This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • March 2023: 4.3.5 release

  • February 10th, 2023: 4.3.4 release

  • December 14th, 2022: 4.3.3 release

  • October 26th, 2022: 4.3.2 release

  • September 8th, 2022: 4.3.1 release

  • June 20th, 2022: 4.3 GA

About SUSE Manager Proxy 4.3

SUSE Manager Proxy provides mirroring proxy support for large and distributed environments.

Operation of the proxy is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server, and like a server to the managed clients. Managed clients talk to the proxy only, and the proxy in turn communicates to the SUSE Manager Server.

All software packages that pass the SUSE Manager Proxy are cached and subsequent client requests for these packages are resolved from the cache.

Containerization

One goal that we want to achieve in a long run to enable SUSE Manager to be deployed in container-only environments, independently from the base OS. Allow SUSE Manager components (specifically Proxies/Retail Branch servers) to run in more resource-constrained environments. Edge market is our main audience here with this effort. It will allow users to install SUSE Manager components on top of kubernetes, increasing flexibility and future viability

Enabling SUSE Manager Proxy 4.3 and Retail Branch Servers 4.3 to also run in containers, is in scope of this release.

System requirements

SUSE Manager Proxy is available for x86_64 architecture only. We recommend you have at least 8 GB main memory, and approximately 50 GB of disk space per distribution or channel.

Consider additional disk space required for storing images for retail terminals.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/4.3/.

SUSE Manager Proxy distribution

SUSE Manager Proxy 4.3 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 SP4. No separate SUSE Linux Enterprise subscription is required.

Installation and setup

Installation of SUSE Manager Proxy 4.3 is done with the SUSE Manager Server 4.3 Web interface.

For more details on installing and configuring SUSE Manager Proxy 4.3, see the Installation Guide on https://documentation.suse.com/suma/4.3/.

Upgrade from previous version

To upgrade an existing SUSE Manager Proxy 4.1 or 4.2 system to SUSE Manager Proxy 4.3, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.3/.

SUSE Manager Server versions

SUSE Manager Proxy 4.3 works only with SUSE Manager 4.3 Server.

SUSE Manager Server 4.3 works with SUSE Manager Proxy 4.1 and SUSE Manager Proxy 4.2 but only for migration purposes. The product is not intended to be used in a mixed-version scenario in production.

Major changes since SUSE Manager Proxy 4.3 GA

Features and changes

Version 4.3.5

Salt 3000 EOL

Upstream Salt 3000 went End of life on August 31, 2021. However, because it was part of the Advanced Systems Management Module of SUSE Linux Enterprise 12 and there was no bundle available for SUSE Manager 4.1, we needed to keep it supported for the life of SUSE Manager 4.1.

Salt 3000 will no longer be supported in the context of SUSE Manager now that both SUSE Manager 4.1 and the Advanced Systems Management Module of SUSE Linux Enterprise 12 are End of Life. Customers are required to migrate existing Salt 3000 minions for SUSE Linux Enterprise Server 12, Red Hat Enterprise Linux 7, CentOS 7, Oracle Linux 7, and Amazon Linux 2 to the Salt Bundle in order to get the support.

For more information about performing Salt 3000 to Salt Bundle migrations, please consult the Client Configuration Guide.

IMPORTANT: The Salt 3000 will no longer receive updates or L3 support. For updates and support, all minions currently using Salt 3000 must be migrated to the Salt Bundle.

Version 4.3.4

Bugfix release.

Version 4.3.3

Bugfix release.

Version 4.3.2

Fully supported Containerized Proxy and Retail Branch Server

SUSE Manager 4.3 came with containerized SUSE Manager Proxy and Retail branch server as Tech Preview. We can now happily announce that we are moving this feature from the Technology Preview umbrella to under the fully supported one. Please consult the Known issues section for some limitations around this.

Version 4.3.1

Technology Preview: Helm chart to deploy containerized SUSE Manager Proxy and Retail Branch Server

Deploying Proxy and Retail Branch Servers as containers is now also possible using a Helm chart.

For more information check this README file. The information will be part of the SUSE Manager official documentation in a future release.

