bsc#1179566)

  * Fix configuration file download links to actually download files instead of
    redirecting to the home page (bsc#1179324)

  * Register saltkey XMLRPC handler and fix behavior of delete salt key (bsc#
    1179872)

  * Add validation for custom repository labels

  * Add lang attribute to html tags

  * Fix expanded support detection based on CentOS installations (bsc#1179589)

  * Generalize the reactivation key message (bsc#1178483)

  * Add translation strings for newly added countries and timezones (jsc#
    PM-2081)

  * Add the VirtualPC as virtualization type (bsc#1178990)

  * Fix the activation key handling from kickstart profile (bsc#1178647)

  * Improve modular dependency resolution algorithm (bsc#1177267)

  * fix query using old EVR_T constructor (bsc#1181422)

spacewalk-reports:

  * Fixes no file content in spacewalk-report config-files

  * Write <binary data> placeholder instead of dumping binary data

spacewalk-utils:

  * Remove Debian 9 and 10 channels for SUSE Manager, now provided by SCC data

spacewalk-web:

  * Fix Package States page display error (bsc#1180580)

  * Fix incorrect password autocompletions (bsc#1148357)

  * Migrate CommonJS based React components to ES6

  * Prevent deletion of CLM environments if they?re used in an autoinstallation
    profile (bsc#1179552)

  * Fix loading indicator for tables using SimpleDataProvider (bsc#1177756)

  * Fix question mark explanations for Recurring States (bsc#1179485)

  * Allow specifying both name and label of new Content Environment (bsc#
    1176411)

susemanager:

  * Use product IDs for Debian 9 and 10 SUSE Manager bootstrap repo data

susemanager-build-keys:

  * Add Debian 9 and Debian 10 keys

  * Add Debian 8 Archive Key - required to verify Debian 9 successfully (bsc#
    1181233)

susemanager-doc-indexes:

  * Fixed error in Create and Replace CA and Server Certificates of
    Administration Guide (bsc#1180001)

  * Fixed package name and command in Troubleshooting Renaming Server section
    of the Administration Guide (bsc#1179171)

  * Added documentation on replacing a proxy server in the Installation Guide (
    bsc#1179438)

  * Moves and updates advice about modular repositories on RHEL clones in
    Client Configuration Guide (bsc#1179277)

  * Adds Debian 9 and 10 on SUSE Manager to Client configuration

  * Adds troubleshooting info for ISS caching

  * Adds note about Appstream Packages in Channels section of Client
    configuration Guide (bsc#1179525)

  * Corrected name of unresolved include (bsc#1181129)

susemanager-docs_en:

  * Fixed error in Create and Replace CA and Server Certificates of
    Administration Guide (bsc#1180001)

  * Fixed package name and command in Troubleshooting Renaming Server section
    of the Administration Guide (bsc#1179171)

  * Added documentation on replacing a proxy server in the Installation Guide (
    bsc#1179438)

  * Moves and updates advice about modular repositories on RHEL clones in
    Client Configuration Guide (bsc#1179277)

  * Adds Debian 9 and 10 on SUSE Manager to Client configuration

  * Adds troubleshooting info for ISS caching

  * Adds note about Appstream Packages in Channels section of Client
    configuration Guide (bsc#1179525)

  * Corrected name of unresolved include (bsc#1181129)

susemanager-schema:

  * Changed to versioned Python3 to SPEC file.

  * Python3 port for blend tool

  * Add missing unique index on suse tables

  * Fix Debian package version comparison

  * Add new valid countries and timezones (jsc#PM-2081)

  * Add the VirtualPC type in rhnVirtualInstanceType table(bsc#1178990)

  * Improve cleanup time after fixing Debian package version comparison (bsc#
    1181116)

susemanager-sls:

  * Make autoinstallation provisoning compatible with GRUB and ELILO in
    addition to GRUB2 only (bsc#1164227)

  * fix apt login for similar channel labels (bsc#1180803)

susemanager-sync-data:

  * Add product definitions for Debain 9 AMD64 and Debian 10 AMD64

  * change centos 6 URLs to vault.centos.org

uyuni-common-libs:

  * Section in Debian packages in now treated as optional (bsc#1179555)

yomi-formula:

  * Add temporary and explicit dependency to libudev1

Version 4.1.4

image-sync-formula:

  * Send image_synced event to master

mgr-libmod:

  * Fix 'module not found' exception handling (bsc#1179257)

postgresql-jdbc:

  * Address CVE-2020-13692 (bsc#1172079)

pxe-yomi-image-sle15:

  * Update config.sh based on last JeOS template

  * Update JEOS_LOCALE to en_US.UTF-8

  * Support config{_url}{_name} for user provided configuration

python-susemanager-retail:

  * Handle organizations in retail_create_delta

saltboot-formula:

  * Support older SLE11 cryptsetup (bsc#1172287)

  * Use images with "synced" flag

spacecmd:

  * Fix: make spacecmd build on Debian

spacewalk-admin:

  * Use the license macro to mark the LICENSE in the package so that when
    installing without docs, it does install the LICENSE file

  * Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE
    Manager 3.2 (bsc#1177435)

spacewalk-backend:

  * Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)

  * Do not raise TypeError when processing SUSE products (bsc#1178704)

  * Fix spacewalk-repo-sync to successfully manage and sync ULN repositories

  * Fix errors in spacewalk-debug and align postgresql queries to new DB
    version

  * ISS: Differentiate packages with same nevra but different checksum in the
    same channel (bsc#1178195)

  * Re-enables possibility to use local repos with repo-sync (bsc#1175607)

  * Add 'allow_vendor_change' option to rhn clients for dist upgrades

spacewalk-certs-tools:

  * Improve check for correct CA trust store directory (bsc#1176417)

spacewalk-client-tools:

  * Update translations

spacewalk-java:

  * Update content sensitive help links

  * Update exception message in findSyncedMandatoryChannels

  * Report resolved module dependencies on CLM project details page

  * Allow creating custom ULN repositories with uln:// urls

  * Change message "Minion is down" to be more accurate

  * Localize documentation links

  * Temp: revert Sync state modules when starting action chain execution (bsc#
    1177336)

  * Fix check for available products on ISS Slaves (bsc#1177184)

  * XMLRPC: Report architecture label in the list of installed packages (bsc#
    1176898)

  * Get media.1/products for cloned channels (bsc#1178303)

