SUSE Manager Server 5.0

Release Notes
2024-10-29 13:36:10 +0400
Table of Contents

  * Version revision history
  * About SUSE Manager 5.0
      + Containerization
      + Native AppStream support
      + Confidential Computing Attestation
      + Enhanced CVE Audit
      + Expanded operating system support
      + Health Check Tool
  * Installation
      + Requirements
      + Upgrade from previous version of SUSE Manager Server
      + Virtual Machine images for SUSE Manager Server 5.0
  * Major changes since SUSE Manager Server 5.0 GA
      + Features and changes
          o Version 5.0.2
              # Ubuntu 24.04 support as client
              # Product migration from RHEL and Clones to SUSE Liberty Linux
              # POS image templates now produce compressed images
              # Date format for API endpoints
              # CVE fixes
          o Version 5.0.1
              # SUSE Manager Server cloud images
              # Configure AppStreams via Activation Keys
              # Migration: Prepare command
              # Transactional-update.timer Disabled
      + Patches
          o Version 5.0.2
          o Version 5.0.1
  * Major changes since SUSE Manager Server 4.3
      + Base system changed
      + Salt 3006.0
      + PostgreSQL 16
      + Upgrade to Java 17
      + New products enabled
      + Native support for AppStream repositories
      + Confidential Computing Attestation
      + New update-salt recurring state
      + System getRelevantErrata API endpoint
      + Monitoring
          o Node exporter upgraded to 1.7.0
          o Grafana upgraded to 9.5.18
      + Changed behaviour of repo-sync
      + Removed features
          o Traditional Stack removed
          o Bare metal discovery/provisioning
          o Visualization pages
      + Deprecated features
          o Virtualization
          o ISSv1
  * Upgrade
      + Upgrading with SUSE Manager Proxy
      + Upgrading with inter-server synchronization
  * Unsupported products
  * Deprecated products
  * Support
      + Supportconfig confidentiality disclaimer
      + Supportability of embedded software components
      + Support for older products
      + Support for SUSE Liberty Linux
      + Support for RHEL, CentOS and Oracle Linux Clients
      + Support for Rocky Linux & AlmaLinux
      + Support for Ubuntu Clients
      + Support for Debian Clients
      + L1 support for RHEL and CentOS ppc64le clients
      + SCAP Security Guide support
      + Browser support
      + SUSE Manager installation
  * Known issues
      + Important: Migration from 4.3 to 5.0 Issue
      + Salt - IPv6 Connection refusal after migrating to SUSE Manager 5.0
      + Monitoring for SUSE Linux Micro 6.0
      + Migration from SLE Micro 5.5 to SUSE Linux Micro 6.0
      + Migration from SLES 15 SP3 to SLES 15 SP4 issue
      + Retail: Local boot issue of SLE12 SP5 based images
      + Transactional systems - Salt SSH execution
      + mgrpush tool
      + mgr-bootstrap tool removed from the Proxy
  * Keep Informed
  * Providing feedback
  * Resources
  * Legal Notices
  * Colophon

5.0.2

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires that SUSE makes available certain source
code that corresponds to the GPL-licensed material. The source code is
available for download.

For up to three years after SUSE's distribution of the SUSE product, SUSE will
mail a copy of the source code upon request. Requests should be sent by e-mail
or as otherwise instructed here. SUSE may charge a fee to recover reasonable
costs of distribution.

Version revision history

  * November 2024: 5.0.2 release

  * September 17th 2024: 5.0.1 release

  * July 16th 2024: 5.0 GA

About SUSE Manager 5.0

SUSE Manager 5.0, the latest release from SUSE Manager based on the Uyuni
Project, delivers a best-in-class open source infrastructure management and
automation solution that is designed to seamlessly manage and automate your
infrastructure. It helps lower costs, reduce complexity, and enhance
availability across Edge, Cloud, and Datacenter environments.

As an integral part of modern software-defined infrastructure, SUSE Manager 5.0
brings forth the following new or improved capabilities to your Edge, Cloud,
and Datacenter environments.

Containerization

SUSE Manager 5.0 represents a significant evolution with its delivery in
containers, offering enhanced modularity and efficiency. In version 4.3, the
SUSE Manager Proxy and Retail Branch Server were containerized. However, with
this release, the SUSE Manager Server is now delivered in containers.

This shift allows for improved portability, simplifying deployment and
management in modern container-centric environments. By containerizing the
Server, flexibility is increased and it becomes easier to adapt to various
infrastructure setups. This is the first step toward further modularization,
preparing SUSE Manager Server for resilience and scalability. Future versions
of SUSE Manager are expected to continue this journey.

Containerization streamlines deployment and management processes, resulting in
better resilience and improved infrastructure availability. These changes
reflect a commitment to delivering a more adaptable and efficient solution for
managing different environments.

These enhancements are expected to greatly benefit users, providing them with a
more flexible and efficient SUSE Manager.

Native AppStream support

AppStreams in Red Hat Enterprise Linux (RHEL) are repositories that provide
curated software packages, solving the problem of discovering and installing
applications, libraries, and development tools efficiently on RHEL systems
while simplifying the required list of RPM repositories.

However, SUSE Manager has been supporting RHEL 8 and RHEL 9 by removing modular
data from the AppStream. This process involved flattening the repository by
removing the modular data, essentially reverting it to a traditional repository
format.

With SUSE Manager 5.0, we will be removing this limitation so SUSE Manager can
natively support AppStreams. This enhancement will significantly improve the
user experience, enabling users to manage systems consistently both from SUSE
Manager and directly from the clients using DNF.