WARNING: The container images configuration has a new format and it is now packaged as tar.gz file. All previously deployed container Proxies and Retail Branch Servers will need to get their configuration regenerated and deployed again before pulling these images.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.3.5

patterns-suse-manager:

  • Move the required cobbler version from the packages to the Server pattern

spacecmd:

  • Version 4.3.19-1

    • Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352)

    • Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)

spacewalk-backend:

  • Version 4.3.19-1

    • set new CPU core value for traditional registration

    • Fix reposync error about missing "content-type" key when syncing certain channels

    • Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059)

    • Do not specify a cobbler version, as that is now centralized at the patterns

spacewalk-client-tools:

  • Version 4.3.15-1

    • Update translation strings

spacewalk-proxy:

  • Version 4.3.15-1

    • Avoid unnecessary debug messages from proxy backend (bsc#1207490)

spacewalk-web:

  • Version 4.3.28-1

    • Deprecate jQuery datepicker, integrate React datepicker

    • Fix UI inconsistencies in susemanager-light and susemanager-dark theme

    • Fix CLM environments UI for environment labels containing dots (bsc#1207838)

    • Add 'none' matcher to CLM AppStream filters (bsc#1206817)

susemanager-build-keys:

  • Version 15.4.7 (jsc#PED-2777):

    • add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc

    • add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc

    • add new 4096 bit RSA PTF key suse_ptf_key_2023.asc

Version 4.3.4

mgr-osad:

  • Version 4.3.7-1

mgr-push:

  • Version 4.3.5-1

    • Update translation strings

rhnlib:

  • Version 4.3.5-1

    • Don’t get stuck at the end of SSL transfers (bsc#1204032)

spacecmd:

  • Version 4.3.18-1

    • Add python-dateutil dependency, required to process date values in spacecmd api calls

  • Version 4.3.17-1

    • Remove python3-simplejson dependency

    • Correctly understand 'ssm' keyword on scap scheduling

    • Add vendor_advisory information to errata_details call (bsc#1205207)

    • Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)

    • Changed schedule product migration to use the correct API method

    • Change default port of "Containerized Proxy configuration" 8022

spacewalk-backend:

  • Version 4.3.18-1

    • Add 'octet-stream' to accepted content-types for reposync mirrorlists

    • Exclude invalid mirror urls for reposync (bsc#1203826)

    • Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)

    • Updated logrotate configuration (bsc#1206470)

    • Add rhel_9 as Salt-enabled kickstart installation

    • do not fetch mirrorlist when a file url is given

spacewalk-certs-tools:

  • Version 4.3.17-1

    • Backport SLE Micro bootstrap fixes

spacewalk-client-tools:

  • Version 4.3.14-1

    • Update translation strings

spacewalk-proxy:

spacewalk-web:

  • Version 4.3.27-1

    • Add reboot needed indicator to systems list

    • Fix salt keys page keeps loading when no key exists (bsc#1206799)

    • Fix link to documentation in monitoring page

    • Source Select2 and jQuery UI from susemanager-frontend-libs

    • fix frontend logging in react pages

    • Move web dependencies from susemanager-frontend-libs to spacewalk-web

susemanager-build-keys:

  • Version 15.4.7:

    • add SUSE Liberty v2 key

susemanager-tftpsync-recv:

  • Version 4.3.8-1

    • Update translation strings

uyuni-common-libs:

  • Version 4.3.7-1

    • unify user notification code on java side

Version 4.3.3

spacecmd:

  • Version 4.3.16-1

    • Fix dict_keys not supporting indexing in systems_setconfigchannelorger

    • Improve Proxy FQDN hint message

    • Added a warning message for traditional stack deprecation

    • Stop always showing help for valid proxy_container_config calls

    • Remove "Undefined return code" from debug messages (bsc#1203283)

spacewalk-backend:

  • Version 4.3.17-1

    • Require python3-debian version which supports new compression methods to sync ubuntu22-04 repositories (bsc#1205212)

    • Used the legacy reporting system in spacewalk-debug to obtain up-to-date information

    • Keep older module metadata files in database (bsc#1201893)

    • Added an optional component_type property to the LOG object and included it to a log message

