SUSE Manager Server 5.0

Release Notes
2024-04-19 12:32:47 +0400
Table of Contents

  * Version revision history
  * About SUSE Manager 5.0
      + Containerization
      + Native AppStream support
      + Confidential computing Attestation
      + Enhanced CVE Audit
      + Expanded operating system support
      + Health Check Tool
  * Installation
      + Requirements
      + Upgrade from previous version of SUSE Manager Server
  * Major changes since SUSE Manager Server 4.3
      + Beta 2 release
          o Upgrade to Java 17
          o Confidential Computing Attestation: SNP guests
      + Beta 1 release
          o Salt 3006.0
          o PostgreSQL 16
          o Base system changed
      + Removed features
          o Traditional Stack removed
          o Visualization pages
      + Deprecated features
          o Virtualization
          o ISSv1
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Unsupported products
  * Deprecated products
  * Support
      + Supportconfig confidentiality disclaimer
      + Supportability of embedded software components
      + Support for older products
      + Support for SUSE Liberty Linux
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Rocky Linux & AlmaLinux
      + Support for Ubuntu Clients
      + Support for Debian Clients
      + L1 support for RHEL and CentOS ppc64le clients
      + SCAP Security Guide support
      + Browser support
      + SUSE Manager installation
  * Known issues
      + Autoinstallation: Clients behind proxy
      + mgrpush tool
      + mgr-bootstrap tool removed from the Proxy
      + PAM authentication
  * Keep Informed
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE's distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version revision history

  * 24th April, 2024: 5.0 Beta 2 release

  * 1st March, 2024: 5.0 Beta 1 release

About SUSE Manager 5.0

SUSE Manager 5.0, the latest release from SUSE Manager based on the Uyuni
Project, delivers a best-in-class open source infrastructure management and
automation solution that is designed to seamlessly manage and automate your
infrastructure. It helps lower costs, reduce complexity, and enhance
availability across Edge, Cloud, and Datacenter environments.

As an integral part of modern software-defined infrastructure, SUSE Manager 5.0
brings forth the following new or improved capabilities to your Edge, Cloud,
and Datacenter environments.

Containerization

SUSE Manager 5.0 represents a significant evolution with its delivery in
containers, offering enhanced modularity and efficiency. In version 4.3, the
SUSE Manager Proxy and Retail Branch Server were containerized. However, with
this release, the SUSE Manager Server is now delivered in containers.

This shift allows for improved portability, simplifying deployment and
management in modern container-centric environments. By containerizing the
Server, flexibility is increased and it becomes easier to adapt to various
infrastructure setups. This is the first step toward further modularization,
preparing SUSE Manager Server for resilience and scalability. Future versions
of SUSE Manager are expected to continue this journey.

Containerization streamlines deployment and management processes, resulting in
better resilience and improved infrastructure availability. These changes
reflect a commitment to delivering a more adaptable and efficient solution for
managing different environments.

These enhancements are expected to greatly benefit users, providing them with a
more flexible and efficient SUSE Manager.

Native AppStream support

AppStreams in Red Hat Enterprise Linux (RHEL) are repositories that provide
curated software packages, solving the problem of discovering and installing
applications, libraries, and development tools efficiently on RHEL systems
while simplifying the required list of RPM repositories.

However, SUSE Manager has been supporting RHEL 8 and RHEL 9 by removing modular
data from the AppStream. This process involved flattening the repository by
removing the modular data, essentially reverting it to a traditional repository
format.

With SUSE Manager 5.0, we will be removing this limitation so SUSE Manager can
natively support AppStreams. This enhancement will significantly improve the
user experience, enabling users to manage systems consistently both from SUSE
Manager and directly from the clients using DNF.

Confidential computing Attestation

Confidential computing is becoming increasingly crucial in our industry. While
there is significant ongoing work in the industry and within SUSE on this
topic, SUSE Manager will play a role in aiding confidential computing
attestation. We will adopt a phased approach, starting with a small-scale
implementation and gradually expanding. Initially, our offering will be
exclusively on AMD-based hardware, aligning with available tools.

