SUSE Manager Server 4.2

Release Notes
2022-04-06 12:03:08 +0200
Table of Contents

  * Version revision history
  * About SUSE Manager 4.2
      + Integration of Ansible into a SUSE Manager automation environment to
        protect customer investment and ease migration (Technology Preview)
      + Enhanced Security and Compliance by providing OpenSCAP content for SLE
        and other Linux operating systems
      + Usability improvements
      + Enhanced patch management functionality to help customers streamline
        the use of Live Patching
      + Optimized performance with virtual machine tuning
      + Simplification of openSUSE Leap to SLES migration ? Migrate from
        openSUSE Leap to SLES in just a few clicks
      + Expanded operating system support
      + EDGE: SLE Micro Support (Tech preview)
  * Keep Informed
  * Installation
      + Requirements
      + Update from previous versions of SUSE Manager Server
      + Migrating from Red Hat Satellite
      + Scaling SUSE Manager
      + High availability
  * Major changes since SUSE Manager Server 4.2 GA
      + Features and changes
          o Version 4.2.6
              # Improved UI/UX for Formulas
              # ISS v2 : Configuration channels
              # Better information to SUSE Customer center
              # CVE audit: UX improvement
              # smdba: changed defaults for newer PostgreSQL versions
              # Monitoring: Grafana 8.3.5
              # Monitoring: Prometheus Postgres exporter updated to 0.10.0 for
                SUSE Linux Enterprise and openSUSE
          o Version 4.2.5.1
              # Fixes for Salt security issues
              # Salt Upgrade
          o Version 4.2.5
              # Ubuntu errata installation
              # SLES PAYG client support on cloud
              # Change proxy used for clients from the WebUI
              # New matchers in Content Lifecycle Management
      + Monitoring: Prometheus 2.32.1
          o Version 4.2.4
              # New product enabled
              # CentOS 8 support
              # Monitoring - Prometheus Blackbox exporter
              # System reactivation
              # Low Diskspace notification
          o Version 4.2.3
              # aarch64 support
              # Package Locking for Salt Minions
              # Content Lifecycle Management improvement
              # New XMLRPC API methods for SaltKey
          o Version 4.2.2
              # Rocky Linux support
              # Technology Preview: Inter-Server Sync v2
              # Kiwi parameters for OS Image profiles
              # Virtualization
              # AppStreams
              # Recent cobbler CVEs remediation
              # Salt
          o Version 4.2.1
              # Ansible Playbooks
              # Monitoring - Grafana
              # Monitoring - Prometheus
              # CLM Filter Templates
              # OpenSCAP Audit
              # Product Wizard
      + Patches
          o Version 4.2.6
          o Version 4.2.5
          o Version 4.2.4
          o Version 4.2.3
          o Version 4.2.2
          o Version 4.2.1
  * Major changes since SUSE Manager Server 4.1
      + New products enabled
          o Technology Preview: SLE Micro
          o Amazon Linux 2
          o AlmaLinux 8
      + Unsupported products
      + Deprecated products
      + Salt 3002
      + Technology Preview: Ansible integration
      + Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server
      + Usability
          o Client systems forwarded to SUSE Customer Center
          o Configuration state summary
          o Live patching made easy with filter templates
          o Allow setting system primary FQDN
          o Calendar widget for maintenance windows
          o Easier system group and configuration channel assignment
          o Enhanced CLM filter list
          o Notify beacon for DEB-based clients
          o Logging
      + Security: OpenSCAP enhancements
          o Ubuntu Universe repository changes
      + Monitoring
          o Prometheus TLS
          o Updated Prometheus
          o Updated Grafana
          o Updated Node Exporter
          o Updated Prometheus Exporters formula
      + Virtualization
      + Custom data as pillar
      + Retracted patches
      + API
          o HTML documentation
          o New API calls
          o Removed API calls
      + spacecmd
      + Translations
          o English
          o Simplified Chinese
          o Japanese
          o Korean
          o Community translations
      + Cobbler
      + PostgreSQL 13
      + SUSE Manager for Retail
          o SLEPOS 15 SP3 clients
          o SLEPOS 15  aarch64 clients
      + Base system upgrade
      + Dropped features
          o Activation key dropped from system details
          o Software Crashes
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Support
      + Supportconfig confidentiality disclaimer
      + Support for CentOS 8
      + Future deprecation of the traditional stack
      + Support for SLE Micro
      + Supportability of embedded software components
      + Support for Ansible package
      + Support for older products
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Ubuntu Clients
      + Support for Debian Clients
      + L1 support for RHEL and CentOS ppc64le clients
      + Browser support
      + SUSE Manager installation
  * Known issues
      + Log flood
      + Alma Linux
      + SLE Micro
      + Translations
      + Channels with a large number of packages
      + Single Sign On, API and CLI tools
      + EPEL and Salt packages
      + RHEL native clients
      + Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager
        as Salt minions
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE?s distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version revision history

  * April 2022: 4.2.6 release

  * March 30th 2022: 4.2.5.1 release

  * March 4th 2022: 4.2.5 release

  * December 3rd, 2021: 4.2.4 release

  * October 27th, 2021: 4.2.3 release

  * September 20th, 2021: 4.2.2 release

  * August 12th, 2021: 4.2.1 release

  * June 21st, 2021: 4.2 GA

About SUSE Manager 4.2

SUSE Manager 4.2, the latest release from SUSE based on SLES 15 SP3 and the
Uyuni Project, further delivers best-in-class open source systems management
and automation that lowers costs, identifies risk, enhances availability and
reduces complexity.

As a key component of a Hybrid Cloud IT infrastructure, SUSE Manager for 4.2
delivers the following new or enhanced capabilities to your Edge, Cloud &
Datacenter environments.

Integration of Ansible into a SUSE Manager automation environment to protect
customer investment and ease migration (Technology Preview)

Configuration and automation platforms have become increasingly important to
control an organization?s ever-growing IT landscape. There are a variety of
popular tools in the market and companies may have already made investments in
a particular tool, one of them being Ansible.

Adopting SUSE Manager, or migrating to it, does not mean that you should
necessarily renounce your previous configuration management systems investment.
SUSE Manager 4.2 provides support for Ansible packages on SLE and connects to
the Ansible control nodes on any supported client operating system to gather
inventory, playbooks and manage clients with SUSE Manager.

SUSE Manager 4.2 allows you to simply re-use and run your Ansible playbooks,
saving time and resources by consolidating tools while keeping existing
automation investments. This means you do not have to re-implement your Ansible
automation solution, making migration to the SUSE landscape easier.

Combined with its strong Salt capabilities, it enhances SUSE Manager?s
configuration and automation capabilities helping you to orchestrate even the
largest environments ? across cloud and on-premise.

Enhanced Security and Compliance by providing OpenSCAP content for SLE and
other Linux operating systems

OpenSCAP assists administrators and auditors with assessment, measurement, and
enforcement of security baseline through audit scans by using content produced
by SUSE (for SUSE Linux Enterprise Server) and other Linux operating systems.

Easily checks system security configuration settings and examine systems for
signs of compromise by using rules based on standards and specifications. Use
the OpenSCAP feature to assess the compliance level of your client systems
according to the selected profile and apply remediation scripts and Ansible
playbooks to achieve better compliance when needed.

Usability improvements

Knowing what is the precise configuration being applied to a system when you
are managing many of them can be challenging: configuration may come from your
organization, one of the many system groups, formulas, configuration and state
channels or even be assigned directly to the system. Usability enhancements
across the SUSE Manager WebUI now provide a clear and direct way of knowing
exactly where your configuration states and channels are coming from and easily
assign them.

Conveniently find all your systems in the SUSE Customer Center thanks to SUSE
Manager 4.2 forwarding the client names, as if they had been directly connected
with SUSEconnect, RMT or SMT.

Other usability improvements include better user interface components,
configuring commonly-used parameters such as the FQDN of the system and
enhanced filter lists.

Enhanced patch management functionality to help customers streamline the use of
Live Patching

Live Patching helps customers to bring down reboot cycles to once a year which
saves companies a time, resources and availability compared to not using live
patching at all.

Customers need to prepare for reboot ahead of time before the live kernel
approaches the end of life. The implementation of the kernel lifecycle and live
kernel patch installation feature in SUSE Manager 4.2 enhances its patch
management functionality to help customers streamline the use of Live Patching.
Customers can now easily identify when a live kernel is approaching the end of
life and define a corrective action, for example, schedule a reboot during a
maintenance window, all from the UI.

Optimized performance with virtual machine tuning

Virtual Machines can be created quickly and easily but the default
configuration settings may not be the best ones for VM performance. To ensure
best performance proper VM configuration is needed. With SUSE Manager 4.2
customer can easily configure VMs (for example according to SAP best practices)
through the UI. Tuning parameters will include CPU pinning and memory settings
to name but a few.

Simplification of openSUSE Leap to SLES migration ? Migrate from openSUSE Leap
to SLES in just a few clicks

SUSE Manager now enables changing the repository where a package comes from
with a simple product migration. This allows you to easily migrate your system
from openSUSE Leap to the respective SLES version in just a few clicks. Instead
of replacing the repositories and manually re-installing packages, you can now
do the migration in a single action.

Expanded operating system support

With more and more workloads moving to cloud, SUSE Manager caters to where your
workloads are going. It is silicone and platform agnostic and provides powerful
content control ? across hypervisors, clouds, or architectures. SUSE Manager
4.2 enhances its cloud capabilities by adding to its extensive list of Linux
distributions.

SUSE Manager 4.2 introduces support for Amazon Linux 2 and AlmaLinux 8, further
enabling the management of all your Enterprise Linux distributions from a
single tool ? no matter where they are located. SUSE Manager now supports the
management of SLE, RHEL, openSUSE, Oracle Linux, CentOS, AlmaLinux, Ubuntu,
Debian, and Amazon Linux.

SUSE Manager is easier than ever to use in the public cloud with usability and
user experience improvements, further simplifying the management of your cloud
deployments and client onboarding through cloud-init, Terraform and other cloud
native mechanisms.

EDGE: SLE Micro Support (Tech preview)

SLE Micro is an ultra-reliable, lightweight operating system purpose built for
edge computing. It leverages the enterprise hardened security and compliance
components of SUSE Linux Enterprise and merges them with a modern, immutable,
developer-friendly OS platform.

SUSE Manager 4.2 provides initial support for SLE Micro 5.0 clients. Not all
SUSE Manager functionalities are initially available for SLE Micro.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 4.2 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the SUSE Manager discussion forum

  * Join the upstream Uyuni community and monthly community meetings

Installation

Requirements

SUSE Manager Server 4.2 is provided through SUSE Customer Center and can be
installed with the unified installer for SUSE Linux
Enterprise 15 Service Pack 3. It is available for x86-64, POWER (ppc64le), or
IBM Z (s390x).

With the adoption of a unified installer in SUSE Linux Enterprise 15, system
roles are used to customize the installation for each product. The unified
installer provides an easier way to install the operating system and the SUSE
Manager Server application together with specific pre-configured system
settings. This addresses the need for enterprise deployments to standardize on
the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database
is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 and 4.1 is supported.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://
documentation.suse.com/suma/4.2/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager
Server 4.2 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE
sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand
clients, when deployed according to the instructions in the Installation Guide
on https://documentation.suse.com/suma/4.2/. Scaling beyond that number needs
special consideration.

For more information and instructions on large-scale deployments, see the Large
Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales
engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific
configuration and tuning for each use case is needed. Please get in touch with
SUSE Consulting for the details.

Major changes since SUSE Manager Server 4.2 GA

Features and changes

Version 4.2.6

Improved UI/UX for Formulas

SUSE Manager 4.2.6 come with a number of improvements in Formulas UI. Users
with very big formulas had a hard time keeping track and updating some sections
when needed.

To help with this and improve the user experience, the following to features
have been added.

  * SUSE Manager now provides a Search Box to search by formula?s group name in
    formulas to easily filter out the specific content

  * It also provides a expand/collapse all button for formula sections so users
    can better navigate through the different section

ISS v2 : Configuration channels

Besides a number of performance-related improvements, users can now also import
/export configuration channels using the ISS v2. This is one of the core
entities that was planned to be added in ISSv2 besides the software channels.