  * Calculate size to truncate a history message based on the htmlified version
    (bsc#1178503)

  * Make image pillar visible only in buildhost organization

  * Maintain list of synced images in pillar

  * Enable validation of Content Lifecycle Management entities in the XMLRPC
    API (bsc#1177706)

  * Fix the order of the arguments in the XMLRPC API doc for
    contentmanagement.buildProject (bsc#1177704)

  * Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#
    1175739)

  * Log token verify errors and check for expired tokens

  * Show only kernel options in advanced autoinstallation page when working
    with a salt minion (bsc#1177767)

  * Show cluster upgrade plan in the upgrade UI

  * Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc
    #1175987)

  * Add new allowVendorChange flag for dist upgrades

  * Sync state modules when starting action chain execution (bsc#1177336)

  * Enable redfish power management by default

spacewalk-search:

  * Add multi lang support to the document search

spacewalk-setup:

  * Add sock_pool_size setting by default for better performance

spacewalk-web:

  * Update content sensitive help links

  * Fix mandatory channels JS API to finish loading in case of error (bsc#
    1178839)

  * Fix the search panel in CLM filters page

  * Localize documentation links

  * Fix link to documentation in Admin -> Manager Configuration -> Monitoring (
    bsc#1176172)

  * Show cluster upgrade plan in the upgrade UI

  * Don?t allow selecting spice for Xen PV and PVH guests

supportutils-plugin-susemanager:

  * Remove checks for obsolete packages

  * Gather new configfiles

  * Add more important informations

susemanager:

  * Adapt Debian10 bootstrap repository definition for salt on Python 3

  * Add --force to mgr-create-bootstrap-repo to enforce generation even when
    some products are not synchronized

susemanager-doc-indexes:

  * Added warning about local repositories in the Clients Configuration Guide

  * Removed duplicate contact method entry in Client Configuration Guide

  * Enabled upgrade section for SLE clients on Uyuni in Clients Configuration
    Guide

  * Added a section for working with bootstrap repositories and End of Life
    products in Client Configuration Guide

  * Added Salt Minion file contact method to Client Configuration Guide

  * Added Redfish to power management protocols section

  * Clarify that port 22 is required for the SUSE Manager server in the
    installation guide (bsc#1177975)

  * Added procedure for adding virtualization guests to the Client
    Configuration Guide

  * New guide added: Quickstart SAP Guide

  * Add multilang support

susemanager-docs_en:

  * Added warning about local repositories in the Clients Configuration Guide

  * Removed duplicate contact method entry in Client Configuration Guide

  * Enabled upgrade section for SLE clients on Uyuni in Clients Configuration
    Guide

  * Added a section for working with bootstrap repositories and End of Life
    products in Client Configuration Guide

  * Added Salt Minion file contact method to Client Configuration Guide

  * Added Redfish to power management protocols section

  * Clarify that port 22 is required for the SUSE Manager server in the
    installation guide (bsc#1177975)

  * Added procedure for adding virtualization guests to the Client
    Configuration Guide

  * New guide added: Quickstart SAP Guide

  * Add multilang support

susemanager-frontend-libs:

  * Update Bootstrap to 3.1.0

susemanager-schema:

  * Add 'preferred_docs_locale' to UserInfo table

  * Add new column to rhnactiondup table for allowVendorChange flag

  * Move dist upgrade SQL file to the correct directory so it gets picked up in
    schema upgrades (bsc#1179759)

susemanager-sls:

  * Fix: sync before start action chains (bsc#1177336)

  * Temp: revert Sync state modules when starting action chain execution (bsc#
    1177336)

  * Handle group- and org-specific image pillars

  * Use require in reboot trigger (bsc#1177767)

  * Add pillar option to get allowVendorChange option during dist upgrade

  * Sync state modules when starting action chain execution (bsc#1177336)

susemanager-sync-data:

  * Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS

  * Remove duplicate repo definition

uyuni-cluster-provider-caasp:

  * Show the cluster upgrade plan in the UI

yomi-formula:

  * Update to version 0.0.1+git.1604593202.a2c22bf:

      + storage: hide mountpoint if no filesystem

      + software: migrate repos as certs

      + software: add verify parameter

      + _grains: efi grains are in Salt now

      + software: transfer current repository

      + software: add repository options

      + lvm: fix indentation

      + partitioned: fix parted call and tests

  * Update to version 0.0.1+git.1601999695.6141130:

      + README: add user provided config

  * Update to version 0.0.1+git.1598948600.9a9eab0:

      + Replace fdisk with parted in partitioned

Version 4.1.3

bind-formula:

  * Temporarily disable dnssec-validation as hotfix for bsc#1177790

grafana-formula:

  * Use variable for product name

  * Add HA/SAP dashboards

  * Add support for system groups in Client Systems dashboard

image-sync-formula:

  * Do not use .gz suffix for default initrd symlink

  * Keep the old symlink "initrd.gz" for compatibility

prometheus-formula:

  * Disable Alertmanager clustering (bsc#1178145)

  * Use variable for product name

prometheus-exporters-formula:

  * Fix empty directory values initialization

  * Add systemd collector as default for node_exporters since otherwise some
    SAP/HA grafana dashboards will be empty

  * Disable reverse proxy on default

pxe-formula:

  * Change default to "initrd" without .gz suffix

py26-compat-salt:

  * Properly validate eauth credentials and tokens on SSH calls made by Salt
    API (bsc#1178319, bsc#1178362, bsc#1178361) (CVE-2020-25592,
    CVE-2020-17490, CVE-2020-16846)

python-susemanager-retail:

  * Use name "initrd" without .gz suffix

salt-netapi-client:

  * Version 0.18.0. See: https://github.com/SUSE/salt-netapi-client/releases/
    tag/v0.18.0

saltboot-formula:

  * Allow setting terminal kernel parameters in saltboot formula

spacecmd:

  * Python3 fixes for errata in spacecmd (bsc#1169664)

  * Added support for i18n of user-facing strings

  * Python3 fix for sorted usage (bsc#1167907)

spacewalk-admin:

  * Show info message when applying schema upgrade

spacewalk-backend:

  * Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-branding:

  * Enable to switch to multiple webUI theme

spacewalk-client-tools:

  * Remove RH references in Python/Ruby localization and use the product name
    instead

spacewalk-java:

  * Remove expiration date from ics files (bsc#1177892)

  * Execute Salt SSH actions in parallel (bsc#1173199)