Enhanced CVE Audit

SUSE Manager's CVE audit feature scans systems and images for known security
vulnerabilities (CVEs), providing administrators with visibility and enabling
prioritization and mitigation based on severity. Previously, it relied on
channel metadata to determine system vulnerability, leading to limitations in
distinguishing between unaffected systems and those lacking needed patches.

To expand this, we are enhancing the approach by integrating OVAL data provided
by the upstream. This helps us avoid false positives and allows for system
scanning without the need to synchronize channels. Channel information will
continue to be for patch application and remediation.

Expanded operating system support

With the release of SUSE Manager 5.0, the platform now supports next-generation
SLE Micro 6.0, SLE 15 SP6 family, and Liberty 7 LTSS, allowing for centralized
management of Enterprise Linux distributions irrespective of their location.

SUSE Manager now boasts management capabilities for various distributions, such
as SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP
Applications, SUSE Linux Enterprise Server Micro, Red Hat Enterprise Linux,
openSUSE, SUSE Liberty Linux, Oracle Linux, CentOS, AlmaLinux, Rocky Linux,
Ubuntu, Debian, and Amazon Linux.

Health Check Tool

SUSE Manager 5.0 will introduce a standalone Health Check tool. This tool
provides a detailed dashboard, metrics, and logs from a SUSE server, showcasing
its current health status. Users can efficiently evaluate the health of their
running instance and identify any potential errors for effective
troubleshooting.

Installation

Requirements

SUSE Manager 5.0 will not be a base product. Instead, it will be an extension
for SUSE Enterprise Linux Micro 5.5, provided through the SUSE Customer Center.
This extension will include all the necessary tools to install and manage SUSE
Manager. It is compatible with SUSE Enterprise Linux Micro 5.5 and supports
x86_64, s390x, and now also ARM64 (AArch64) architectures. SUSE Manager 5.0
will be made available on IBM POWER (ppc64le) in a later release.

SUSE Manager Server, Proxy, and Retail Branch Server will be delivered in
containers, accessible from the SUSE Registry.

Only the containerized versions of SUSE Manager Server, Proxy and Retail Branch
Server will be available for SUSE Manager 5.0.

No separate subscription is required for SUSE Linux Enterprise Micro.
Additionally, VM images are provided for simplified setup, featuring preloaded
configurations for easy customization.

Currently, the PostgreSQL database is locally deployed within the same
container environment as the Server. In an upcoming version of SUSE Manager, we
are considering adding support for remote PostgreSQL databases.

For more details on system requirements, see the Installation Guide on https://
documentation.suse.com/suma/5.0/.

Upgrade from previous version of SUSE Manager Server

Please be aware that an in-place upgrade from SUSE Manager Server 4.3 is not
supported. However, SUSE Manager 5.0 comes equipped with the necessary tools to
streamline the migration process. This involves running both versions in
parallel and transferring data from the existing 4.3 Server to the new 5.0
Server though. Once the migration is complete, all connected clients will
seamlessly continue to run without any changes.

For detailed instructions on upgrading, please refer to the Upgrade Guide
available at https://documentation.suse.com/suma/5.0/.

Major changes since SUSE Manager Server 4.3

Beta 2 release

Upgrade to Java 17

In SUSE Manager 5.0, we're upgrading to the next LTS version of Java, which is
Java 17. This update brings several new features, security enhancements,
including support for new TLS versions and improved certificate validation.

For more information on this topic, see https://www.oracle.com/java/
technologies/javase/17-relnote-issues.html

Confidential Computing Attestation: SNP guests

SUSE Manager will be helping in supporting confidential computing attestation.
Specifically, we've incorporated the API components for attesting AMD SEV-SNP
clients with Beta 2. This functionality is compatible with hardware featuring
either an AMD EPYC Milan CPU or an AMD EPYC Genoa CPU.

Furthermore, we're actively improving the user interface to provide a more
user-friendly experience for those who prefer graphical interfaces.