Better information to SUSE Customer center

SUSE Manager now sends the last seen information of the registered clients to
the SCC. Now customers can always see up-to-date information in the SCC. This
mainly helps us to avoid staled data problems.

CVE audit: UX improvement

There has been a small improvement added to the CVE audit page. Now for each
searched CVE, links from the SUSE security team and Mitre will be provided on
the page, even if systems are affected or not. This helps in providing
additional information about that CVE without the need for the user to search
it through saerch engines.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba
that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

  smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

  smdba system-check autotuning [--max_connections=<number>] [--ssd]

Monitoring: Grafana 8.3.5

SUSE Manager 4.2.6 updates Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

  * XSS vulnerability in handling data sources (CVE-2022-21702)

  * Cross-origin request forgery vulnerability (CVE-2022-21703)

  * Insecure Direct Object Reference vulnerability in Teams API
    (CVE-2022-21713)

  * GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  * New Alerting for Grafana 8

  * CloudWatch: Add support for AWS Metric Insights

  * CloudWatch: Add AWS RoboMaker metrics and dimension

  * CloudWatch: Add AWS Transfer metrics and dimension

  * CloudWatch: Add AWS LookoutMetrics

  * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  * CloudMonitoring: Add support for preprocessing

  * CloudWatch: Add AWS/EFS StorageBytes metric

  * CloudWatch: Add Amplify Console metrics and dimensions

  * CloudWatch: Add metrics for managed RabbitMQ service

  * Elasticsearch: Add support for Elasticsearch 8.0

  * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  * AzureMonitor: Add Azure Resource Graph

  * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  * Grafana 8 Alerting enabled by default for installations that do not use
    legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable
it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to
new Grafana 8 alerting.

Monitoring: Prometheus Postgres exporter updated to 0.10.0 for SUSE Linux
Enterprise and openSUSE

SUSE Manager 4-2-6 updates the Postgres exporter from version 0.4.7 to the
version 0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from
golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as
this package is now part of the Prometheus Community Projects. After the
package is updated, you will need to reenable the prometheus-postgres_exporter
service:

  * For the Uyuni Server WebUI, proceed to Admin > Manager Configuration >
    Monitoring. You will see PostgreSQL database is stopped. Click Enable and
    the service will get started.

  * For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the
    clients where the PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL
servers using scram-sha-256, which is the new default for Uyuni installations
starting with 2022.02.

Check the upstream changelog for more details, including new metrics.

Other operating systems such as for example CentOS7 or AlmaLinux 8 will get
0.10.0 with future Uyuni releases.

Version 4.2.5.1

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934,
CVE-2022-22935, CVE-2022-22936, CVE-2022-22941. You should patch your Salt
master and minions as soon as possible. Please take the next section into
account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking
the communication between for Salt master and minion, you need to upgrade your
"salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master
is not, then the communication between the master and this minion will be
broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt       :743 ][ERROR   ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion      :1056][ERROR   ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication
between master and minion will be restablished and the errors messages will not
longer happen.

Version 4.2.5

Ubuntu errata installation

SUSE Manager now comes with Ubuntu errata support. It does this by downloading
errata information from https://usn.ubuntu.com/usn-db/database.json and
matching it after the syncing of Ubuntu channels. It also adds support for
installing errata on Ubuntu systems by mapping them to package installs. For
users, it will be a seamless experience and they will get exactly the same UX
as it was for errata management for other distros.

SLES PAYG client support on cloud

It is now possible to sync content from SUSE-operated Cloud RMT Server from the
SUSE Manager. This makes it a lot easier for users with SLES PAYG instances
because now they don?t need to go through a cumbersome process of getting
zero-cost subscriptions. It works in all three major public clouds AWS, GCP,
and Azure.

For more information and instructions on this topic, see the Connect
Pay-as-you-go instance.

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by a SUSE Manager client using the
WebUI.

This can be done from the Connection tab at the Details tab for any Salt
client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc
tab, and then the Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this
moment. The Connection tab will not show the Change link for proxies.

New matchers in Content Lifecycle Management

CLM is even more powerful. New additional matchers (lower, lowereq, greater,
greatereq) to CLM package (NEVRA) filter have been added.

Monitoring: Prometheus 2.32.1

SUSE Manager 4.2.5 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after
the SUSE Manager is updated.

Breaking changes:

  * Uyuni Service Discovery: The configuration and the returned set of meta
    labels have changed. Please check the upstream documentation for more
    details.

  * As a consequence all users with existing monitoring setup must reapply the
    highstate on the monitoring server(s).

Important changes:

  * Introduced generic HTTP-based service discovery.

  * New expression editor with advanced autocompletion, inline linting, and
    syntax highlighting.

  * Discovering Kubernetes API servers using a kubeconfig file.

  * Faster server restart times via snapshotting.

  * Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Version 4.2.4

New product enabled

  * SUSE Linux Enterprise Server 15 SP2 LTSS

CentOS 8 support

CentOS 8 will be End of Life on 31st December 2021, and with that the SUSE
Manager support for this product will end as well.

Please refer to support section for more information.

Monitoring - Prometheus Blackbox exporter

SUSE Manager 4.2.4 comes with the Blackbox exporter, which allows blackbox
probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. Please note that it
needs to be installed next to the Prometheus server and not on the clients.
Prometheus formula has been extended to configure blackbox exporter.

Check the upstream documentation for more details about it.

  * Blackbox exporter

System reactivation

It is now possible to re-activate a system using the UI/XMLRPC-API of SUSE
Manager which was only possible using bootstrap script before. The
bootstrapping page UI has been extended and the user can now enter the
reactivation-key of the system and the SUSE Manager will take care of the rest.
The same could be achieved from the XMLRPC API as well.

Low Diskspace notification

With SUSE Manager 4.2.4, on the login page, a banner will be shown when
available disk space on the server will be running low. This will help users
avoid unneeded situations like the automatic shutdown of SUSE Manager when disk
space is critically low, without even noticing it.

Version 4.2.3

aarch64 support

In addition to x86_64, now aarch64 support for CentOS 7/8, Oracle Linux 7/8,
Rocky Linux 8, AlmaLinux 8, Amazon Linux 2 and openSUSE Leap 15.3 has been
added.

Package Locking for Salt Minions

Package locks are used to prevent unauthorized installation or upgrades to
software packages. In the past Package Lock feature was only available for
traditional clients. Now it is also available for salt clients (SUSE, RHEL and
clones, and Debian/Ubuntu). Check the Package Locking for information about how
to use this feature.

Content Lifecycle Management improvement

From the Content Lifecycle Management project view, the new column Last build
has been added. This information is useful when you need a general overview of
all latest build times rather than retrieving the information project by
project.

New XMLRPC API methods for SaltKey

Following new XMLRPC methods have been added in SaltKey namespace.

  * accept : API endpoint to accept minion keys

  * reject : API endpoint to reject minion keys

  * pendingList : API endpoint to list pending salt keys

  * acceptedList : API endpoint to list accepted salt keys

  * rejectedList : API endpoint to list rejected salt keys

These methods could further help in improving the automation workflows.

Version 4.2.2

Rocky Linux support

SUSE Manager 4.2.2 is now able to manage Rocky Linux 8 clients as salt or
salt-ssh minions, as well as all other features that work for CentOS 8, RHEL 8
or AlmaLinux 8.

Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is
End of Life by the end of 2021. According to the Rocky Enterprise Software
Foundation "Rocky Linux is a community enterprise operating system designed to
be 100% bug-for-bug compatible with America?s top enterprise Linux distribution
now that its downstream partner has shifted direction."

Check the Client Configuration Guide for information about how to configure
SUSE Manager Server to work with Rocky Linux clients.

For now the following architectures are supported: x86_64

Support for Rocky Linux 8 will continue to improve, including support for other
architectures.

Technology Preview: Inter-Server Sync v2

SUSE Manager 4.2.2, includes Inter-Server Synchronization version 2. This new
version allows exporting software channels between servers without the previous
notions of master and slave. Unlike the previous Inter-Server Synchronization,
no mandatory direct connection between servers is needed since data are
exported and imported in a disconnected mode.

Check the new Inter-Server Syncronization 2 documentation for more information.

Kiwi parameters for OS Image profiles

It is now possible to pass custom kiwi parameters in OS Image profile.

This is particularly helpful to select a specific profile (--profile
<profilename>) for Kiwi files with multiple profiles.

Virtualization

Virtualization in SUSE Manager has received some enhancements:

  * UEFI support: UEFI support has been added for creating and editing VMs.
    Note that Auto discovery of the firmware binary and NVRAM depends on the
    version of libvirt installed on a minion.

  * virt-tuner templates: virt-tuner template has been added to create the VM.
    Now user can select the template from the ones supported by the virt-tuner
    tool.

AppStreams

The content lifecycle project page in the WebUI has been further improved. This
page now provides AppStreams with a default filter template. This template
creates a module filter for each module in the repository, and specifies the
default stream for each module.

Recent cobbler CVEs remediation

In addition to fixing Fixed Remote Code Execution in the XMLRPC API which
additionally allowed arbitrary file read and write as root, this release
includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.

Salt

Besides number of bug fixes, onlyif/unless behaviour has been unified for 3000,
3002.2 and 3000.3 (used only in py27-compat-salt), it wasn?t the case before
and behaviour was different in all and it was pain to deal with it.

Version 4.2.1

Ansible Playbooks

Ansible Playbooks can now run in test mode.

Known issue: When running a playbook in test mode using an Ansible control node
that is registered as SSH minion in SUSE Manager, then the action is always
reported as failed, even if it succeeds.

Monitoring - Grafana

Grafana was updated from version 7.4.2 to 7.5.7.

Check the upstream documentation for details on what has changed:

  * https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v7-4/

  * https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v7-5/

Monitoring - Prometheus

Prometheus was updated from version 2.26.0 to 2.27.1.

Important changes:

  * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

Check the upstream documentation for more details on what has changed:

  * https://github.com/prometheus/prometheus/releases/tag/v2.27.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.27.0

CLM Filter Templates

Content Lifecycle Management got a new filter template to setup Live Patching
based on an existing system.

OpenSCAP Audit

The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files
can be defined. Supported options are:

  * --profile <name>

  * --rule <id>

  * --tailoring-file <path>

  * --tailoring-id <id>

  * --fetch-remote-resources

  * --remediate

You can provide additional OVAL files paths to prevent using
--fetch-remote-resource when the file is locally available.

Product Wizard

Free accessible Open source Products are now always visible in the Product
Wizard. The accessibility check, that existed to speed up the product refresh,
is now removed.