  * Enable to switch to multiple webUI theme

  * Fix action chain resuming when patches updating salt-minion don?t cause
    service to be restarted (bsc#1144447)

  * Renaming autoinstall distro didn?t change the name of the Cobbler distro (
    bsc#1175876)

  * Fix the links for downloading the binaries in the package details UI (bsc#
    1176603)

  * Allow nightly ISS sync to also cover custom channels

  * Fix: reinspecting a container image (bsc#1177092)

  * Add power management xmlrpc api

  * Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (
    bsc#1176159)

  * Log exception trace on fatal Taskomatic startup error

  * Fix max password length check at user creation (bsc#1176765)

  * Notify about missing libvirt or hypervisor on virtual host

  * Redesign maintenance schedule systems table to use paginated data from
    server

  * Fix SP migration after dry run for cloned channels (bsc#1176307)

  * Filter not available optional channels out

  * Use correct eauth module and credentials for Salt SSH calls (bsc#1178319)

spacewalk-search:

  * Change default maximum memory to 512 MB, preventing OutOfMemoryError

spacewalk-web:

  * Enable to switch to multiple webUI theme

  * Only refresh the virtual storage list when pool events are received

  * Drop node-fetch to fix CVE-2020-15168

  * Notify about missing libvirt or hypervisor on virtual host

  * Redesign maintenance schedule systems table to use paginated data from
    server

susemanager:

  * Create bootstrap repo should not flush by default (bsc#1175843)

  * Improve detection of base channels for products (bsc#1177478)

  * Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the
    bootstrap definitions as some packages from LTSS are required (bsc#1177524)

  * Fix logrotate config

  * Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629)

susemanager-build-keys:

  * Replace "SuSE" user-facing references with "SUSE"

susemanager-doc-indexes:

  * Documented zypper autorefresh feature in Upgrade Guide

  * Update SP Migration chapter in Client Configuration Guide

  * In Client Configuration and Upgrade Guide, add link to valid autoyast
    upgrade settings

  * Move client upgrade related sections from Reference and Upgrade Guide to
    Client Configuration Guide

  * Updated Requirements chapter in Installation Guide.

  * Edits OpenSCAP section in Admin Guide (bsc#1176413)

  * Updated Terminology section in Salt Guide

  * Added on-demand images content to Install Guide

  * New book Quick Start - SAP

  * Adds webUI locale choice to Ref & Admin Guides

  * Adds new System Types section to Client Cfg

  * Updates supported client matrix in Install Guide

  * Add note about log file to Upgrade Guide

  * Removes outdated content from Activation Keys section (bsc#1177396)

  * Adds note about PAM Auth during migration (bsc#1177730)

  * Fixed broken table in admin guide

susemanager-docs_en:

  * Documented zypper autorefresh feature in Upgrade Guide

  * Update SP Migration chapter in Client Configuration Guide

  * In Client Configuration and Upgrade Guide, add link to valid autoyast
    upgrade settings

  * Move client upgrade related sections from Reference and Upgrade Guide to
    Client Configuration Guide

  * Updated Requirements chapter in Installation Guide.

  * Edits OpenSCAP section in Admin Guide (bsc#1176413)

  * Updated Terminology section in Salt Guide

  * Added on-demand images content to Install Guide

  * New book Quick Start - SAP

  * Adds webUI locale choice to Ref & Admin Guides

  * Adds new System Types section to Client Cfg

  * Updates supported client matrix in Install Guide

  * Add note about log file to Upgrade Guide

  * Removes outdated content from Activation Keys section (bsc#1177396)

  * Adds note about PAM Auth during migration (bsc#1177730)

  * Fixed broken table in admin guide

susemanager-schema:

  * Execute Salt SSH actions in parallel (bsc#1173199)

  * Show info message when applying schema upgrade

  * Add web_theme user preferences column (bsc#1178204)

susemanager-sls:

  * Fix action chain resuming when patches updating salt-minion don?t cause
    service to be restarted (bsc#1144447)

  * Make grub2 autoinstall kernel path relative to the boot partition root (bsc
    #1175876)

  * Move channel token information from sources.list to auth.conf on Debian 10
    and Ubuntu 18 and newer

  * Add support for activation keys on server configuration Salt modules

  * Ensure the yum/dnf plugins are enabled

  * Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (
    bsc#1176159)

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  * Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  * Update to 1.0.1

      + Changes to build specification + Modify spec: update golang version to
        1.14 + Remove update tarball script + Add _service file to allow for
        updates via osc service disabledrun

      + Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 +
        [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix
        build tags for collectors #1745 + [BUGFIX] Handle no data from
        powersupplyclass #1747, #1749

  * Update to 1.0.0

      + Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #
        1380 + [BUGFIX] Renamed label state to name on
        node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil
        reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint
        labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 +
        [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in
        cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #
        1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX]
        Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix
        network speed math #1580 + [BUGFIX] collector/systemd: use regexp to
        extract systemd version #1647 + [BUGFIX] Fix initialization in perf
        collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally
        empty lines in meminfo_linux #1671

      + Several enhancements + See https://github.com/prometheus/node_exporter/
        releases/tag/v1.0.0

  * Update to 1.0.0-rc.0

      + The netdev collector CLI argument --collector.netdev.ignored-devices
        was renamed to --collector.netdev.device-blacklist in order to conform
        with the systemd collector. #1279

      + The label named state on node_systemd_service_restart_total metrics was
        changed to name to better describe the metric. #1393

      + Refactoring of the mdadm collector changes several metrics
        node_md_disks_active is removed node_md_disks now has a state label for
        "fail", "spare", "active" disks. node_md_is_active is replaced by
        node_md_state with a state set of "active", "inactive", "recovering",
        "resync".

      + Additional label mountaddr added to NFS device metrics to distinguish
        mounts from the same URL, but different IP addresses. #1417

      + Metrics node_cpu_scaling_frequency_min_hrts and
        node_cpu_scaling_frequency_max_hrts of the cpufreq collector were
        renamed to node_cpu_scaling_frequency_min_hertz and
        node_cpu_scaling_frequency_max_hertz. #1510

      + Collectors that are enabled, but are unable to find data to collect,
        now return 0 for node_scrape_collector_success.