For more information, please follow the official docs

Beta 1 release

Salt 3006.0

SUSE Manager 5.0, continues to use Salt 3006.0. It is considered by upstream to
be a long-term support (LTS) version. Our plan is to upgrade to the next LTS
version, which will be 3008.0 when available. Short-term support (STS) versions
of salt are not supported for use with SUSE Manager.

Throughout this process, all critical bug fixes, including CVEs, L3 fixes, and
essential features needed for SUSE Manager, will be provided.

PostgreSQL 16

The database engine has been updated from PostgreSQL 14 to PostgreSQL 16, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

Base system changed

SUSE Manager 4.3 was built on SUSE Linux Enterprise 15 SP4. SUSE Manager 5.0,
moves to SUSE Linux Enterprise Micro 5.5 as the container host system. This
change was made because SLE Micro is designed for container workloads and has a
longer lifecycle. The SLE Micro subscription for the server will be included in
the SUSE Manager subscription.

The supported container host is SLE Micro 5.5, while the image itself will be
based on bci-init image, which is then based on SLES 15 SP6.

Removed features

Traditional Stack removed

Starting with the SUSE Manager 4.3 release, the traditional client stack was
marked as deprecated. Now, with the release of SUSE Manager 5.0, we are
completely removing support for the traditional (Spacewalk client) stack.

For additional details on migrating traditional clients to Salt clients, please
refer to Migrate traditional clients to Salt clients.

          In SUSE Manager 5.0, the same set of client tools as in SUSE Manager
          4.3 is utilized to deliver the necessary packages for the clients.
          However, it is essential to recognize that while certain traditional
          stack-related packages are still supported in 4.3, they are no longer
Important supported in 5.0. Therefore, although users may still observe some of
          these packages, and zypper may list them as L3 supported sources,
          they are only supported within the context of SUSE Manager 4.3. Any
          packages related to the traditional stack are not supported in SUSE
          Manager 5.0.

Visualization pages

Visualization pages have been removed from SUSE Manager 5.0.

Deprecated features

Virtualization

Starting from the SUSE Manager 5.0 release, the libvirt management feature will
be deprecated and subsequently removed in future versions. If you still rely on
VM management functionalities, we highly recommend considering alternatives
like Harvester.

ISSv1

Starting from the SUSE Manager 5.0 release, ISSv1 will be deprecated and
eventually removed in future versions. We strongly advise transitioning to
ISSv2 or newer synchronization solutions. If you encounter any gaps or issues
during this transition, please contact us.

Upgrade

Upgrading with SUSE Manager Proxy

Although SUSE Manager Server 5.0 works with SUSE Manager Proxy 4.3 and SUSE
Manager Retail Branch Server 4.3, we highly recommend upgrading your Proxy and
Retail Branch Server when feasible. The product is designed for optimal
performance when used in a scenario where all components ? SUSE Manager Server,
SUSE Manager Proxy, and Retail Branch Server ? are of the same version. It's
generally advised to avoid using mixed versions long-term in production
environments.

When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE
Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/5.0/.

Important Only the containerized versions of SUSE Manager Proxy and Retail
          Branch server will be available for SUSE Manager 5.0.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Unsupported products

  * SUSE Linux Enterprise Server Expanded Support 6

  * SUSE Linux Enterprise Server 11

  * Red Hat Enterprise Linux 6

  * Oracle Linux 6

  * CentOS 6

  * CentOS 8

  * CentOS Stream

  * Ubuntu 16.04

  * Ubuntu 18.04

  * Debian 9

  * Debian 10

We encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis.

Deprecated products

The support policy of SUSE Manager clients can be summarized as: "if the
operating system is under general support by its vendor, then SUSE Manager
supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be
considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig or mgradm support, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting, are only supported in the context of SUSE Manager. Stand-alone usage
(e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for SUSE Liberty Linux

SUSE Manager supports SUSE Liberty Linux 7, 8 and 9. SUSE Liberty Linux clients
are sometimes also called SUSE Linux Enterprise Server with Expanded Support
(SLESES) or simply RES.