If a firewall or a proxy are blocking access to to such products, the error can
be seen at the reposync log files located at /var/log/rhn/reposync/

Additionally the User Notifications were enhanced to show the last lines of the
log file in case the sync failed.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.2.6

c3p0:

  * Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19

      + Address CVE-2018-20433

      + Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198
        )

      + Properly implement the JDBC 4.1 abort method

grafana-formula:

  * Version 0.7.0

      + Add SLES 15 SP4 and openSUSE Leap 15.4 to supported versions

hub-xmlrpc-api:

  * Updated to build on Enterprise Linux 8.

inter-server-sync:

  * Version 0.1.0

      + Allow export and import of configuration channels

      + Clean lookup cache after processing a channel (bsc#1195750)

      + Improve lookup method for generate foreign key export

  * Adapted for build on Enterprise Linux 8.

mgr-osad:

  * Version 4.2.8-1

      + Fix the condition for preventing building python 2 subpackage for SLE15

mgr-push:

  * Version 4.2.5-1

      + Fix the condition for preventing building python 2 subpackage for SLE15

patterns-suse-manager:

  * Golang-github-wrouesnel-postgres_exporter was renamed to
    prometheus-postgres_exporter

prometheus-exporters-formula:

  * Version 1.2.0

      + Postres exporter package was renamed for RedHat

  * Version 1.1.0

      + Postgres exporter package was renamed for SLES/openSUSE

py26-compat-msgpack-python:

  * Adapted to build on OBS for Enterprise Linux.

rhnlib:

  * Version 4.2.6-1

      + Fix the condition for preventing building python 2 subpackage for SLE15

saltboot-formula:

  * Update to version 0.1.1645440615.7f1328c

      + skip device lookup for correctly provided devices

      + improve image url modifications - preparation for ftp/http changes

  * Skip device lookup if correct path to device is already provided (bsc#
    1195757)

  * Improve image url modifications

smdba:

  * Version 1.7.10

      + adapt pgtune using new defaults for new postgres versions

      + support special configuration for SSD storage

      + make argument "--backup-dir" symlink aware

  * Version 1.7.9

  * Allow different standard configuration file location for other OSes

spacecmd:

  * Version 4.2.16-1

      + implement system.bootstrap (bsc#1194909)

      + Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#
        1194363)

spacewalk-admin:

  * Version 4.2.10-1

      + wait after copying the CA to give systemd time to finish automation

spacewalk-backend:

  * Version 4.2.20-1

      + Fix reposync update notice formatting and date parsing (bsc#1194447)

      + implement more decompression algorithms for reposync (bsc#1196704)

      + enable check for client certificates in reposync

      + remove auto inherit of host entitlements for virtual guests

spacewalk-branding:

  * Version 4.2.13-1

      + Fix modal footer misalignment

spacewalk-certs-tools:

  * Version 4.2.15-1

      + Add dynamic version for bootstrap script header (bsc#1186336)

spacewalk-client-tools:

  * Version 4.2.18-1

      + Fix the condition for preventing building python 2 subpackage for SLE15

  * Version 4.2.17-1

      + Update translation strings

spacewalk-config:

  * Version 4.2.6-1

      + Upgrade build tooling, and corresponding cache configuration

spacewalk-java:

  * Version 4.2.34-1

      + Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk

      + update last checkin only if job is successful (bsc#1197007)

      + Fix NPE when accessing cancelled action via system history (bsc#1195762
        )

      + CVE Audit: Show patch as available in the currently installed product
        even if successor patch affects additional packages (bsc#1196455)

      + send notifications for new or changed ubuntu errata (bsc#1196977)

      + change directory owner and permissions only when needed

      + Fixed broken help link for system overview

      + Provide link to Sync page when unsynced patches message show up (bsc#
        1196094)

      + fix class cast exception during action chains (bsc#1195772)

      + Finding empty profiles by mac address must be case insensitive (bsc#
        1196407)

      + prepare to use new postgresql-jdbc driver with stringprep and saslprep
        support (bsc#1196693)

      + allow SCC to display the last check-in time for registered systems

      + generate the system ssh key when bootstrapping a salt-ssh client (bsc#
        1194909)

      + Provide link for CVEs

      + Fix lock/unlock scheduling on page Software Packages Lock (bsc#1195271)

      + When adding a product, check if the new vendor channels conflicts with
        any of the existing custom channel (bsc#1193448)

      + Fix disappearing metadata key files after channel change (bsc#1192822)

      + Suggest Product Migration when patch for CVE is in a successor Product
        (bsc#1191360)

      + Add store info to Equals and hash methods to fix CVE audit process (bsc
        #1195282)

      + Fix virtualization list rendering for foreign systems (bsc#1195712)

      + FIX errors when an image profile / store is deleted during build /
        inspect action (bsc#1191597, bsc#1192150)

      + Remove verbose token log (bsc#1195666)

      + fix ClassCastException during action processing (bsc#1195043)

spacewalk-web:

  * Version 4.2.26-1

      + Provide link to Sync page when unsynced patches message show up (bsc#
        1196094)

      + Provide a search box on section name for Formulas content

      + Add expand/collapse all button for formula sections

      + Improved large data support in channel selection

      + Provide link for CVEs

      + Improved error handling in the product setup page

      + Suggest Product Migration when patch for CVE is in a successor Product
        (bsc#1191360)

      + susemanager-web-libs is now packaged as a part of spacewalk-html

subscription-matcher:

  * Version 0.29

      + Migration to log4j 2

  * Version 0.28

      + Support both antlr3-java and antlr3-runtime as dependencies

      + Make it obvious that log4j12 is used

supportutils-plugin-susemanager:

  * Version 4.2.4-1

      + Get version of bootstrap scripts for supportconfig (bsc#1186336)

suseRegisterInfo:

  * Version 4.2.6-1

      + Fix the condition for preventing building python 2 subpackage for SLE15

susemanager:

  * Version 4.2.28-1

      + set default for registration batch size

susemanager-doc-indexes:

  * Renamed golang-github-wrouesnel-postgres_exporter to
    prometheus-postgres_exporter in the Administration Guide

  * Clarified in Client Configuration Guide and Retail Guide that mandatory
    channels are automatically checked. Also recommended channels as long as
    they are not deactivated (bsc#1173527)

  * In Custom Channels chapter of the Administration Guide, provide information
    about creating metadata (bsc#1195294)

  * In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux
    Enterprise Server 11 and 12

  * Documented GPG encrypted Salt Pillars in the Salt book

  * In Client Configuration Guide, fixed channel configuration and registration
    of Expanded Support clients

  * Clarified channel label name in Registering Clients with RHUI section of
    the Client Configuration Guide (bsc#1196067)

  * In Throubleshooting Synchronization chapter in the Administration Guide
    added instructions for GPG removal

  * In Client Configuration Guide, integrated SUSE Linux Enterprise Micro
    Client documentation next to SUSE Linux Enterprise Client documentation and
    other related documentation improvements (bsc#1195145)

  * Added a warning about the origin of the salt-minion package in the Register
    on the Command Line (Salt) section of the Client Configuration Guide

  * Add troubleshooting section about avoiding package conflicts with custom
    channels

susemanager-docs_en:

  * Renamed golang-github-wrouesnel-postgres_exporter to
    prometheus-postgres_exporter in the Administration Guide

  * Clarified in Client Configuration Guide and Retail Guide that mandatory
    channels are automatically checked. Also recommended channels as long as
    they are not deactivated (bsc#1173527)

  * In Custom Channels chapter of the Administration Guide, provide information
    about creating metadata (bsc#1195294)

  * In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux
    Enterprise Server 11 and 12

  * Documented GPG encrypted Salt Pillars in the Salt book

  * In Client Configuration Guide, fixed channel configuration and registration
    of Expanded Support clients

  * Clarified channel label name in Registering Clients with RHUI section of
    the Client Configuration Guide (bsc#1196067)

  * In Throubleshooting Synchronization chapter in the Administration Guide
    added instructions for GPG removal

  * In Client Configuration Guide, integrated SUSE Linux Enterprise Micro
    Client documentation next to SUSE Linux Enterprise Client documentation and
    other related documentation improvements (bsc#1195145)

  * Added a warning about the origin of the salt-minion package in the Register
    on the Command Line (Salt) section of the Client Configuration Guide

  * Add troubleshooting section about avoiding package conflicts with custom
    channels

susemanager-schema:

  * Version 4.2.21-1

      + fix check on allowVendorChange

      + fix advisory status migration (bsc#1195765)

      + FIX error when an image profile / store is deleted during build /
        inspect action (bsc#1191597, bsc#1192150)

susemanager-sls:

  * Version 4.2.21-1

      + Improve pkgset beacon with using salt.cache to notify about the changes
        made while the minion was stopped

      + Align the code of pkgset beacon to prevent warnings (bsc#1194464)

      + fixing how the return code is returned in mgrutil runner (bsc#1194909)

      + Fix errors on calling sed -E ?? by force_restart_minion with action
        chains

      + Avoid using lscpu -J option in grains (bsc#1195920)

      + Postgres exporter package was renamed

      + fix deprecation warnings

virtualization-formulas:

  * Update to version 0.6.2

      + Ensure qemu-ksm is installed on host

Version 4.2.5

c3p0:

  * Build with log4j mapper

dhcpd-formula:

  * Update to version 0.1.1641480250.d5bd14c

      + make routers option optional

hibernate5:

  * Fix potential SQL injection CVE-2020-25638 (bsc#1193832)

mgr-libmod:

  * Version 4.2.7-1

      + require python macros for building

mgr-osad:

  * Version 4.2.7-1

      + Do not build python 2 package for SLE15SP4 and higher

      + require python macros for building

mgr-push:

  * Version 4.2.4-1

      + Do not build python 2 package for SLE15SP4 and higher

py27-compat-salt:

  * Fix inspector module export function (bsc#1097531)

  * Fix possible traceback on ip6_interface grain (bsc#1193565)

  * Don?t check for cached pillar errors on state.apply (bsc#1190781)

  * Simplify "transactional_update" module to not use SSH wrapper and allow
    more flexible execution

  * Add "--no-return-event" option to salt-call to prevent sending return event
    back to master.

  * Make "state.highstate" to acts on concurrent flag.

  * Fix the regression with invalid syntax in test_parse_cpe_name_v23.

  * Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)

  * Fix the regression of docker_container state module (bsc#1191285)

rhnlib:

  * Version 4.2.5-1

      + do not build python 2 package for SLE15

salt-netapi-client:

  * Hotfix (bsc#1192550):

  * Version 0.19.0

      + See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.19.0

saltboot-formula:

  * Update to version 0.1.1637232240.87d79ed

      + Prevent python failure under some circumstances when filesystem was not
        set (bsc#1192440)

      + Add missing boot_images option in SLE11 saltboot version

spacecmd:

  * Version 4.2.15-1

      + require python macros for building

spacewalk-backend:

  * Version 4.2.19-1

      + Retrieve and store copyright information about patches

      + SLES PAYG client support on cloud

      + Add headers to update proxy auth token in listChannels (bsc#1193585)

      + require python macros for building

      + exchange zypp-plugin dependency to use the python3 version (bsc#1192514
        )

spacewalk-branding:

  * Version 4.2.12-1

      + Fix header search autofocus

spacewalk-client-tools:

  * Version 4.2.16-1

      + do not build python 2 package for SLE15

      + require python macros for building

spacewalk-config:

  * Version 4.2.5-1

      + add migration for changed rhn.conf values

spacewalk-java:

  * Version 4.2.32-1

      + Pass only selected servers to taskomatic for cancelation (bsc#1194044)

      + Added rights field to generated updateinfo.xml to handle copyright

      + provide static configuration key name for SSHMinionActionExecutor
        parallel threads

      + Add support for custom SSH port for SSH minions

      + add ubuntu errata data and install handling

      + Fix stack overflow when building a CLM project from modular sources (
        bsc#1194990)

      + SLES PAYG client support on cloud

      + Change order of 'Relevant' and 'All' in patches menu

      + Handle multiple Kiwi bundles (bsc#1194905)

      + Install product by default after a channel is subscribed

      + Improve token validation logs

      + fix possible race condition in job handling (bsc#1192510)

      + Migrate the displaying of the date/time to rhn:formatDate

      + Add additional matchers to package (nevra) filter

      + Add greater equals matcher to package (nevra) filter

      + fix XML syntax in cobbler snippets (bsc#1193694)

      + Add new endpoints to packages API: schedulePackageLockChange,
        listPackagesLockStatus

      + Avoid using RPM tags when filtering modular packages in CLM (bsc#
        1192487)

      + Fix stripping module metadata when cloning channels in CLM (bsc#1193008
        )

      + UI and API call for changing proxy

      + require postgresql14 on SLE15 SP4

      + Update proxy path on minion connection

      + fix actionchain stuck in pending/picked up (bsc#1189561)

      + fix parsing error by making SCAP Profile description attribute optional
        (bsc#1192321)

      + Show salt ssh error message in failed action details

spacewalk-reports:

  * Version 4.2.7-1

      + Fixes query for system-history report to prevent more than one row
        returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192)

spacewalk-search:

  * Version 4.2.6-1

      + Rename jakarta to apache on SPEC

spacewalk-setup:

  * Version 4.2.10-1

      + During upgrade, set tomcat connector connectionTimeout to 900000 if the
        previous values is the old default (20000)

spacewalk-utils:

  * Version 4.2.15-1

      + require python macros for building

spacewalk-web:

  * Version 4.2.25-1

      + Add support for custom SSH port for SSH minions

      + SLES PAYG client support on cloud

      + Migrate the displaying of the date/time to rhn:formatDate, get rid of
        the legacy fmt:formatDate glue

      + Fix header search autofocus

      + Fix virtual systems list request error (bsc#1194397)

      + UI for changing proxy

      + Fix legacy timepicker passing wrong time to the backend if server and
        user time differ (bsc#1192699)