  * Add missing sysconfig file in rpm bsc#1151557

hibernate5:

  * Address CVE-2019-14900 (bsc#1172079)

  * Add patch

hub-xmlrpc-api:

  * One configuration flag was renamed for clarity

  * Added USE_SSL flag to https insted of plain http

  * Updated docs

  * Bugfixes

  * Changed configuration to plain variables

  * Bugfixes

patterns-suse-manager:

  * Change PostgreSQL requirements to require at least PostgreSQL 12

prometheus-exporters-formula:

  * Bugfix: Handle <NoneType> arguments (bsc#1176844)

salt-netapi-client:

  * Fix text resource usage

spacecmd:

  * Fix softwarechannel_listlatestpackages throwing error on empty channels (
    bsc#1175889)

spacewalk-backend:

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Only regenerate bootstrap repositories when linking new packages (bsc#
    1174636)

  * Support installer_updates flag in ISS

  * Remove duplicate languages and update translation strings

spacewalk-branding:

  * Re-enable language picker for user creation

spacewalk-certs-tools:

  * Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  * Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  * Remove duplicated languages and update translation strings

spacewalk-java:

  * Force disable SPA for non-navigation links (bsc#1175512)

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Pass the log level parameter to matcher

  * Add language picker to user preferences and user creation

  * Detect client organization from connected proxy (bsc#1175545)

  * Fix EntityExistsException on migration from traditional to salt minion via
    proxy (bsc#1175556)

  * Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529
    )

  * Add java.allow_adding_patches_via_api to allow adding errata to vendor
    channels

  * Fix alignment on icon on entitlement page

  * Support installer update channels during autoinstallation

  * Filter machines not in maintenance mode for remote commands

  * Reset the server path on minion registration (bsc#1174254)

  * Data null means the sync never ran yet (bsc#1174357)

spacewalk-utils:

  * Avoid exceptions on the logs when looking for channels that do not exist (
    bsc#1175529)

spacewalk-web:

  * Fix the jQuery selector in SP Migration page (bsc#1176500)

  * Fix JavaScript error caused by SPA navigation event with empty event field
    (bsc#1176503)

  * Force disable SPA for non-navigation links (bsc#1175512)

  * Add translation support for react t() function

  * Fix striping on react tables

  * Update translation strings

subscription-matcher:

  * Allow matching any guest products for Unlimited Virtualization
    subscriptions (bsc#1165287)

  * Only report confirmed matches in the output.json

  * Expose the log level setting to the command line

  * In the subscriptions CSV output, print the active subscriptions first

susemanager:

  * Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME,
    etc)

  * Support installer update channels during autoinstallation

  * Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS bootstrap
    problems (bsc#1176913)

susemanager-build-keys: - Trust PackageHub key (bsc#1175103)

susemanager-doc-indexes:

  * Remove old certs before renaming in Administration Guide (bsc#1171836)

  * Reference example scripts for SP Mass Migration in Upgrade Guide

  * Move PoS Terminal Requirements to the Requirements sections in the Retail
    Guide

  * Updated SP Mass Migration section in Upgrade Guide for clarity

  * Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  * New section Upgrade Uyuni Proxy in Upgrade Guide

  * New section Upgrade Uyuni Server in Upgrade Guide

  * Add GPG information about Oracle clients to SUMA (bsc#1173520)

  * Add hostname admonition to public cloud sections (bsc#1173621)

  * Add error wording to Taskomatic troubleshooting (bsc#1172263)

  * Add required URLs to Installation Guide

  * Replaces removed instructions for adding channels on older Ubuntu clients
    using the CLI in SUMA (bsc#1174025)

  * Added more concepts to Client Cfg

  * Documented maintenance windows feature in Admin Guide

  * Some reorganization of Client Cfg & Admin Guides

  * Updates storage device requirements in Install Guide

  * Adds new section for SUMA formulas in the Salt Guide

  * Updates storage device requirements in Install Guide

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * Add note about CentOS upstream repository (bsc#1173603)

  * Add firewall troubleshooting to Admin Guide

  * Fix Azure command in Install Guide (thanks Rahul-CTS)

  * Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  * Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  * Adds Uyuni Config Modules to the Salt Guide as tech preview

  * Fix contrast problem for visited links (bsc#1176862)

susemanager-docs_en:

  * Remove old certs before renaming in Administration Guide (bsc#1171836)

  * Reference example scripts for SP Mass Migration in Upgrade Guide

  * Move PoS Terminal Requirements to the Requirements sections in the Retail
    Guide

  * Updated SP Mass Migration section in Upgrade Guide for clarity

  * Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  * New section Upgrade Uyuni Proxy in Upgrade Guide

  * New section Upgrade Uyuni Server in Upgrade Guide

  * Add GPG information about Oracle clients to SUMA (bsc#1173520)

  * Add hostname admonition to public cloud sections (bsc#1173621)

  * Add error wording to Taskomatic troubleshooting (bsc#1172263)

  * Add required URLs to Installation Guide

  * Replaces removed instructions for adding channels on older Ubuntu clients
    using the CLI in SUMA (bsc#1174025)

  * Added more concepts to Client Cfg

  * Documented maintenance windows feature in Admin Guide

  * Some reorganization of Client Cfg & Admin Guides

  * Updates storage device requirements in Install Guide

  * Adds new section for SUMA formulas in the Salt Guide

  * Updates storage device requirements in Install Guide

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * Add note about CentOS upstream repository (bsc#1173603)

  * Add firewall troubleshooting to Admin Guide

  * Fix Azure command in Install Guide (thanks Rahul-CTS)

  * Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  * Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  * Adds Uyuni Config Modules to the Salt Guide as tech preview

  * Fix contrast problem for visited links (bsc#1176862)

susemanager-schema:

  * Support installer update channels during autoinstallation

  * Prevent a deadlock error involving delete_server and update_needed_cache (
    bsc#1173073)

susemanager-sls:

  * Add uyuni-config-modules subpackage with Salt modules to configure Servers

  * Fix reporting of missing products in product.all_installed (bsc#1165829)

Version 4.1.1

cobbler:

  * More old modules naming fixes (bsc#1169553)

image-sync-formula:

  * Allow image-sync state on regular minion. Image sync state requires
    branch-network pillars to get the directory where to sync images. Use
    default /srv/saltboot if that pillar is missing so image-sync can be
    applied on non branch minions as well.

mgr-libmod:

  * Remove unnecessary array wrap in 'list_modules' response object

mgr-osad:

  * Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#
    1174405)

openvpn-formula:

  * Add hint that ssl certs must be on system (bsc#1172279)

patterns-suse-manager:

  * Add Recommends for golang-github-QubitProducts-exporter_exporter

prometheus-exporters-formula:

  * Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)

  * Add support for exporters proxy (exporter_exporter)

pxe-default-image-sle15:

  * Rollback the workaround for bsc#1172807, as dracut is now fixed

saltboot-formula:

  * Better fix for rounding errors (bsc#1136857)

spacecmd:

  * Fix softwarechannel update for vendor channels (bsc#1172709)

  * Fix escaping of package names (bsc#1171281)

spacewalk-backend:

  * Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  * Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  * Adds basic functionality for gpg check

  * Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-branding:

  * Implement Maintenance Windows

  * Fix typo on spacewalk-branding license

spacewalk-certs-tools:

  * Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

  * Fix centos detection (bsc#1173584)

spacewalk-java:

  * use media.1/products from media when not specified different (bsc#1175558)

  * Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  * Fix error when rolling back a system to a snapshot (bsc#1173997)

  * Implement maintenance windows backend

  * Add check for maintainence window during executing recurring actions

  * Implement maintenance windows in struts

  * XMLRPC: Assign/retract maintenance schedule to/from systems

  * Fix softwarechannel update for vendor channels (bsc#1172709)

  * Avoid deadlock when syncing channels and registering minions at the same
    time (bsc#1173566)

  * Change system list header text to something better (bsc#1173982)

  * Set CPU and memory info for virtual instances (bsc#1170244)

  * Add virtual network Start, Stop and Delete actions

  * Add virtual network list page

  * Fix httpcomponents and gson jar symlinks (bsc#1174229)

  * Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

  * Provide comps.xml and modules.yaml when using onlinerepo for kickstart

  * Refresh virtualization pages only on events

  * Fix up2date detection on RH8 when salt-minion is used for registration

  * Improve performance of the System Groups page with many clients (bsc#
    1172839)

  * Include number of non-patch package updates to non-critical update counts
    in system group pages (bsc#1170468)

  * Bump XMLRPC API version number to distinguish from Spacewalk 2.10

  * Cluster UI: return to overview page after scheduling actions

  * Fix NPE on auto installation when no kernel options are given (bsc#1173932)

  * Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)

  * Adapt expectations for jobs return events after switching Salt states to
    use 'mgrcompat.module_run' state.

spacewalk-utils:

  * Add aarch64 for openSUSE Leap 15.1 and 15.2

spacewalk-web:

  * Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  * Fix JS linting errors/warnings

  * Enable Nutanix AHV virtual host gatherer.

  * Web UI: Implement managing maintenance schedules and calendars

  * Warn when a system is in multiple groups that configure the same formula in
    the system formula?s UI (bsc#1173554)

  * Add virtual network start, stop and delete actions

  * Add virtual network list page

  * Fix internal server error when creating module filters in CLM (bsc#1174325)

  * Fix VM creation page when there is no volume in the default storage pool

  * Refresh virtualization pages only on events

  * Product list in the Wizard doesn?t show SLE products first (bsc#1173522)

  * Cluster UI: return to overview page after scheduling actions

  * Changes in the logic to update the tick icon.

  * For the postgres localhost:5432 case, use the

  * Fix internal server errors by returning 0 instead of dying

  * Add missing dependency to spacewalk-base-minimal (bsc#678126)

  * Change kickstart to autoinstallation in navigation on pxt pages

  * Debranding

suseRegisterInfo:

  * Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

susemanager:

  * Migrate all occurrences of kickstart to autoinstall in cobbler database (
    bsc#1169780)

  * Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

  * Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
    required to get python3-M2crypto (bsc#1174167)

susemanager-doc-indexes:

  * Ubuntu clients using the CLI in SUMA (bsc#1174025)

  * Left navigation structure cleaned up

  * Fixed several broken xrefs

  * Added hostname admonition for public cloud sections

  * Clarified Branch Proxy configuration instructions

  * Fixed index page pdf links, urls were 1 step to deep

  * SUSECOM 2020 branding update

  * PDF 2020 branding update

  * WEBUI 2020 branding update

  * Added maintenance window documentation

  * Added SLE client chapter

  * Added 508 compliance

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Added docs for nutanix VHM

susemanager-docs_en:

  * Ubuntu clients using the CLI in SUMA (bsc#1174025)

  * Left navigation structure cleaned up

  * Fixed several broken xrefs

  * Added hostname admonition for public cloud sections

  * Clarified Branch Proxy configuration instructions

  * Fixed index page pdf links, urls were 1 step to deep

  * SUSECOM 2020 branding update

  * PDF 2020 branding update

  * WEBUI 2020 branding update

  * Added maintenance window documentation

  * Added SLE client chapter

  * Added 508 compliance

  * Added reverse proxy information to Monitoring in Admin Guide

  * Add note about accessibility to index

  * In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
    versioning.

  * Added docs for nutanix VHM

susemanager-frontend-libs:

  * Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

  * Add new states and types for virtual instances in order to support Nutanix
    AHV.

  * Implement Maintenance Windows

  * Add virtual network state change action

  * Internal fixes to avoid problems with the idempotency tests

susemanager-sls:

  * Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)

  * Fix: supply a dnf base when dealing w/repos (bsc#1172504)

  * Fix: autorefresh in repos is zypper-only

  * Add virtual network state change state to handle start, stop and delete

  * Add virtual network state change state to handle start and stop

  * Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)

  * Force a refresh after deleting a virtual storage volume

  * Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions
    (bsc#1173169)

  * Require PyYAML version >= 5.1

  * Log out of Docker registries after image build (bsc#1165572)

  * Prevent "module.run" deprecation warnings by using custom mgrcompat module

susemanager-sync-data:

  * Remove version from centos and oracle linux identifier (bsc#1173584)

uyuni-common-libs:

  * Fix issues importing RPM packages with long RPM headers (bsc#1174965)

virtual-host-gatherer:

  * Add new gatherer module for Nutanix AHV.

virtualization-host-formula:

  * Ensure kernel-default and libvirt-python3 are installed

  * Set bridge network as default

  * Fix conditionals (bsc#1175791)

yomi-formula:

  * Update to version 0.0.1+git.1595952633.b300be2:

      + pillar: install always kernel-default

      + chroot: python3-base is now a capability

      + Move systemctl calls inside chroot

      + Network: initial work for network declaration

      + MicroOS: Remove tmp subvolume

      + Update format following the new standard

      + Fix __mount_device wrapper

Major changes since SUSE Manager Server 4.0

New SUSE branding

The SUSE Manager 4.1 WebUI and documentation have been refreshed with the new
SUSE branding guidelines, as published in the SUSE Brand website and SUSE EOS
Design System.