    • Add an optional component property to the log messages

spacewalk-certs-tools:

  • Version 4.3.16-1

    • Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517)

    • Add transactional system support to the bootstrap generator

    • Change bootstrap script generator to detect SLE Micro

spacewalk-client-tools:

  • Version 4.3.13-1

    • Update translation strings

spacewalk-proxy:

  • Version 4.3.13-1

    • Prefix log messages with the component name to ease analysis

spacewalk-web:

  • Version 4.3.26-1

  • Version 4.3.25-1

    • Fix checkbox and radio input misalignment

    • Upgrade Bootstrap to 3.4.1

    • Update translation strings

susemanager-build-keys:

  • Version 15.4.6:

    • Rename and update old SUSE PTF key + Removed: gpg-pubkey-b37b98a9-5aaa951b.asc + Added: suse_ptf_key_old-B37B98A9.asc

    • add new SUSE PTF Key + Added: suse_ptf_key-6F5DA62B.asc

  • Version 15.4.5:

    • Add rpmlintrc configuration, so "W: backup-file-in-package" for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed

  • uyuni-build-keys.rpmlintrc

  • Version 15.4.4:

    • Add key for SUSE product addons (required for SUSE Manager Enterprise Linux 9 client tools)

Version 4.3.2

mgr-daemon:

  • Version 4.3.6-1

    • Update translation strings

spacecmd:

  • Version 4.3.15-1

    • Process date values in spacecmd api calls (bsc#1198903)

spacewalk-backend:

  • Version 4.3.16-1

    • Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788)

    • Fix the condition of hiding the token from URL on logging

    • export armored GPG key to salt filesystem as well

    • Upgrade Cobbler requirement to 3.3.3 or later

    • Make reposync use the configured http proxy with mirrorlist (bsc#1198168)

spacewalk-certs-tools:

  • Version 4.3.15-1

    • fix mgr-ssl-cert-setup for root CAs which do not set authorityKeyIdentifier (bsc#1203585)

spacewalk-client-tools:

  • Version 4.3.12-1

    • Update translation strings

spacewalk-web:

  • Version 4.3.24-1

    • Upgrade moment-timezone

    • CVE-2021-43138: Obtain privileges via the mapValues() method. (bsc#1200480)

    • CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287)

    • CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288)

    • Fix table header layout for unselectable tables

susemanager-build-keys:

  • Add release and auxiliary GPG keys for RedHat

  • Add keys for Rocky Linux 9

    • RPM-GPG-KEY-redhat-release

    • RPM-GPG-KEY-redhat-auxiliary

    • RPM-GPG-KEY-Rocky-9

susemanager-tftpsync-recv:

  • Version 4.3.7-1

    • Add missing IPv6 default configuration (bsc#1201589)

    • fix problems with parallel running processes

uyuni-common-libs:

  • Version 4.3.6-1

    • Do not allow creating path if nonexistent user or group in fileutils.

Version 4.3.1

mgr-daemon:

  • Version 4.3.5-1

    • Update translation strings

spacecmd:

  • Version 4.3.14-1

    • Fix missing argument on system_listmigrationtargets (bsc#1201003)

    • Show correct help on calling kickstart_importjson with no arguments

    • Fix tracebacks on spacecmd kickstart_export (bsc#1200591)

    • Change proxy container config default filename to end with tar.gz

spacewalk-backend:

  • Version 4.3.15-1

    • cleanup leftovers from removing unused xmlrpc endpoint

    • Fix issues with "http proxy" not being used by reposync in some cases

spacewalk-certs-tools:

  • Version 4.3.14-1

    • traditional stack bootstrap: install product packages (bsc#1201142)

    • display messages to restart services after certificate change

    • improve CA Chain checking by comparing authorityKeyIdentifier with subjectKeyIdentifier

spacewalk-client-tools:

  • Version 4.3.11-1

    • Update translation strings

spacewalk-proxy:

  • Version 4.3.11-1

    • Move certificates dependencies from broker to proxy package

spacewalk-proxy-installer:

  • Version 4.3.10-1

    • When salt bundle is used, set correct minion ID

spacewalk-web:

  • Version 4.3.23-1

    • Update the version for the WebUI

    • Fix initial profile and build host on Image Build page (bsc#1199659)

    • Handle multi line error messages in proxy containers config creation

    • Hide authentication data in PAYG UI (bsc#1199679)

    • add textarea to formulas

    • Consistently use conf value for SPA engine timeout

    • Remove nodejs-packaging as a build requirement

    • Update translation strings

susemanager-build-keys:

  • Version 15.4.3

    • Add Uyuni Client Tools key

    • Install keys for Client Tools Channels in salt filesystem to be able to deploy them to clients

    • Add openEuler 22.03 key

    • Add AlmaLinux 9 key

    • Add Oracle Linux 9 keys

    • RPM-GPG-KEY-openEuler

    • RPM-GPG-KEY-AlmaLinux-9

    • RPM-GPG-KEY-oracle

    • RPM-GPG-KEY-oracle-backup

uyuni-common-libs:

  • Version 4.3.5-1

    • Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

Major Changes Since SUSE Manager Proxy 4.2

Base System Upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP4.

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy, Retail Branch Server and Client Tools.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3004 upstream release notes.

Technology Preview: Containerized SUSE Manager Proxy and Retail Branch Server

Starting with SUSE Manager 4.3, it will be possible to run the SUSE Manager proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason. Additionally, the ability to run SUSE Manager Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS. Moreover in the future, it will allow users to install SUSE Manager components on top of Kubernetes, increasing flexibility and future viability.

Migration from 4.1 and 4.2 to 4.3

It is now possible to migrate from 4.1 and 4.2 to 4.3. The user should upgrade SUSE Manager Server and its related products i-e SUSE Manager Proxy and Retail Branch Server as product is not meant to be run in a mixed-version scenario. When upgrading, upgrade SUSE Manager Server first before upgrading SUSE Manager Proxy or Retail Branch Server.

There is a known issue when migrating to 4.3, please consult the Known Issues section for more detail.

Dropped features

None

Deprecated features

Traditional Stack has been deprecated

With SUSE Manager 4.3 release, traditional stack has been deprecated.

The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

Known issues

Containerized Proxy & Retail Branch server

Although this is fully supported, there are a couple of limitations that the user needs to be aware of.

  • Scaling the pod up in a Kubernetes environment will not work since multiple squid instances would access the same cache volume.

  • For Retail Branch Server all branches are shown in the PXE menu on the terminal boot. This makes the branch selection more complex if the list is long.

  • The Containerized Proxy cannot be used to set up DHCP and DNS services on the same host like a normal Proxy. By design, it can only work with external DHCP and DNS servers.

Migration from 4.1 and 4.2 to 4.3

SUSE Manager 4.3 is the base product for SLE15 SP4, this applies to Server, Proxy, and Retail Branch Server. In SLE 15 SP4, sle-module-python2 is no longer available (in favor of sle-module-python3). This means that migration(using yast2 migration or zypper migration) from 4.1/4.2 to 4.3 will not work without deactivating this module first. yast2 and zypper raise the following error if the module is still activated during migration

Can't get available migrations from server: SUSE::Connect::ApiError: There are activated extensions/modules on this system that cannot be migrated.
Deactivate them first, and then try migrating again.
The product(s) are 'Python 2 Module 15 SP3 x86_64'.
You can deactivate them with:
SUSEConnect -d -p sle-module-python2/15.3/x86_64

As suggested in the error message one can deactivate the module using SUSEConnect -d -p sle-module-python2/15.3/x86_64.

After this, migration should work.

Migration of SUMA Proxy 4.2 to 4.3

When upgrading SUSE Manager Proxy 4.2 based on JeOS image to 4.3, before proceeding with the migration, please uninstall the kernel-default-base package, otherwise, the migration will not work.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE Customer Service or Sales representatives You can also provide feedback using SUSE Manager discussion forum or the upstream Uyuni community

Resources

Latest product documentation: https://documentation.suse.com/suma/4.3/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Managing Director/Geschäftsführer: Ivo Totev

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2022 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Proxy and/or SUSE Manager Retail Branch Server in your business.

Your SUSE Manager Team.