      + Fix legacy timepicker passing wrong time to the backend if selected
        date is in summer time (bsc#1192776)

suseRegisterInfo:

  * Version 4.2.5-1

      + require python macros for building

      + Do not build python 2 package for SLE15 and higher

susemanager:

  * Version 4.2.27-1

      + mgr-setup: do not concanate www and apache groups (bsc#1195171)

      + fix pg-migrate to check version of postgresql??-server (bsc#1192368)

      + remove obsoleted sysv init script (bsc#1191857)

susemanager-doc-indexes:

  * Added instructions for Pay-as-you-go to the Installation Guide

  * In the Client Configuration Guide, documented finding channel names for
    registering older SUSE Linux Enterprise clients

  * Documented moving Salt clients between proxies in the Client Configuration
    Guide

  * Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client

  * In the Troubleshooting section of the Client Configuration Guide,
    documented that SUSE Linux Enterprise Server 11 clients require previous
    SSL versions installed on the server

  * In the Retail Guide, adjust branch server version numbers (bsc#1193292)

susemanager-docs_en:

  * Added instructions for Pay-as-you-go to the Installation Guide

  * In the Client Configuration Guide, documented finding channel names for
    registering older SUSE Linux Enterprise clients

  * Documented moving Salt clients between proxies in the Client Configuration
    Guide

  * Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client

  * In the Troubleshooting section of the Client Configuration Guide,
    documented that SUSE Linux Enterprise Server 11 clients require previous
    SSL versions installed on the server

  * In the Retail Guide, adjust branch server version numbers (bsc#1193292)

susemanager-schema:

  * Version 4.2.20-1

      + Added rights column to rhnerrata to handle copyright information

      + Add support for custom SSH port for SSH minions

      + add ubuntu errata data and install handling

      + SLES PAYG client support on cloud

      + Replace not existing Asia/Beijing timezone with Asia/Shanghai (bsc#
        1194862)

      + Continue with index migration when the expected indexes do not exist (
        bsc#1192566)

      + Fix changing of existing proxy path

      + Add pillars to Apply States action

      + Fix rhnChannelNewestPackageView in case there are duplicates (bsc#
        1193612)

susemanager-sls:

  * Version 4.2.20-1

      + Handle multiple Kiwi bundles (bsc#1194905)

      + enforce correct minion configuration similar to bootstrapping (bsc#
        1192510)

      + Add state for changing proxy

      + Update proxy path on minion connection

      + Fix problem installing/removing packages using action chains in
        transactional systems

uyuni-common-libs:

  * Version 4.2.6-1

      + Read modularity data from DISTTAG tag as fallback (bsc#1192487)

      + require python macros for building

uyuni-config-formula:

  * Version 0.2

      + support to manager activation keys

Version 4.2.4

grafana-formula:

  * Add SSH blackbox status check panel to clients dashboard

  * Migrate deprecated panels in clients dashboard

patterns-suse-manager:

  * Add prometheus-blackbox_exporter as recommended for the Proxy

prometheus-formula:

  * Fix opening Prometheus ports on proxy

  * Add Prometheus targets configuration for minions SSH probing

  * Add blackbox exporter

  * Open Prometheus ports (bsc#1191144)

py27-compat-salt:

  * Remove wrong _parse_cpe_name from grains.core

  * Fix file.find tracebacks with non utf8 file names (bsc#1190114)

  * Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)

  * Added Python2 build possibility for RHEL8

  * Do not consider skipped targets as failed for ansible.playbooks state (bsc#
    1190446)

  * Fix traceback.*_exc() calls

spacecmd:

  * Update translation strings

spacewalk-backend:

  * Reposync: replace architecture variables in mirror lists

  * Minor spec update.

  * Added RHN config parameter httpd_config_dir.

  * Avoid GPG errors messages in reposync caused by rpm not understanding
    signatures (bsc#1191538)

  * Improved the diskcheck script to return an exit value and to allow
    performing the check without sending notification

spacewalk-certs-tools:

  * Make bootstrap script to use bash when called with a different interpreter
    (bsc#1191656)

  * set key format to PEM when generating key for traditional clients push ssh
    (bsc#1189643)

spacewalk-client-tools:

  * Update translation strings

spacewalk-java:

  * Fix calling wrong XMLRPC bootstrap method (bsc#1192736)

  * Fix package update action with shared channels (bsc#1191313)

  * fix openscap scan with tailoring-file option (bsc#1192321)

  * switch to best repo auth item for contentsources (bsc#1191442)

  * Implement using re-activation keys when bootstrapping with the Web UI or
    XMLRPC API

  * update last boot time of SSH Minions after bootstrapping (bsc#1191899)

  * Add compressed flag to image pillars when kiwi image is compressed (bsc#
    1191702)

  * Use an 'allow' filter for the kernel packages with live patching filter
    templates (bsc#1191460)

  * Move pickedup actions to history as soon as they are pickedup (bsc#1191444)

  * fix issue with empty action chains getting deleted too early (bsc#1191377)

  * Set product name and version in the User-Agent header when connecting to
    SCC

  * On salt-ssh minions, enforce package list refresh after state apply

  * Run Prometheus JMX exporter as Java agent (bsc#1184617)

  * Fix internal server error on DuplicateSystemsCompare (bsc#1191643)

  * Hide link to CLM live patching template in system details for products that
    don?t support live patching (bsc#1190866)

  * Execute the diskcheck script at login to validate the available space

  * Trigger reboot needed message also when installhint is available on package
    level

  * Add Content Lifecycle Management filter for package provides and use it in
    live patching filter template

  * Allow usage of jinja template in Salt config channels

  * Remove NullPointerException in rhn_web_ui.log when building an image (bsc#
    1185951)

  * mgr-sync refresh logs when a vendor channel is expired and shows how to
    remove it (bsc#1191222)

  * Readable error when "mgr-sync add channel" is called with a non-existing
    label (bsc#1173143)

spacewalk-reports:

  * Improve performance of inventory report (bsc#1191495)

spacewalk-setup:

  * Increase "max_event_size" value for the Salt master (bsc#1191340)

  * Leave Cobbler bootloader directory at the default (bsc#1187708)

  * Don?t delete cobbler.conf contents.

  * Fixed FileNotFoundError on cobbler setup.

  * cobbler20-setup was removed

  * spacewalk-setup-cobbler was reimplemented in Python

  * Config files for Cobbler don?t get edited in place anymore, thus the
    original ones are saved with a ".backup" suffix

spacewalk-web:

  * Implement using re-activation keys when bootstrapping with the Web UI

  * Disable the SPA engine for download links (bsc#1190964)

  * Fix CLM filter edit modal opening (bsc#1190867)

  * Display a warning in the login page if the available disk space on the
    server is running out

  * add Content Lifecycle Management filter for package provides

susemanager:

  * Reorganize bootstrap SSL state

  * Add missing packages on SSL bootstrap of Debian-10 and SLES-15

  * Update translation strings

susemanager-doc-indexes:

  * Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat
    Enterprise Linux 7 in Keeping Clients updated section of the Cookbook

  * Fixed base channel label for Red Hat 8 products in the Client Configuration
    Guide

  * In the Client Configuration Guide, move the information about requiring
    Python to the section covering WebUI registration procedures.

  * Warn about building ARM images on aarch64 architecture in the
    Administration Guide

  * Added DNS resolution for minions to the Troubleshooting section of the
    Client Configuration Guide

  * Documented low on disc space warnings in the Managing Disk Space chapter in
    Administration Guide

  * In the Installation Guide, fix slow downloads via proxy when huge files are
    requested (bsc#1185465)

  * Reactivation key in the Web UI added to the Client Configuration Guide

  * Updated the 'max_connections' section of the Salt Guide (bsc#1191267)

  * In the ports section of the Installation Guide, mention "tftpsync"
    explicitly for port 443 (bsc#1190665)

  * In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to
    refresh repositories reliably.

  * Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)

  * Documented new filter in the Content Lifecycle Management chapter of the
    Administration Guide

susemanager-docs_en:

  * Support for reboot flags added to SLS State for Ubuntu, Debian and Red Hat
    Enterprise Linux 7 in Keeping Clients updated section of the Cookbook

  * Fixed base channel label for Red Hat 8 products in the Client Configuration
    Guide

  * In the Client Configuration Guide, move the information about requiring
    Python to the section covering WebUI registration procedures.

  * Warn about building ARM images on aarch64 architecture in the
    Administration Guide

  * Added DNS resolution for minions to the Troubleshooting section of the
    Client Configuration Guide

  * Documented low on disc space warnings in the Managing Disk Space chapter in
    Administration Guide

  * In the Installation Guide, fix slow downloads via proxy when huge files are
    requested (bsc#1185465)

  * Reactivation key in the Web UI added to the Client Configuration Guide

  * Updated the 'max_connections' section of the Salt Guide (bsc#1191267)

  * In the ports section of the Installation Guide, mention "tftpsync"
    explicitly for port 443 (bsc#1190665)

  * In server upgrade procedure in the Upgrade Guide add 'zypper ref' step to
    refresh repositories reliably.

  * Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)

  * Documented new filter in the Content Lifecycle Management chapter of the
    Administration Guide

susemanager-schema:

  * Add schema directory for susemanager-schema-4.2.18

susemanager-sls:

  * fix openscap scan with tailoring options (bsc#1192321)

  * Fix virt_utils module python 2.6 compatibility (bsc#1191123)

  * Implement using re-activation keys when bootstrapping

  * Add missing compressed_hash value from Kiwi inspect (bsc#1191702)

  * Don?t create skeleton /srv/salt/top.sls

  * Run Prometheus JMX exporter as Java agent (bsc#1184617)

  * Replace FileNotFoundError by python2-compatible OSError (bsc#1191139)

susemanager-sync-data:

  * add SLES15 SP2 LTSS

  * use mirrorlist URLs for Alma Linux 8

Version 4.2.3

cobbler:

  * Fixed modify_setting test to complete successfully

hub-xmlrpc-api:

  * Use rpm systemd macro to restart service in replace of systemctl

patterns-suse-manager:

  * Virtualization-host-formula was renamed to virtualization-formulas

py26-compat-salt:

  * Exclude the full path of a download URL to prevent injection of malicious
    code (bsc#1190265) (CVE-2021-21996)

py26-compat-tornado:

  * Added compatibility to Enterprise Linux 8

py27-compat-salt:

  * Fix the regression of docker_container state module

  * Support querying for JSON data in external sql pillar

  * Exclude the full path of a download URL to prevent injection of malicious
    code (bsc#1190265) (CVE-2021-21996)

  * Fix wrong relative paths resolution with Jinja renderer when importing
    subdirectories

spacecmd:

  * Version 4.2.13-1

      + Update translation strings

      + configchannel_updatefile handles directory properly (bsc#1190512)

      + Add schedule_archivecompleted to mass archive actions (bsc#1181223)

      + Remove whoami from the list of unauthenticated commands (bsc#1188977)

spacewalk-admin:

  * Version 4.2.9-1

      + Fix setup with rhn-config-satellite (bsc#1190300)

      + Allow admins to modify only spacewalk config files with
        rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)

spacewalk-backend:

  * Version 4.2.17-1

      + Update translations strings

      + handle download of metadata filesnames with checksums (bsc#1188315)

      + Sanitize cached filename for custom SSL certs used by reposync (bsc#
        1190751)

spacewalk-certs-tools:

  * Version 4.2.13-1

      + add GPG keys using apt-key on debian machines (bsc#1187998)

spacewalk-client-tools:

  * Version 4.2.14-1

      + Update translation strings

spacewalk-java:

  * Version 4.2.30-1

      + Fix datetime format parsing with moment (bsc#1191348)

  * Version 4.2.29-1

      + Update translation strings

      + fix logging of the spark framework and map requests to media.1
        directory in the download controller (bsc#1189933)

      + Add 'Last build date' column to Content Lifecycle Management project
        list (jsc#PM-2644) (jsc#SUMA-61)

      + Improve exception handling and logging for mgr-libmod calls

      + Add checksums to repository metadata filenames (bsc#1188315)

      + Fix ISE in product migration if base product is missing (bsc#1190151)