The new theme is lighter and gives a bit more of free space between elements
for better readability.

New products enabled

  * SUSE Linux Enterprise Real Time 12 SP5

  * SUSE Linux Enterprise 15 SP2 family (including LTSS)

  * SUSE Linux Enterprise 15 SP3 family (beta)

  * SUSE Container as a Service Platform 4.5

  * SUSE Enterprise Storage 7

  * openSUSE Leap 15.2

  * MicroFocus Open Enterprise Server 2018 SP2

  * CentOS 6, 7, and 8

  * Oracle Linux 6, 7 and 8

  * Ubuntu 20.04 LTS *

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in
the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete
your existing channels, synchronize the channel information from SCC, and
reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows
in the product tree in the WebUI.

Ubuntu 20.04 LTS

The Ubuntu 20.04 LTS product is now managed as a vendor channel and repository
URLs (but not packages or metadata) come from SCC directly, so there is no need
to use spacewalk-common-channels or manually add the repository URLs.

Ubuntu 18.04 LTS and 16.04 LTS still require manually adding the repository
URLs via the WebUI or spacewalk-common-channels.

Cluster Management

As you modernize your IT landscape and make use of Software Defined
Infrastructure stacks based on technologies like Kubernetes and Ceph, your
focus of managing the IT infrastructure has to move from managing individual
Linux servers and VMs to managing infrastructure clusters. Multiple cluster
types will be supported in coming releases, with SUSE Manager 4.1 initially
providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecture: redundant servers,
scale out, high-availability, etc where you deploy different kinds of clusters,
such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a
whole piece of infrastructure instead of as discrete nodes puts you in charge.

SUSE Manager 4.1 implements cluster management of SUSE CaaS Platform 4.x
clusters. SUSE Manager works hand-in-hand with CaaS Platform to make sure that
all cluster operations are issued properly.

The following actions are currently supported:

  * Register an existing cluster to SUSE Manager

  * Add or remove nodes to the cluster

  * Promote SLES system to managing node

  * Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an
upcoming version of SUSE Manager.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified
schedule. You can apply recurring action to individual clients, to all clients
in a system group, or to an entire organization. The Recurring Actions section
in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent
releases of SUSE Manager, including maintenance windows and patch automation.

Monitoring enhancements

Federation

The new version of the Prometheus formula allows configuring federation and
pulling relevant metrics from Prometheus instances to provide a global
monitoring view. This configuration is useful for a number of cases, such as:

  * Remote sites, each one with its own Prometheus server

  * Collecting monitoring data from multiple applications, each one of them
    providing its own Prometheus server (e. g. multiple SUSE products: SUSE
    Manager, CaaSP, SES, HA)

The combined data can then be visualized using Grafana.

Note that suitable recording rules have to be configured on the Prometheus
instances (for example at CaaSP Prometheus instances). For more information
about Prometheus federation, check the official documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus
instances themselves (meta-monitoring) and the availability of configured
targets. These rules can be changed in the WebUI.

CaaSP dashboards

Specific Grafana dashboards for SUSE Container as a Service Platform have been
integrated and can be deployed via the WebUI.

Updated Grafana and Prometheus

Grafana has been updated to version 7.0.3 and Prometheus to version 2.18.

Updated Node Exporter

The Prometheus Node Exporter has been updated to version 0.18.1.

All the changes can be found in the changelog for the package, or upstream
(changelog for 0.18.0 and 0.18.1).

The new version includes some breaking changes:

  * Renamed interface label to device in netclass collector for consistency
    with other network metrics

  * The cpufreq metrics now separate the cpufreq and scaling data based on what
    the driver provides

  * The labels for the network_up metric have changed

  * Bonding collector now uses mii_status instead of operstatus

  * Several systemd metrics have been turned off by default to improve
    performance. These include unit_tasks_current, unit_tasks_max,
    service_restart_total, and unit_start_time_seconds

  * The systemd collector blacklist now includes automount, device, mount, and
    slice units by default

Virtual storage pool support

Virtual machine disks are stored in storage pools. Previously, SUSE Manager
could only list storage pools.

With SUSE Manager 4.1, it is now possible to create, edit, start, stop,
refresh, and delete storage pools. This is available from the WebUI, or through
Salt states.

Performance improvements

Reposync

Repository syncing has been optimized to perform in less time with respect to
past versions. The performance improvement could be up to 6 times faster,
depending on the hardware setup (specifically CPUs and network bandwidth) and
number of packages.

Content Lifecycle Magement

Content Lifecycle Management has been optimized, with basic operations (build,
promotion) up to two orders of magnitude faster and a quicker UI loading in
installations with many channels and organizations.

Prometheus Service Discovery

Thanks to a number of enhancements and optimizations, Prometheus Service
Discovery is now 10 times faster, on average, than it was in SUSE Manager 4.0.

Usability

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as
well as the required packages for registering Salt or traditional clients
during bootstrapping.

In SUSE Manager 4.0 and earlier, bootstrap repository creation was a manual
step, using the mgr-create-bootstrap-repo tool.

In SUSE Manager 4.1, bootstrap repositories are automatically created and
regenerated on the SUSE Manager Server after a product is synchronized (and all
mandatory channels have been fully mirrored).

More details, including how to revert to manual invocation, are available from
the Client Configuration Guide.

Automatic database schema migrations and fail-over mechanism

Database schema upgrades are now applied automatically during services startup,
so there is no need to call spacewalk-schema-upgrade manually. To prevent SUSE
Manager services from starting if the schema upgrade has not successfully
completed, a fail-over security mechanism has been implemented.

In case the database migration has not finished, or if it finishes with an
error:

  * The spacewalk-service start command fails, and information is provided
    about the error.

  * No services will start, including the Apache service. This means the WebUI
    will also be unavailable.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual
acceptance, and sometimes even manual installation, of the third-party keys for
products available from the product tree. Alternatively, an option to not
verify the GPG key signature was there.