SUSE has offered LTSS support for SUSE Liberty Linux 7, and SUSE Manager will
continue to support it throughout the LTSS phase.

For a detailed list of supported features, check the Client Configuration Guide
.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports RHEL/Oracle Linux 8 and 9.

SUSE Manager has the ability to mirror all entitled content for the supported
operating systems. Although SUSE Manager doesn't assign content for specific
systems using subscription-manager, it does rely on it initially to retrieve
the list of repositories that are available. By utilizing the same EUS channels
that Red Hat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE.

Note: Direct sync'ing ULN repos with SUSE Manager are not currently supported.
An Oracle Local Distribution for ULN must be used. To set up a local ULN
mirror, please consult the Oracle documentation provided at the following link

Support for Rocky Linux & AlmaLinux

SUSE Manager supports Rocky Linux 8/9 and AlmaLinux 8/9.

For a detailed list of supported features for AlmaLinux, check the Client
Configuration Guide. For a detailed list of supported features for Rocky Linux,
check the Client Configuration Guide.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 20.04 LTS and 22.04 LTS clients using Salt.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 12 "bookworm" & Debian 11 "bullseye" clients using
Salt.

Support for Debian is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers
the same functionality that is supported for the x86_64 architecture. Client
tools are not available yet from SCC but the CentOS 7 client tools from Uyuni
can be enabled using spacewalk-common-channels. There's no CentOS 8 support.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is
limited to problem determination, which means technical support designed to
provide compatibility information, usage support, on-going maintenance,
information gathering, and basic troubleshooting using available documentation.
At the time of writing, any problems or bugs specific to RHEL and CentOS on
ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

SCAP Security Guide support

SUSE provides scap-security-guide package for different OpenSCAP profiles. In
the current version of scap-security-guide, SUSE supports the following
profiles:

  * DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  * PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  * HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially
supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied
and not officially supported by SUSE.

Browser support

To effectively manage your SUSE Manager environment via the Web UI, it's
essential to use an up-to-date web browser. SUSE Manager is compatible with:

  * The latest Firefox browser provided with SUSE Linux Enterprise Server

  * The latest Chrome browser across all operating systems

  * The latest Edge browser provided with Windows

Please note that Windows Internet Explorer is not supported. The SUSE Manager
Web UI may not render correctly when accessed through Windows Internet
Explorer.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The only supported methods for installing SUSE Manager is by utilizing images
provided by SUSE, or the tools provided in the SUSE Manager 5.0 Extension, on
top of SUSE Linux Enterprise Micro 5.5.

Known issues

Autoinstallation: Clients behind proxy

In the retail scenario, there is an issue where clients behind a proxy are
connecting directly to the server. We need to translate the server's FQDN to
the proxy one. Fix will be provided as part of RC.

mgrpush tool

The mgrpush tool will be functional only from the client side. Although it
remains on the Server for the time being, it will no longer function and will
eventually be removed.

mgr-bootstrap tool removed from the Proxy

The mgr-bootstrap tool has been taken out from the Proxy and will be removed
from the Server as well in future. Overall, several tools on both the Server
and Proxy will be phased out in favor of the API or integrated into mgrpxy/
mgradm.

If users wish to create a bootstrap script to register against the Proxy, they
can do so using the following command from the Server container:

mgr-boostrap --hostname $proxyfqdn

PAM authentication

We are currently in the process of enabling PAM authentication in containerized
SUSE Manager Server, but it's not completed yet. Therefore, it won't be
available in Beta 2.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 5.0 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the upstream Uyuni community and monthly community meetings

  * Join the channels https://gitter.im/uyuni-project/users [users] and https:/
    /gitter.im/uyuni-project/devel [devel] at Gitter to chat with upstream
    community.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE
Customer Service or Sales representatives

Resources

Latest product documentation: https://documentation.suse.com/suma/5.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/source-code/ for additional information on the
source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Frankenstra?e 146
D-90461 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2024 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Team.

Last updated 2024-04-19 12:32:47 +0400