      + use TLSv1.3 if it is a supported Protocol

      + Adapt auto errata update to respect maintenance windows

      + Adapt auto errata update to skip during Content Lifecycle Management
        build (bsc#1189609)

      + add CentOS 7/8 aarch64

      + add Oracle Linux 7/8 aarch64

      + add Rocky Linux 8 aarch64

      + add AlmaLinux 8 aarch64

      + add Amazon Linux 2 aarch64

      + Add new endpoints to saltkeys API: acceptedList, pendingList,
        rejectedList, deniedList, accept and reject

      + fix issue in SSM when scheduling patches on multiple systems (bsc#
        1190396, bsc#1190275)

      + Add 'Flush cache' option to Ansible playbook execution (bsc#1190405)

      + Update kernel live patch version on minion startup (bsc#1190276)

      + Allow getting all completed actions via XMLRPC without display limit (
        bsc#1181223)

      + Support syncing patches with advisory status 'pending' (bsc#1190455)

      + Add XMLRPC API to force refreshing pillar data (bsc#1190123)

      + Add missing string on XCCDF scan results (bsc#1190164)

      + Ignore duplicates in 'pkg.installed' result when applying patches (bsc#
        1187572)

      + Improved timezone support

      + implement package locking for salt minions

spacewalk-utils:

  * Version 4.2.14-1

      + When renaming: don?t regenerate CA, allow using third-party certificate
        and trigger pillar refresh (bsc#1190123)

spacewalk-web:

  * Version 4.2.23-1

      + Fix datetime format parsing with moment (bsc#1191348)

  * Version 4.2.22-1

      + Add 'Last build date' column to Content Lifecycle Management project
        list (jsc#PM-2644) (jsc#SUMA-61)

      + Fix 'Type' input in Content Lifecycle Management source edit form (bsc#
        1190820)

      + Add 'Flush cache' checkbox to Ansible playbook execution page (bsc#
        1190405)

      + Fix the VM creation and editing submit button action (bsc#1190602)

      + Improved timezone support

      + Enhance the default base channel help message (bsc#1171520)

subscription-matcher:

  * Version 0.27

      + update subscription rules for new SKUs (bsc#1189818)

supportutils-plugin-susemanager:

  * Version 4.2.3-1

      + detect broken symlinks in tomcat, taskomatic and search daemon

susemanager:

  * Version 4.2.24-1

      + Fix syntax error on migration script (bsc#1191551)

  * Version 4.2.23-1

      + Add aarch64 bootstrap repositories for CentOS 7/8, Oracle Linux 7/8,
        Rocky Linux8, AlmaLinux8, Amazon Linux 2 and openSUSE Leap 15.3

      + Add the gnupg package for ubuntu which is then needed by apt-key (bsc#
        1187998)

      + Add SLE 15 SAP Product ID to SLE15 bootstrap repositories, as it is
        required to get python3-M2Crypto (bsc#1189422)

susemanager-doc-indexes:

  * Added aarch64 support for selection of clients in the Installation Guide
    and Client Configuration Guide

  * Documented Amazon Web Services permissions for Virtual Host Manager in the
    Virtual Host Manager and Amazon Web Service chapters in the Client
    Configuration Guide

  * Fixed unpublished patches note in the server update chapter of the Upgrade
    Guide

  * Updated Proxy installation screenshots to reflect SUSE Manager 4.2 version
    in the Installation Guide

  * Updated migration instructions to help avoid migration from Proxy 4.0 to
    4.1 if 4.2 is already available to the Upgrade Guide

  * Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands
    on the client (bsc#1190166)

  * Removed Portus and CaaSP references from the image management chapter of
    the Administration Guide

  * Documented package lock as a supported feature for some Salt clients in the
    Client Configuration Guide.

susemanager-docs_en:

  * Added aarch64 support for selection of clients in the Installation Guide
    and Client Configuration Guide

  * Documented Amazon Web Services permissions for Virtual Host Manager in the
    Virtual Host Manager and Amazon Web Service chapters in the Client
    Configuration Guide

  * Fixed unpublished patches note in the server update chapter of the Upgrade
    Guide

  * Updated Proxy installation screenshots to reflect SUSE Manager 4.2 version
    in the Installation Guide

  * Updated migration instructions to help avoid migration from Proxy 4.0 to
    4.1 if 4.2 is already available to the Upgrade Guide

  * Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands
    on the client (bsc#1190166)

  * Removed Portus and CaaSP references from the image management chapter of
    the Administration Guide

  * Documented package lock as a supported feature for some Salt clients in the
    Client Configuration Guide.

susemanager-schema:

  * Version 4.2.18-1

      + create unique index on package details action id (bsc#1190396, bsc#
        1190275)

      + Add 'flush_cache' flag to Ansible playbook execution action (bsc#
        1190405)

      + Support syncing patches with advisory status 'pending' (bsc#1190455)

      + allow Ansible Control Node entitlement for aarch64, ppc64le and s390x (
        bsc#1189799)

      + implement package locking for salt minions

susemanager-sls:

  * Version 4.2.17-1

      + Fix cpuinfo grain and virt_utils state python2 compatibility (bsc#
        1191139, bsc#1191123)

      + deploy certificate on SLE Micro 5.1

      + Realign pkgset cookie path for Salt Bundle changes

      + Fix pkgset beacon to work with salt-minion 2016.11.10 (bsc#1189260)

      + Fix virt grain python2 compatibility

      + Fix mgrcompat state module to work with Salt 3003 and 3004

      + Add 'flush_cache' flag to 'ansible.playbooks' call (bsc#1190405)

      + Update kernel live patch version on minion startup (bsc#1190276)

      + don?t use libvirt API to get its version for the virt features grain

      + implement package locking for salt minions

susemanager-sync-data:

  * Version 4.2.9-1

      + add CentOS 7/8 aarch64

      + add Oracle Linux 7/8 aarch64

      + add Rocky Linux 8 aarch64

      + add AlmaLinux 8 aarch64

      + add Amazon Linux 2 aarch64

Version 4.2.2

branch-network-formula:

  * Use kernel parameters from PXE formula also for local boot

cobbler:

  * Fixed Remote Code Execution in the XMLRPC API which additionally allowed
    arbitrary file read and write as root (bsc#1189458, CVE-2021-40323,
    CVE-2021-40324, CVE-2021-40325)

  * This patch introduces a regression where valid log data from Anamon (Red
    Hat Autoinstallation Process) uploaded to cobbler may be rejected

cpu-mitigations-formula:

  * Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

openvpn-formula:

  * Changed package to noarch.

prometheus-exporters-formula:

  * Fix formula data migration with missing exporter configuration (bsc#1188136
    )

py26-compat-salt:

  * Fix error handling in openscap module (bsc#1188647)

  * Define license macro as doc in spec file if not existing

py27-compat-salt:

  * Add missing aarch64 to rpm package architectures

  * Consolidate some state requisites (bsc#1188641)

  * Fix failing unit test for systemd

  * Fix error handling in openscap module (bsc#1188647)

  * Better handling of bad public keys from minions (bsc#1189040)

  * Define license macro as doc in spec file if not existing

saltboot-formula:

  * Use kernel parameters from PXE formula also for local boot

spacecmd:

  * Update translation strings

  * Make schedule_deletearchived to get all actions without display limit

  * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#
    1181223)

  * Use correct API endpoint in list_proxies (bsc#1188042)

  * Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)

spacewalk-backend:

  * Update translation strings

  * Fix typo "verfication" instead of "verification"

spacewalk-certs-tools:

  * Prepare the bootstrap script generator for Rocky Linux 8

spacewalk-client-tools:

  * Update translation strings

spacewalk-java:

  * Show AppStreams tab just for modular channels

  * Fix Json null comparison in virtual network info parsing (bsc#1189167)

  * Update translation strings

  * 'AppStreams with defaults' filter template in CLM

  * Add a link to OS image store dir in image list page

  * Do not log XMLRPC fault exceptions as errors (bsc#1188853)

  * XMLRPC: Add call for listing application monitoring endpoints

  * AppStreams tab for modular channels

  * Link to CLM filter creation from system details page

  * Allow getting all archived actions via XMLRPC without display limit (bsc#
    1181223)

  * Fix NPE when no redhat info could be fetched

  * Java enablement for Rocky Linux 8

  * Delete ActionChains when the last action is a Reboot and it completes (bsc#
    1188163)

  * Properly handle virtual networks without defined bridge (bsc#1189167)

  * Mark SSH minion actions when they?re picked up (bsc#1188505)

  * Add UEFI support for VM creation / editing

  * Add virt-tuner templates to VM creation

  * Fix cleanup always being executed on delete system (bsc#1189011)

  * Warning in Overview page for SLE Micro system (bsc#1188551)

  * Add support for Kiwi options

  * Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#
    1188260)

  * Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory

  * Fix entitlements not being updated during system transfer (bsc#1188032)

  * Simplify the VM creation action in DB

  * Get CPU data for AArch64

  * Handle virtual machines running on pacemaker cluster

  * Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)

  * Add Beijing timezone to selectable timezones (bsc#1188193)

  * Fix updating primary net interface on hardware refresh (bsc#1188400)

  * Fix issues when removing archived actions using XMLRPC api (bsc#1181223)

  * Readable error when "mgr-sync add channel" is called with a no-existing
    label (bsc#1173143)

spacewalk-setup:

  * Enable logging for salt SSH

  * Increase max size for uploaded files to Salt master

spacewalk-utils:

  * Add Rocky Linux 8 repositories

spacewalk-web:

  * Don?t capitalize acronyms

  * Update translation strings

  * 'AppStreams with defaults' filter template in CLM

  * Add a link to OS image store dir in image list page

  * Link to CLM filter creation from system details page

  * Expose UEFI parameters in the VM creation/editing pages

  * Add virt-tuner templates to VM creation

  * Fix cleanup always being executed on delete system (bsc#1189011)

  * Add support for Kiwi options

  * Fix virtualization guests to handle null HostInfo

  * Compare lowercase CPU arch with libvirt domain capabilities

  * Refresh JWT virtual console token before it expires

  * Handle virtual machines running on pacemaker cluster

susemanager:

  * Abort migration if data_directory is defined at the PostgreSQL
    configuration file

  * Update translation strings

  * Add bootstrap repository definitions for Rocky Linux 8

susemanager-build-keys:

  * Add Debian 11

  * Add Rocky Linux 8

susemanager-doc-indexes:

  * Added missing Rocky instructions to the Client Configuration Guide

  * Updated setup section in the Installation Guide about trouble shooting
    freely available products

  * Added channel synchronization warning in the product migration chapter of
    the Client Configuration Guide

  * Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded
    Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported
    client systems in the Client Configuration Guide (bsc#1188656)

  * In the Prometheus chapter of the Administration Guide advise to store data
    locally (bsc#1188855)

  * Additional information added for Inter Server Sync v2 on limitations and
    configuration

  * Documented required SUSE Linux Enterprise Server version for the Ansible
    control node in the Ansible Integration chapter of the Administration Guide
    (bsc#1189419)

  * Added information about installing Python 3.6 on CentOS, Oracle Linux,
    Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat
    in the Client Configuration Guide (bsc#1187335)

  * Corrected the package name for PAM authentication (bsc#1171483)

  * Client Configuration Guide: reorganized navigation bar to list SUSE Linux
    Enterprise Server, openSUSE and other clients in alphabetical order for
    better user experience

  * In the Ansible chapter of the Administration Guide mention that Ansible is
    available on Proxy and Retail Branch Server

  * Added a warning on Ansible hardware requirements to the Retail Guide

  * Improved warning on over-writing images in public cloud in the Client
    Configuration Guide

  * Reference Guide: removed underscores in page titles and nav bar links.