In addition to SUSE?s, SUSE Manager 4.1 now includes the GPG keys used to sign
packages and/or metadata by other vendors whose products are available in the
product tree in the WebUI:

  * openSUSE

  * CentOS

  * Oracle Linux

  * Ubuntu

  * MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature
verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still
required for security reasons.

Onboarding of clients with SSH keys

In SUSE Manager 4.0, password authentication was the only authentication type
available to bootstrap clients from the Server.

SUSE Manager 4.1 introduces a new SSH private key authentication method,
including use of a passphrase on the private key. This is specially useful on
the public cloud, where images prefer to authenticate with SSH instead of user
and password.

To protect your security, the private key is only stored on the SUSE Manager
Server during the bootstrap procedure and removed immediately after
bootstrapping is complete, therefore the private key must be provided for each
bootstrap.

This feature is available in the WebUI for Salt clients.

From the API, the new method bootstrapWithPrivateSshKey in the namespace system
is documented in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase,
MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)

Service Pack migration: remember settings

A common source of errors in Service Pack Migrations is the human factor: a
complex migration is carefully crafted, dry-run to a success, only to
mysteriously fail in production. More often than not, the reason for this is
when re-creating the migration for production, some step was forgotten.

In SUSE Manager 4.1, the Service Pack Migration feature has gained memory: you
can now re-run successful dry-runs. This is especially useful when you have
configured a complex migration, tested it successfully, and would like to make
sure it runs in production with exactly the same settings it was designed to
run with. To do this, go to the System Event History of the Dry-run action.
There is a button "Run migration" which lets you execute the Service Package
Migration.

Subscription warning

SUSE Manager requires an active subscription to connect to the SUSE Customer
Center and download content and data.

We have now added a check in the Products page that will show a warning when
the subscription is not available for one of these reasons:

  * Subscription was not added

  * Subscription was disabled

  * Subscription expired

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with
system type "Proxy".

Improved sync status visibility

In the product page, a new sync status icon has been added to convey the right
information.

When a channel contains root and child products, separate feedback is provided
for each product, to make sure a synchornization failure in either the root
product, or a child product, will be immediately noticed.

Single Page Application UI (SPA)

In an effort to provide our WebUI users with a smoother navigation, we have
implemented large parts of the user interface as a single page application.

This enhancement was started in SUSE Manager 4.0 as an opt-in feature and now
becomes the default in SUSE Manager 4.1.

RHEL 8 enhancements

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS, and Oracle Linux 8 appstreams can now be mixed and
converted to flat repositories using a new type of CLM filter.

In order to make this feature easier to use, in SUSE Manager 4.1:

  * SUSE Manager will show an error and prevent the user from proceeding when
    there are module conflicts, a module is unavailable or modular filters are
    in use but no modular sources have been added (and viceversa)

  * Module names can be picked via a UI widget instead of typing this manually,
    thus avoiding errors

Prometheus exporters

Exporters for RHEL, SLES ES, CentOS, and Oracle Linux 8 are now available:

  * Node exporter: hardware and operating system metrics

  * Apache exporter: Apache HTTP server metrics

  * PostgreSQL exporter: PostgreSQL database metrics

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is
supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is
not feasible, it is now possible to use a Retail Branch Server running in a
remote datacenter or public cloud.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting
EFI terminals (systems) using HTTP in addition to TFTP.

Custom headers for reposync

Reposync can now send additional custom HTTP headers configured in the /etc/rhn
/spacewalk-repo-sync/extra_headers.conf file.

This new feature serves a number of special use cases, such as feeding special
data to network proxies, bypassing MFA or informing traffic inspection devices
your data is secure to avoid wasting resources inspecting e. g. large RPMs or
containers.

Details are available in the Reference Guide.

New documentation

Two new books have been added to the SUSE Manager 4.1 documentation:

  * Large Deployments Guide. Everything related to architecture and
    configuration for large (thousands of clients) deployments is contained in
    this guide. It contains all the documentation for the SUSE Manager Hub
    component. Some parts of the Salt guide that dealt with parameter tuning
    for large deployments have now been moved here too.

  * Public Cloud QuickStart Guide. This new guide shows you the fastest way to
    get SUSE Manager up and running in a public cloud. It includes instructions
    for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

  * A new section on how to configure Salt for GitFS to achieve GitOps has now
    been added to the Salt Guide

  * In-place automatic upgrade of SUSE Linux Enterprise clients is now
    documented, with a sample AutoYaST profile.

  * Example SSO implementation with Keycloak

  * Lots of revised and updated content across all guides

OpenVPN formula

As part of SUSE?s Home Office Workplace initiative in response to the crisis
caused by the COVID-19, the SUSE Manager team has created a formula with forms
to provision an OpenVPN Server node and manage client certificates from SUSE
Manager.

For more details, see the SUSE Home Office Workplace blog, documentation and
webinar.

spacewalk-utils

In SUSE Manager 4.0 and earlier, the spacewalk-utils package contained a mix of
L3 and L1 supported tools.

In SUSE Manager 4.1, we have split spacewalk-utils in two packages, with clear
support levels for each:

  * spacewalk-utils contains only fully-supported (i. e. L3) tools:

      + spacewalk-common-channels: add channels not provided by SCC

      + spacewalk-hostname-rename: change SUSE Manager Server hostname

      + spacewalk-clone-by-date: clone channels by a specific date

      + spacewalk-sync-setup: set up ISS master/slave organization mappings

      + spacewalk-manage-channel-lifecycle: manage channels lifecycle

  * spacewalk-utils-extras contains the tools for which SUSE only provides
    limited (i. e. L1) support:

      + apply_errata: apply errata to systems

      + delete-old-systems-interactive: remove idle systems

      + migrate-system-profile: migrate systems between organizations

      + spacewalk-api: alternative to spacecmd api

      + spacewalk-export: export Spacewalk 2.x and Red Hat Satellite 5 data

      + spacewalk-export-channels: export Spacewalk 2.x and Red Hat Satellite 5
        channels

      + spacewalk-final-archive: archive information from a running Spacewalk
        2.x and Red Hat Satellite 5 server prior to a final shutdown

      + spacewalk-manage-snapshots: report on and purge snapshot entries by age

      + sw-ldap-user-sync: creates new SUSE Manager accounts for users in a
        specific LDAP group and removes SUSE Manager accounts after deleting
        users from a specific LDAP group

      + sw-system-snapshot: list or delete system snapshots from the management
        server

      + taskotop: displays a summary of Taskomatic activities in progress

Tools in spacewalk-utils-extras are valuable but they are so specific, or
require additional customization for each customer, that it is not possible for
SUSE to fully support them. If you were using these scripts in spacewalk-utils
in SUSE Manager 4.0 or earlier, you will need to install spacewalk-utils-extras
in SUSE Manager 4.1.