  * Provide more information about Salt SSH user configuration in the Salt
    Guide (bsc#1187549)

  * Documented KIWI options and profile selection in Administration Guide

  * Added note about autoinstallation kernel options and Azure clients

  * Added general information about SUSE Manager registration code that you can
    obtain from a "SUSE Manager Lifecycle Management+" subscription

  * Document new Salt SSH logs at the Client Configuration Guide,
    Troubleshooting section

  * In the monitoring chapter of the Administration Guide mention that
    Prometheus is available on Proxy and Retail Branch Server

  * Added warning on Prometheus hardware requirements in the Retail Guide (bsc#
    1186339)

  * Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client
    Configuration Guide

  * Amended Client Configuration Guide to exclude paragraphs that are Uyuni
    specific for CentOS, AlmaLinux and Oracle clients

susemanager-docs_en:

  * Added missing Rocky instructions to the Client Configuration Guide

  * Updated setup section in the Installation Guide about trouble shooting
    freely available products

  * Added channel synchronization warning in the product migration chapter of
    the Client Configuration Guide

  * Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded
    Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported
    client systems in the Client Configuration Guide (bsc#1188656)

  * In the Prometheus chapter of the Administration Guide advise to store data
    locally (bsc#1188855)

  * Additional information added for Inter Server Sync v2 on limitations and
    configuration

  * Documented required SUSE Linux Enterprise Server version for the Ansible
    control node in the Ansible Integration chapter of the Administration Guide
    (bsc#1189419)

  * Added information about installing Python 3.6 on CentOS, Oracle Linux,
    Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat
    in the Client Configuration Guide (bsc#1187335)

  * Corrected the package name for PAM authentication (bsc#1171483)

  * Client Configuration Guide: reorganized navigation bar to list SUSE Linux
    Enterprise Server, openSUSE and other clients in alphabetical order for
    better user experience

  * In the Ansible chapter of the Administration Guide mention that Ansible is
    available on Proxy and Retail Branch Server

  * Added a warning on Ansible hardware requirements to the Retail Guide

  * Improved warning on over-writing images in public cloud in the Client
    Configuration Guide

  * Reference Guide: removed underscores in page titles and nav bar links.

  * Provide more information about Salt SSH user configuration in the Salt
    Guide (bsc#1187549)

  * Documented KIWI options and profile selection in Administration Guide

  * Added note about autoinstallation kernel options and Azure clients

  * Added general information about SUSE Manager registration code that you can
    obtain from a "SUSE Manager Lifecycle Management+" subscription

  * Document new Salt SSH logs at the Client Configuration Guide,
    Troubleshooting section

  * In the monitoring chapter of the Administration Guide mention that
    Prometheus is available on Proxy and Retail Branch Server

  * Added warning on Prometheus hardware requirements in the Retail Guide (bsc#
    1186339)

  * Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client
    Configuration Guide

  * Amended Client Configuration Guide to exclude paragraphs that are Uyuni
    specific for CentOS, AlmaLinux and Oracle clients

susemanager-schema:

  * Add Rocky Linux 8 key and vendor

  * Fix wrongly assigned entitlements due to system transfer (bsc#1188032)

  * Force a one-off VACUUM ANALYZE

  * Add Kiwi commandline options to Kiwi profile

  * Upgrade scripts idempotency fixes

  * Simplify the VM creation action in DB

  * Handle virtual machines running on pacemaker cluster

  * Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)

  * Add Beijing timezone to selectable timezones (bsc#1188193)

susemanager-sls:

  * Add Rocky Linux 8 support

  * Enable logrotate configuration for Salt SSH minion logs

  * Add UEFI support for VM creation

  * Add virt-tuner templates to VM creation

  * Handle more ocsf2 setups in virt_utils module

  * Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and
    openSUSE MicroOS minions (bsc#1188503)

  * Add findutils to Kiwi bootstrap packages

  * Remove systemid file on salt client cleanup

  * Add support for Kiwi options

  * Skip 'update-ca-certificates' run if the certs are updated automatically

  * Use lscpu to provide more CPU grains for all architectures

  * Fix deleting stopped virtual network (bsc#1186281)

  * Handle virtual machines running on pacemaker cluster

susemanager-sync-data:

  * Support Rocky Linux 8 x86_64

  * Add channel family for MicroOS Z

  * Set OES 2018 SP3 to released

Version 4.2.1

cobbler:

  * Avoid traceback when building tftp files for ppc arch system when
    boot_loader is not set (bsc#1185679)

mgr-libmod:

  * Ignore self-dependencies (bsc#1186502)

prometheus-exporters-formula:

  * Fix null formula data dictionary values (bsc#1186025)

  * Fix exporter exporter modules configuration

prometheus-formula:

  * Add docs stings in file SD UI

py26-compat-salt:

  * Enhance openscap module: add "xccdf_eval" call

py27-compat-salt:

  * Do noop for services states when running systemd in offline mode (bsc#
    1187787)

  * Transactional_updates: do not execute states in parallel but use a queue (
    bsc#1188170)

  * Handle "master tops" data when states are applied by "transactional_update"
    (bsc#1187787)

  * Enhance openscap module: add "xccdf_eval" call

  * Virt: pass emulator when getting domain capabilities from libvirt

  * Implementation of held/unheld functions for state pkg (bsc#1187813)

  * Fix exception in yumpkg.remove for not installed package

  * Fix save for iptables state module (bsc#1185131)

  * Virt: use /dev/kvm to detect KVM

  * Zypperpkg: improve logic for handling vendorchange flags

  * Add bundled provides for tornado to the spec file

  * Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)

  * Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE
    distros

  * Detect Python version to use inside container (bsc#1167586) (bsc#1164192)

  * Handle volumes on stopped pools in virt.vm_info (bsc#1186287)

  * Grains.extra: support old non-intel kernels (bsc#1180650)

  * Fix missing minion returns in batch mode (bsc#1184659)

  * Parsing Epoch out of version provided during pkg remove (bsc#1173692)

spacecmd:

  * Make spacecmd aware of retracted patches/packages

spacewalk-backend:

  * Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)

  * Check if batch needs to be imported even after failure (bsc#1183151)

  * Show better error message when reposync failed

spacewalk-branding:

  * Add modal dialog CSS style

  * Change white space behavior on modal bodies

spacewalk-certs-tools:

  * Generate SSL private keys FIPS 140-2 compatible (bsc#1187593)

spacewalk-java:

  * Fix NPE error when scheduling ErrataAction from relevant errata page (bsc#
    1188289)

  * Bugfix: Prevent "no session" hibernate error on deleting server

  * Add option to run Ansible playbooks in 'test' mode

  * New filter template: Live patching based on a system

  * Adapt generated pillar data to run the new Salt scap state

  * SP migration: wait some seconds before scheduling "package refresh" action
    after migration is completed (bsc#1187963)

  * Cleanup and regenerate system state files when machine id has changed (bsc#
    1187660)

  * Manually disable repositories on redhat like systems

  * Do not update Kickstart session when download after session is complete or
    failed (bsc#1187621)

  * Define a pillar for the https port when connection as ssh-push with tunnel
    (bsc#1187441)

  * Fix the unit test coverage reports

  * Fix random NullPointerException when rendering page tabs (bsc#1182769)

  * Add missing task status strings (bsc#1186744)

  * Show the full state return message for VM actions

  * Show reposync errors in user notification details

  * Do not check accessibility of free product repositories (bsc#1182817)

spacewalk-utils:

  * Use the right URLs for the AlmaLinux 8 Uyuni client tools

  * Add SLE Updates and Backport Updates repositories for openSUSE Leap 15.3

spacewalk-web:

  * Add option to run Ansible playbooks in 'test' mode

  * New filter template: Live patching based on a system

  * Fix bugged search in formula catalog

  * Convert Virtualization modal dialogs to react-modal

  * Update the version for the WebUI

susemanager:

  * Improve the error management for the PostgreSQL migration script (bsc#
    1188297)

  * Add sanity checks in database migration and infere options from system

  * Fix a typo so mgr-create-bootstrap-script can exit gracefully when
    interrupted (bsc#1188073)

  * Porting the package to python3 with proper placement compiled python files

  * Show error message if server migration goes wrong

  * Update migration script to openSUSE 15.3

  * Fix message in database migration (bsc#1187451)

susemanager-doc-indexes:

  * Updated Image Management chapter in Administration Guide; Python and
    python-xml are no longer required for container image inspection (bsc#
    1167586, bsc#1164192)

  * Add procedure to create cluster managed virtual machine in Client
    Configuration Guide

  * Documented transfer between organizations in Reference and Administration
    Guide; this features was previously called migrate.

  * In Product Migration chapter of the Client Configuration Guide add a note
    to install pending updates before starting the migration (bsc#1187065).

  * Update OpenSCAP section in the Administration Guide for usability.

  * Added documentation on new database migration script

  * Added example for live patching based on a system filter template in
    content lifecycle management

  * Added a custom scrape configuration documentation to the Salt guide

susemanager-docs_en:

  * Updated Image Management chapter in Administration Guide; Python and
    python-xml are no longer required for container image inspection (bsc#
    1167586, bsc#1164192)

  * Add procedure to create cluster managed virtual machine in Client
    Configuration Guide

  * Documented transfer between organizations in Reference and Administration
    Guide; this features was previously called migrate.

  * In Product Migration chapter of the Client Configuration Guide add a note
    to install pending updates before starting the migration (bsc#1187065).

  * Update OpenSCAP section in the Administration Guide for usability.

  * Added documentation on new database migration script

  * Added example for live patching based on a system filter template in
    content lifecycle management

  * Added a custom scrape configuration documentation to the Salt guide

susemanager-schema:

  * Add 'test' flag to Ansible playbook actions

  * Use the right URLs for the AlmaLinux 8 Uyuni client tools

susemanager-sls:

  * Fix parameters for 'runplaybook' state (bsc#1188395)

  * Fix Salt scap state to use new 'xccdf_eval' function

  * Fix product detection for native RHEL products (bsc#1187397)

  * When bootstrapping with ssh-push with tunnel use the port number for
    fetching GPG keys from the server (bsc#1187441)

susemanager-sync-data:

  * Set free flag for free products (bsc#1182817)

uyuni-common-libs:

  * Handle broken RPM packages to prevent exceptions causing fails on
    repository synchronization (bsc#1186650)

Major changes since SUSE Manager Server 4.1

New products enabled

  * SUSE Linux Enterprise 15 SP3

  * SUSE Linux Enterprise Micro 5.0 (tech preview)

  * openSUSE Leap 15.3

  * AlmaLinux 8

  * Amazon Linux 2

  * MicroFocus Open Enterprise Server 2018 SP3

Technology Preview: SLE Micro

SLE Micro is an ultra-reliable, lightweight operating system purpose built for
edge computing. It leverages the enterprise hardened security and compliance
components of SUSE Linux Enterprise and merges them with a modern, immutable,
developer-friendly OS platform.

SUSE Manager 4.2 provides limited support for SLE Micro 5.0 clients. The
following features work:

  * Client registration

  * Salt remote commands

  * Formulas and Formulas with Forms

  * Installed software packages, updates, patches, etc are listed

  * Refreshing installed package list

  * Package installation, update, patching, removal

  * Content Lifecycle Management

  * State and configuration channels

  * Autoinstallation with AutoYaST and Yomi

Known issues:

  * transactional-update versions 3.2.2-1.1 or older contain a bug and will not
    work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon,
    which will enable it with Salt and SUSE Manager 4.2.

  * Package and patch installation, removal and update work but after
    installation, the WebUI will not show the actual patch state of the system,
    and it will not notify a reboot is required for those changes to be
    enabled. As a workaround, you can manually schedule a reboot.

  * Action chains will fail

  * Container management. SUSE Manager cannot manage podman containers at the
    moment but you can use Salt remote commands for that.

  * Maintenance windows in SLE Micro are currently independent from SUSE
    Manager?s

  * First releases of SLE Micro 5.0 contained a broken salt-minion package.
    Please make sure you use the latest version available in the SLE Micro
    Update channel.

SLE Micro is only supported as a Salt minion. The traditional stack will not be
supported.

The missing features will be added in upcoming releases of SUSE Manager.

Amazon Linux 2

SUSE Manager is now able to manage Amazon Linux 2 clients as salt-minion or
salt-ssh clients, as well as all other features that work for RHEL 7. Check the
Client Configuration Guide for information about how to configure SUSE Manager
Server to work with Amazon Linux 2 clients.

Support for Amazon Linux 2 is currently only available for the x86_64
architecture. New architectures will be added in a future release of SUSE
Manager.

AlmaLinux 8

SUSE Manager is now able to manage AlmaLinux 8 clients as salt-minion or
salt-ssh clients, as well as all other features that work for RHEL 8. Check the
Client Configuration Guide for information about how to configure SUSE Manager
Server to work with AlmaLinux clients.

AlmaLinux 8 is currently only available for the x86_64 architecture. Support
for AlmaLinux 8 will continue to improve, including support for other
architectures as they are added to AlmaLinux.

Unsupported products

  * Red Hat Enterprise Linux 6

  * SUSE Linux Enterprise Server Expanded Support 6

  * Oracle Linux 6

  * CentOS 6

  * CentOS 8

  * Ubuntu 16.04

We highly encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis.

Deprecated products

  * SUSE Linux Enterprise Server 11

  * Debian 9 (afrer EOL 2022-06-30)

The support policy of SUSE Manager clients can be summarized as: "if the
operating system is under general support by its vendor, then SUSE Manager
supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be
considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches,
backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and
Client Tools (where the client operating system supports Python 3.5+; otherwise
Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  * Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle
    Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, and
    Debian 10. Only a Python 3 version is provided.

  * Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones:
    CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud
    Linux) and Debian 9. Only a Python 2 version is provided. SLE 12
    additionally provides a Python 3 version.

  * Salt 2016.11 is still the version of Salt for SLE 11 SP4. Only a Python 2
    version is provided.

We intend to regularly upgrade Salt to more recent versions, including those
which are still on Salt 3000.

For more details about changes in your manually-created Salt states, see the
Salt 3002 upstream release notes.

Technology Preview: Ansible integration

SUSE Manager uses Salt internally, with the SUSE Manager Server acting as a
salt-master, and supports Salt clients both as salt-minion (with agent) and
salt-ssh (agentless) clients.

Ansible is another popular automation tool, mainly promoted by other vendors
and tools. To lower the barrier of entry for users who want to migrate to SUSE
Manager, we have now integrated Ansible in SUSE Manager:

  * Ansible 2.9 (current LTSS version) is provided in the SUSE Manager Client
    Tools channel for SLE15

  * A new system type "Ansible Control Node" has been added. This will
    automatically install the ansible package and make an Ansible tab show in
    the System Details

  * SUSE does not provide Ansible packages for non-SUSE operating systems. Use
    third-party packages in that case

  * The "Ansible Control Nodes" must be registered as Salt clients (salt-minon
    or salt-ssh) in SUSE Manager

  * Multiple Ansible Control Nodes are supported

  * Configure the paths to Ansible playbooks and inventories in the Ansible tab
    of the Ansible Control Nodes to explore and display them

  * Schedule Ansible playbook execution in your Ansible control nodes as you
    would do with any other action in SUSE Manager

SUSE Manager uses the AnsibleGate Salt module to execute Ansible playbooks
natively.

In SUSE Manager 4.2 GA, Ansible integration is a technology preview that
supports a limited subset of functionality and will be enhanced in upcoming
maintenance updates and releases. Namely, the following features are not yet
supported in this technology preview:

  * Adding or editing Ansible playbooks from SUSE Manager. Do that in the
    Ansible control node.

  * Job templates (passing parameters to Ansible playbooks). You can do that
    via Salt states using AnsibleGate.

  * Conditional execution. You can do that via Salt states using AnsibleGate.

Please provide feedback on this feature via your SUSE Customer Service or Sales
representatives, SUSE forums, or the upstream Uyuni Project community.

Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server

The "Service Pack Migration" feature has been renamed "Product Migration".

In SUSE Manager 4.2, the Product Migration feature allows two different use
cases:

  * Migration from one service pack to another within the same major version of
    SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)

  * Migration from openSUSE Leap to the equivalent version of SLES (e. g. from
    Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is
    required, which can be obtained from SCC for free.

Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to
SLE 15) is not possible using the Product Migration feature. Use
autoinstallation profiles for that.

Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not
available at the moment.

"Migrate" has been renamed to "Transfer" to avoid confusion.

Usability

Client systems forwarded to SUSE Customer Center

Until SUSE Manager 4.1, the SUSE Manager Server was listed in SCC but the
managed clients were not. This surprised users, who did not understand why
clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients
connected with SUSE Manager would not.

Responding to this often-asked question and feature request, we have now
implemented client list forwarding to SCC in SUSE Manager 4.2.

By default, all the clients (even non-SUSE operating systems) managed by SUSE
Manager Server (connected directly or via Proxy or Retail Branch Server) will
be listed in SCC. When a client is removed from SUSE Manager, it will also be
removed from SCC.

The information transferred is limited to that which is already collected and
transferred by SUSEconnect, RMT and SMT:

  * Client OS name and version

  * Hostname

  * Number of CPU sockets

  * Architecture

  * UUID of the system

  * Hypervisor and cloud provider information

  * Login: SUSE Manager insance id + client system id

  * Password: random string generated by SUSE Manager. Not used.

This information is used for statisical and product research purposes only.

In case you want to completely disable client list submission to SCC, set this
parameter in /etc/rhn/rhn.conf and restart SUSE Manager (spacewalk-service
restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an
upcoming update in SCC.

Configuration state summary

In SUSE Manager, configuration may come from many different places: SUSE
Manager itself, configuration channels assigned to your organization,
configuration channels assigned to the system groups your clients belong to,
configuration channels assigned directly to a client system or formulas with
forms.

When managing a large number of clients distributed across several
organizations, with multiple system groups, channels, etc, knowing what is
exactly the configuration that will be applied may become a daunting task.

In SUSE Manager 4.2, we have added the configuration state summary to the
Highstate page of the client. With this, you can see exactly where state is
coming from.

Live patching made easy with filter templates

SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles
to once a year which saves companies a time, resources and availability
compared to not using live patching at all.

Setting up Live Patching requires installing specific kernel versions which are
enabled for live patches, and installing the specific live patches.

SUSE Manager 4.2 implements filter templates, which are a set of pre-defined
filters for a specific use case. The first filter template we are including in
SUSE Manager 4.2 makes it easy to configure live patching for a specific SUSE
product (e. g. SLE 15 SP2). New filter templates and additional information
about the lifecycle of the live kernel will be added in upcoming versions of
SUSE Manager.

Allow setting system primary FQDN

The System > Details > Hardware page allows to view and set the primary FQDN of
a client system.

This feature is useful when managing clients which do not know their own
external IP address or DNS name, such as client systems on public cloud, or
routed clients. The primary FQDN is used to configure the default target
address for monitoring.

Calendar widget for maintenance windows

The raw iCal output that was displayed when creating maintenance windows has
been replaced with a graphical control ("widget"), making scheduling
maintenance windows easier:

  * An interactive calendar has replaced the display of the iCalendar file in
    the details view

  * An interactive web calendar replaces the list of upcoming maintenance
    windows in the details of a maintenance schedule, and events associated
    with that schedule are displayed.

Easier system group and configuration channel assignment

We have simplified the screens where system groups and configuration channels
were assigned by removing the tabs and subtabs. All the information and actions
are now in the same screen.

Enhanced CLM filter list

The Content Lifecycle Management filter list screen how allows filter
selection, deletion and sorting and search by project.

Notify beacon for DEB-based clients

While the recommended way to manage clients is to install, remove, patch, etc
from SUSE Manager, which triggers the correct actions, sometimes users run the
package managers directly. When doing this on Debian and Ubuntu clients, the
WebUI showed an outdated package list for some time.

SUSE Manager now hooks directly into the package manager database on the client
to identify local package management and trigger a package refresh from the
Server to make sure the list of packages is always up to date.

Logging

mgr-create-bootstrap-repo will now log under /var/log/rhn/
mgr-create-bootstrap-repo and will rotate the log files daily, keeping an
history of 30 days. Clean up any leftover log file in /var/log/rhn/
mgr-create-bootstrap-repo.* by archiving or deleting them.

Security: OpenSCAP enhancements

The OpenSCAP auditing feature has been in SUSE Manager for years, relying on
content provided externally.

In SUSE Manager 4.2, SUSE is providing SCAP profiles to audit SLES, openSUSE,
RHEL, CentOS, Oracle Linux, Ubuntu and Debian. Remediation scripts and Ansible
playbooks are also provided.

Check the Administration Guide for more details on how to use this feature:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager/
administration/openscap.html

Additionally, OpenSCAP auditing is now possible for multiple Salt clients at
the same time using the Systems Set Manager.

Ubuntu Universe repository changes

Ubuntu 20.04 LTS provides the OpenSCAP scanner in the Universe repository,
which made mirroring Universe a requirement for OpenSCAP analysis to work on
Ubuntu 20.04 LTS clients. We are now providing the OpenSCAP scanner package in
the SUSE Manager Client Tools for Ubuntu 20.04 LTS channel, therefore mirroring
Ubuntu Universe is no longer required and has become an optional channel.

For users who still want to mirror Ubuntu Universe, we have added the
universe-update and universe-security repositories to the Product Wizard, as
optional.

Monitoring

Prometheus TLS

Prometheus and the Prometheus formulas now support TLS and basic authentication
for HTTP endpoints. This provides a way to securely transfer metrics data.

Updated Prometheus

Prometheus has been updated from version 2.21.1 to version 2.26.0, which brings
a number of bugfixes and improvements (such as securing connections using TLS).

For details on what changed in each version between 2.21.1 and 2.26.0, see:

  * https://github.com/prometheus/prometheus/releases/tag/v2.22.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.23.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.26.0

Updated Grafana

Grafana has been updated from version 7.1.5 to version 7.4.2 in the Client
Tools channels.

Check the upstream documentation for details on what has changed:

  * Changes from 7.1 to 7.2

  * Changes from 7.2 to 7.3

  * Changes from 7.3 to 7.4

Updated Node Exporter

The Prometheus Node Exporter has been update from version 1.0.1 to version
1.1.2.

Check the upstream documentation for details on what has changed:

  * Changes from 1.0.1 to 1.1.0

  * Changes from 1.1.0 to 1.1.1

  * Changes from 1.1.1 to 1.1.2

Updated Prometheus Exporters formula

The Prometheus Exporters formula can now be used to configure the Prometheus
Exporter Exporter (reverse proxy) on Ubuntu clients.

Virtualization

Virtualization in SUSE Manager has received a number of enhancements:

  * Fine-tuning: CPU pinning and special memory configurations, such as those
    required when running SAP under KVM, can now be configured with Salt
    states.

  * Virtual networks: it is now possible to create, remove and edit virtual
    networks from the WebUI, and also using Salt states.

  * Autostart: automatically start needed networks and storage pools when
    creating/starting a VM

  * Virtual console: the virtual console monitors virtual machine state changes
    and can be opened even when the virtual machine is powered off. This helps
    in debugging startup issues, and allows to manage the VM even when it is
    running on another virtualization host.

  * The virtpoller beacon is now removed a replaced by a refresh action.

Custom data as pillar

Traditional stack clients could receive some custom information via macros but
this feature was missing on Salt clients.

In SUSE Manager 4.2, we have implemented passing any custom information to Salt
clients (both salt-minion and salt-ssh) via pillars:

salt \* pillar.get custom_info:key1
minion:
    val1

Retracted patches

When an operating system vendor releases a new patch, it might happen that the
patch has undesirable side effects (security, stability, boot no longer
working, etc) on some scenario that was not identified by testing. When that
happens (very rarely), vendors typically release a new patch, which may take
from hours to days, depending on the internal processes in place by that
vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back
such patches in minutes by simply removing the bad patch from the repository
metadata and resorting to the previously working patch. These patches receive
the advisory status "retracted" (instead of the usual "final" or "stable").

SUSE Manager now supports retracted paches across all the lifecycle:

  * Retracted patches can be synchronized

  * When a patch is retracted, it will be noted as such with its own specific
    icon and status

  * Retracted patches can be cloned

Following the behavior defined in zypper:

  * Once a retracted patch is installed, it will not be uninstalled unless you
    uninstall it explicitly. SUSE Manager will never automatically uninstall
    anything from your systems on its own.

  * Once a patch has been retracted by the vendor, the retracted patch cannot
    be installed via normal patch, update and installations.

  * Retracted patches remain available in the software channels and can be
    forcefully-installed/updated-to by speficying the exact version you want to
    install (e. g. by using zypper directly or by using the exact version in a
    Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly
different than usual:

  * When a Content Lifecycle Management project uses a source channel which
    contains a now-retracted patch, a warning is displayed so that you are
    aware you should build and propagate the patch as soon as possible.