L1 support is limited to problem determination, which means technical support
designed to provide compatibility information, usage support, on-going
maintenance, information gathering and basic troubleshooting using available
documentation. Should you need more advanced help or customization with a tool
from spacewalk-utils-extras, please contact SUSE Consulting.

Single Sign-On (SSO)

SUSE Manager supports Single Sign-On authentication to the WebUI by
implementing the Security Assertion Markup Language (SAML) 2 protocol. This
feature, introduced in 4.0 as a Technology Preview, is now declared stable and
fully supported.

SUSE Manager must be reconfigured to use the IdP as the source of
authentication and post-login mapped users must be already created before
enabling SSO.

For more on configuring SSO, see the Authentication Methods chapter in the
Administration guide and the Example SSO implemenation with Keycloak.

Technology previews

SUSE Manager Hub XML-RPC API

The SUSE Manager Hub is a new multi-server architecture we are introducing as a
technology preview in SUSE Manager 4.1.

Multiple SUSE Manager Servers can be managed from a single Hub node. The Hub is
a Salt master itself and the managed SUSE Manager Server servers are both a
minion (to the hub) and a master (to their own minions).

SUSE Manager Hub Architecture

The Hub covers a number of use cases, such as:

  * Scalability: when a single SUSE Manager Server will no longer be enough

  * Intermittently connected and bandwidth-limited sites, which can now be
    managed with their own schedule thanks to the Hub

  * Multi-tenancy with individual SUSE Manager Servers. While SUSE Manager is
    multi-organization itself, in some scenarios, an even stronger separation
    is required. The Hub provides a way to manage and aggregate back
    information for all those SUSE Manager Server servers.

The Hub comprises a number of components that we will be releasing and
enhancing during the SUSE Manager 4.1 lifecycle. The first component of the Hub
we are now introducing as a Technology Preview is the Hub XML-RPC API, which
provides an extended version of the SUSE Manager Server XML-RPC API, targeted
for the multi-server case.

Everything related to the Hub is documented in the new Large Deployments Guide.

  * The Hub XML-RPC API reached maturity in SUSE Manager 4.1.2, so it is no
    longer a technology preview.

Yomi

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE
operating systems.

In SUSE Manager 4.1, Yomi can be used as part of provisioning new clients, as
an alternative to AutoYaST. Yomi consists of two components:

  * The Yomi formula, which contains the Salt states and modules required to
    perform the installation.

  * The operating system image, which includes the pre-configured salt-minion
    service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added
in coming releases.

Salt 3000

Salt has been upgraded to upstream version 3000, plus a number of patches,
backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and
Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are
included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto
library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old
syntax of the module.run module.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE
Manager 4.1 will refuse to start until the database migration from PostgreSQL
10 to PostgreSQL 12 has completed successfully.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Dropped features

Unpublished patches

The Unpublished Patches feature has been dropped in SUSE Manager 4.1.0.

This was a very old feature which originated more than 15 years ago when
Spacewalk was used internally by vendors to manage patches before making them
available to their customers. This functionality has been superseded a long
(more than 10 years) time ago by other features in Uyuni for sysadmins, and by
tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and
the SUSE Manager community, we received no feedback against the removal and
executed on it.

This will help us realize even further performance improvements in several
areas, including the commonly-used Content Lifecycle Management build and
promotion operations.

If you still have any unpublished patches, make sure you publish them with SUSE
Manager 4.0 before migrating to SUSE Manager 4.1.

API breakage

With the removal of the unpublished patches feature, some APIs have changed and
are therefore incompatible with SUSE Manager 4.0 and earlier:

  * Method errata.listUnpublishedErrata was removed

  * Method errata.create has one less parameter (the publish boolean, now
    always true) and it is now mandatory to specify at least one channel label
    in the last parameter (channelLabels). Previously specifying at least one
    channel label was mandatory only if publish was set to true.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and SUSE Manager
Retail Branch Server 4.0. When upgrading, upgrade the SUSE Manager Server
first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/4.1/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting, are only supported in the context of SUSE Manager. Stand-alone usage
(e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 6, 7 and 8 minor release clients.
Older minor releases might still work but will only be supported on a limited
and reasonable-effort basis.

The same rule applies to CentOS and Oracle Linux.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 16.04 LTS, 18.04 LTS and 20.04 LTS clients using
Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using
Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers
the same functionality that is supported for the x86_64 architecture. Client
tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client
tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is
limited to problem determination, which means technical support designed to
provide compatibility information, usage support, on-going maintenance,
information gathering, and basic troubleshooting using available documentation.
At the time of writing, any problems or bugs specific to RHEL and CentOS on
ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web
UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are
the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.1 on top of an existing SUSE Linux Enterprise
Server 15 SP2 is known to generate an incomplete installation. If you require
such a setup, please contact SUSE Consulting.

Known issues

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API
or CLI tools. This will be fixed in a future release of SUSE Manager.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or
compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages
from EPEL, which miss some features available in the SUSE Manager-provided Salt
packages. This is especially important since it will result in the bootstrap
repository containing the non-SUSE Salt packages. Therefore, this is an
unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt
packages from EPEL in advance (for example, by removing the Salt packages in
Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors
may be logged from the moment the official Red Hat channels are added until the
moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS or Oracle Linux.

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation
set is missing some packages required for the onboarding to work. It is
recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and
openssh-clients packages before onboarding.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it
to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client
works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion
will also work.

                  Works                                   Fails
RH Satellite 5.x ? SUSE Manager            RH Satellite 5.x ? SUSE Manager Salt
traditional                                minion

SUSE Manager traditional ? SUSE Manager
Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions, you will need to modify the bootstrap script to remove the Satellite
agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as
Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your
support contact or in the SUSE Forums:

https://forums.suse.com/categories/suse-manager

Resources

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional
information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE LLC
Maxfeldstr. 5
D-90409 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG N?rnberg
Gesch?ftsf?hrer/Managing Director: Felix Imend?rffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erf?llungsort/Legal Venue: N?rnberg

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.

Last updated 2021-07-04 21:29:45 +0200