  * When a retracted patch is synchronized, it will not be cloned to the cloned
    channels by default. You will need to propagate it explicitly, like any
    other patch.

  * In contrast, once a retracted patch has been added one Content Lifecycle
    Management project and the project software channels built, the retracted
    patch will be automaticaly propagated all the other projects where that
    (now retracted) patch is available.

API

HTML documentation

The API documentation is now available in HTML format, in addition to the
existing PDF document.

The new HTML API documentation includes a search engine too:
https://documentation.suse.com/external-tree/en-us/suma/4.2/suse-manager-api/
index.html

New API calls

New API calls have been added:

  * Enhanced config channel API with list assigned groups

  * Enhanced server group API with config channel and formula access methods

  * Added an API endpoint to allow/disallow scheduling irrelevant patches

  * Added APIs to manage retracted patches

  * Added APIs to set and get the primary FQDN of a given system
    (system.getNetworkForSystems/system.setPrimaryFqdn)

Removed API calls

The following API functions were deprecated for a long time and have been
removed in SUSE Manager 4.2:

  * ActivationKeyHandler addPackageNames(User loggedInUser, String key, List
    packageNames)

  * ActivationKeyHandler removePackageNames(User loggedInUser, String key, List
    packageNames)

  * ChannelHandler listRedHatChannels(User loggedInUser)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel)

  * ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid,
    List<String> channelLabels)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate, String endDate)

  * ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List
    <String> labels)

  * ChannelSoftwareHandler unsubscribeChannels(User user, List<Integer> sids,
    String baseChannel, List<String> childLabels)

  * ErrataHandler listByDate(User loggedInUser, String channelLabel)

  * KickstartHandler listKickstartableTrees(User loggedInUser, String
    channelLabel)

  * ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  * SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  * SystemHandler listChildChannels(User loggedInUser, Integer sid)

  * SystemHandler applyErrata(User loggedInUser, Integer sid, List<Integer>
    errataIds)

  * UserHandler getLoggedInTime(User loggedInUser, String login)

  * SystemHandler setChildChannels(User loggedInUser, Integer sid, List
    channelIdsOrLabels)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, String
    channelLabel)

spacecmd

The spacecmd commandset has been modified to match the current features of the
product:

  * Add group_addconfigchannel and group_removeconfigchannel

  * Add group_listconfigchannels and configchannel_listgroups

  * Deprecated "Software Crashes" commands

Translations

SUSE Manager 4.2 is available in English, Simplified Chinese, Japanese and
Korean. Additional languages may be available as community translations, which
need to be enabled explicitly by a SUSE Manager administrator.

Language selection is per user and can be set in the User Preferences. There
are separate settings for the WebUI and the documentation. Command-line tools
are displayed in the language defined by the user locale settings.

At the moment, Formulas with Forms are only available in English.

English

As the main language of SUSE Manager, software and documentation are available
in English first.

The English documentation is always the most up-to-date and considered
authoritative in case of conflict between translation and English.

Simplified Chinese

The WebUI, command-line tools and basic documentation (Installation Guide,
Upgrade Guide and Client Configuration Guide) are available in Chinese.

Japanese

The WebUI, command-line tools and basic documentation (Installation Guide,
Upgrade Guide and Client Configuration Guide) are available in Japanese.

Korean

The WebUI, command-line tools and basic documentation (Installation Guide,
Upgrade Guide and Client Configuration Guide) are available in Korean.

Community translations

The upstream Uyuni Community has translated Uyuni and SUSE Manager to more
languages, which have not been reviewed by SUSE.

Since these additional translations have not been reviewed by SUSE, they are
shipped in SUSE Manager but disabled by default. Please note these translations
may be incomplete and quality may be lower than the official translations.

You need to specify the full list of languages you want to make available to
users, including official translations. For instance, to enable community
translations for Slovak and Czech, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,zh_CN,ko,ja,sk,cz

A restart of Tomcat is required.

As of SUSE Manager 4.2 GA, the most complete community translations are:

  * Brazilian Portuguese (pt_BR)

  * Slovak (sk)

  * Czech (cz)

  * Spanish (es)

  * Italian (it)

You can enhance the community translations, or start a new translation to your
language, by translating Uyuni in the openSUSE WebLate instance: https://
l10n.opensuse.org/projects/uyuni/

Cobbler

Cobbler has been updated to version 3.1.2, which enhances support for ppc64le,
s390x, aarch64 and newer Linux distributions.

You can find a list of changes in the upstream site: https://cobbler.github.io/
blog/2020/01/02/cobbler_3.1.1_released.html https://cobbler.github.io/blog/2020
/05/27/cobbler_3.1.2_released.html

PostgreSQL 13

The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE
Manager 4.2 will refuse to start until the database migration from PostgreSQL
12 (or 10, if upgrading from SUSE Manager 4.0) to PostgreSQL 13 has completed
successfully.

Please note the database migration from PostgreSQL 10 (if migrating from SUSE
Manager 4.0) or PostgreSQL 12 (if migrating from SUSE Manager 4.1) will rebuild
the database indices. This may take several hours if you have thousands of
software channels.

SUSE Manager for Retail

SLEPOS 15 SP3 clients

Pre-defined templates for SLEPOS 15 SP3 are now provided. SLEPOS 15 SP3 is
supported for 7.5 years since the release date.

SLEPOS 15  aarch64 clients

The 64-bit ARM aarch64 architecture is now supported for SLEPOS clients, in
addition to the existing x86_64 architecture.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP3.

Dropped features

Activation key dropped from system details

Activation keys can be used when registering new clients, or re-registering
existing clients, to make sure the correct software entitlements, software
channels, system groups, etc are applied when they come under SUSE Manager
management.

After a client is registered to SUSE Manager, activation keys serve no purpose.
Software channels, groups, etc can be changed independently from the activation
key.

The fact the activation key remained in the System Details led users to think
editing the activation key (e. g. changing the software channels assigned to
that activation key) would change what was assigned to that client system. This
is not true. To avoid that confusion, the Activation Key field has been removed
from the System Details of registered clients.

Activation keys can still be used during client registration.

Software Crashes

The Software Crashes feature, based on the ABRT library, has been dropped in
SUSE Manager 4.2. This was a very old feature which only worked on a limited
set of clients and required careful configuration to actually submit crash
reports to the SUSE Manager Server instead of upstream projects.

After a consultation period with users both in the upstream Uyuni community and
the SUSE Manager community, we received no feedback against the removal and
executed on it.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.2 works with SUSE Manager Proxy 4.1/4.0 and SUSE Manager
Retail Branch Server 4.1/4.0 but only for upgrade purposes. The product is not
intented to be used in a mixed-version scenario in production. When upgrading,
upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and
Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/4.2/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Support for CentOS 8

CentOS 8 will be End of Life on 31st December 2021, ending the SUSE Manager
support for this product as well.

We recommend you to migrate your workload to CentOS 8 alternatives (AlmaLinux
8, Rocky Linux 8) as soon as possible so you can continue managing your
infrastructure with SUSE Manager.

Please note "end of support" from the SUSE Manager side means these products
and their client tools remain available in the SUSE Manager product tree and
can still be added, mirrored and used. But in case they stop working at some
point in time, support will only be provided as on a best-effort basis (which
in general means if the issue can be reproduced with a supported operating
system, it will be fixed; but if the issue is specific to the unsupported
operating system, a fix should not be expected).

Future deprecation of the traditional stack

This version of SUSE Manager is compatible with Salt and traditional clients.
SUSE will deprecate traditional clients and traditional proxies in the next
SUSE Manager 4.3 release. The release that follows SUSE Manager 4.3 will not
support traditional clients and traditional proxies, and is planned for 2023.
We encourage all new deployments to use Salt clients and Salt proxies
exclusively, and to migrate existing traditional clients and proxies to Salt.

Support for SLE Micro

SLE Micro is only supported as a Salt minion. The traditional stack will not be
supported.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting or Ansible for automation, are only supported in the context of SUSE
Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for Ansible package

Ansible package is only L2 supported on SUSE Linux Enteprise 15 SP3 or newer.
It is also supported on SUSE Manager Proxy and SUSE Manager Retail Branch
Server 4.2 and higher.

Ansible 'package' is not supported on SLE-Micro.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 7 and 8 minor release clients. Older
minor releases might still work but will only be supported on a limited and
reasonable-effort basis.

The same rule applies to CentOS, Oracle Linux, AlmaLinux and SLES Expanded
Support.

CentOS Stream is explicitly not supported by SUSE. To register CentOS 8 Stream
clients, use the spacewalk-common-channels command-line tool to add and mirror
the product, and the CentOS Stream client tools from the upstream Uyuni Project
.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS and 20.04 LTS clients using Salt.
Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using
Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers
the same functionality that is supported for the x86_64 architecture. Client
tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client
tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is
limited to problem determination, which means technical support designed to
provide compatibility information, usage support, on-going maintenance,
information gathering, and basic troubleshooting using available documentation.
At the time of writing, any problems or bugs specific to RHEL and CentOS on
ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web
UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are
the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.2 on top of an existing SUSE Linux Enterprise
Server 15 SP3 is known to generate an incomplete installation. If you require
such a setup, please contact SUSE Consulting.

Known issues

Log flood

Because of a recent change, rhn_web_ui.log is flooded with token check log
messages as the default log level is "info" instead of "warning". Fix is on way
its but it wasn?t ready for 4.2.5.

  * Workaround: Add the following line in /srv/tomcat/webapps/rhn/WEB-INF/
    classes/log4j.properties

    com.suse.manager.webui.controllers.DownloadController = WARN

This line probably already exists there with INFO level, so you might just need
to change it to WARN.

After this change, restart the tomcat.

Alma Linux

  * AlmaLinux 8 repositories URLs have been changed to the use the mirrors
    list. To use the new URLs on an existing installation, updating and then
    running "mgr-sync refresh" or waiting for its nightly execution is
    required. Please update as soon as possible. New updates for AlmaLinux
    cannot be fetched from the server until this change happened.

  * Because of an upstream bug, the original package shipped with AlmaLinux 8.5
    is providing a broken repository file (containing duplicated
    identificators). We have already reported this issue to AlmaLinux.

    Workaround: Update the package almalinux-release before registering the
    instance to SUSE Manager so at least the version 8.5-3 is installed.

SLE Micro

SLE Micro is only partially supported. Some WebUI features, such as showing the
patch status of the system, or action chains, will not work properly.

This will be fixed in an upcoming release of SUSE Manager.

Translations

Formulas with Forms are only available in English for the time being. This will
be solved in an upcoming version of SUSE Manager.

In some cases, translated documentation might not be up to the most recent
changes in the English version.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red
Hat Enterprise Linux, come with a very large number of packages that may cause
taskomatic to run out of memory. If this occurs, we recommended that you
increase the maximum amount of memory allowed for taskomatic by editing /etc/
rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If
taskomatic continues to run out of memory, you can increase the number further.
However, keep in mind that this will affect the total memory required by SUSE
Manager Server.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API
or CLI tools.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or
compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages
from EPEL, which miss some features available in the SUSE Manager-provided Salt
packages. This is especially important since it will result in the bootstrap
repository containing the non-SUSE Salt packages. Therefore, this is an
unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt
packages from EPEL in advance (for example, by removing the Salt packages in
Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors
may be logged from the moment the official Red Hat channels are added until the
moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS, Oracle Linux or AlmaLinux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it
to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client
works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion
will also work.

                  Works                                   Fails
RH Satellite 5.x ? SUSE Manager            RH Satellite 5.x ? SUSE Manager Salt
traditional                                minion

SUSE Manager traditional ? SUSE Manager
Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt
minions, you will need to modify the bootstrap script to remove the Satellite
agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as
Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE
Customer Service or Sales representatives.

You can also provide feedback using SUSE forums, or the upstream Uyuni Project
community.

Resources

Latest product documentation: https://documentation.suse.com/suma/4.2/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional
information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE LLC
Maxfeldstr. 5
D-90409 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG N?rnberg
Gesch?ftsf?hrer/Managing Director: Felix Imend?rffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erf?llungsort/Legal Venue: N?rnberg

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2021 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.

Last updated 2022-04-06 12:03:08 +0200