Confidential Computing Attestation

Confidential Computing is becoming increasingly crucial in our industry. While
there is significant ongoing work in the industry and within SUSE on this
topic, SUSE Manager will play a role in aiding confidential computing
attestation. We will adopt a phased approach, starting with a small-scale
implementation and gradually expanding. Initially, our offering will be
exclusively on AMD-based hardware, aligning with available tools.

Enhanced CVE Audit

SUSE Manager's CVE audit feature scans systems and images for known security
vulnerabilities (CVEs), providing administrators with visibility and enabling
prioritization and mitigation based on severity. Previously, it relied on
channel metadata to determine system vulnerability, leading to limitations in
distinguishing between unaffected systems and those lacking needed patches.

To expand this, we are enhancing the approach by integrating OVAL data provided
by the upstream. This helps us avoid false positives and allows for system
scanning without the need to synchronize channels. Channel information will
continue to be for patch application and remediation.

Expanded operating system support

With the release of SUSE Manager 5.0, the platform now supports next-generation
SL Micro 6.0, SLE 15 SP6 family, and Liberty 7 LTSS, allowing for centralized
management of Enterprise Linux distributions irrespective of their location.

SUSE Manager now boasts management capabilities for various distributions, such
as SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for SAP
Applications, SUSE Linux Enterprise Server Micro, Red Hat Enterprise Linux,
openSUSE, SUSE Liberty Linux, Oracle Linux, CentOS, AlmaLinux, Rocky Linux,
Ubuntu, Debian, and Amazon Linux.

Health Check Tool

SUSE Manager 5.0 will introduce a standalone Health Check tool. This tool
provides a detailed dashboard, metrics, and logs from a SUSE server, showcasing
its current health status. Users can efficiently evaluate the health of their
running instance and identify any potential errors for effective
troubleshooting.

Installation

Requirements

SUSE Manager 5.0 will not be a base product. Instead, it will be an extension
for SUSE Linux Enterprise Micro 5.5, provided through the SUSE Customer Center.
This extension will include all the necessary tools to install and manage SUSE
Manager. It is compatible with SUSE Enterprise Linux Micro 5.5 and supports
x86_64, s390x, IBM POWER (ppc64le) and now also ARM64 (AArch64) architectures.

SUSE Manager Server, Proxy, and Retail Branch Server will be delivered in
containers, accessible from the SUSE Registry.

Only the containerized versions of SUSE Manager Server, Proxy and Retail Branch
Server will be available for SUSE Manager 5.0.

No separate subscription is required for SUSE Linux Enterprise Micro.
Additionally, VM images are provided for simplified setup, featuring preloaded
configurations for easy customization.

Currently, the PostgreSQL database is locally deployed within the same
container environment as the Server. In an upcoming version of SUSE Manager, we
are considering adding support for remote PostgreSQL databases.

Note An external database is currently unsupported, despite the option
     appearing under the mgradm tool's help section.

For more details on system requirements, see the Installation Guide on https://
documentation.suse.com/suma/5.0/.

          SUSE Linux Enterprise Micro 5.5 has been chosen as the supported host
          OS for SUSE Manager 5.0 and will remain so throughout SUSE Manager
Important 5.0 lifecycle. Please do not upgrade the host OS where SUSE Manager
          5.0 is running to a newer version unless explicitly instructed
          otherwise.

          In SUSE Manager 5.0, Netavark is the only supported network
Important management tool for containerized environments. If it does not meet
          your requirements and you prefer an alternative, please contact our
          support team for evaluation.

Upgrade from previous version of SUSE Manager Server

Please be aware that an in-place upgrade from SUSE Manager Server 4.3 is not
supported. However, SUSE Manager 5.0 comes equipped with the necessary tools to
streamline the migration process. This involves running both versions in
parallel and transferring data from the existing 4.3 Server to the new 5.0
Server though.

          After successfully running the `mgradm migrate command for migration,
          the Salt setup on all minions will still point to the old server. To
Important redirect them to the new server (destination server), it is required
          to rename the new server at the infrastructure level (DHCP and DNS)
          to use the same Fully Qualified Domain Name and IP address as old
          server (source server).

Once the migration is complete, all connected clients will seamlessly continue
to run without any changes.

For detailed instructions on upgrading, please refer to the Upgrade Guide
available at https://documentation.suse.com/suma/5.0/.

Virtual Machine images for SUSE Manager Server 5.0

SUSE Manager 5.0 will come with virtual machine images tailored for KVM and
VMware. These images will support x86_64, s390x, IBM POWER (ppc64le), and now
also ARM64 (AArch64) architectures.

These virtual machine images provide pre-configured environments that can be
quickly deployed in KVM and VMware environments, saving time and effort in
setting up virtual machines from scratch.

Using these images is the recommended and supported method for deploying new
instances of SUSE Manager Server on these platforms.

For detailed instructions, see the Deploy as a Virtual Machine section in the
official documentation.

          On transactional systems like SLE Micro, the system is automatically
          updated and restarted nightly by the reboot manager. Although we have
          disabled this feature in the VM images we provide, it remains enabled
          by default if SUSE Manager is installed using the SLE Micro ISO. We
          highly recommend disabling this on the system running SUSE Manager.
Important Users can do so by:

          systemctl --now disable transactional-update.timer

          For more information on this https://documentation.suse.com/sle-micro
          /5.5/html/SLE-Micro-all/sec-transactional-udate.html#
          sec-automatic-updates

Major changes since SUSE Manager Server 5.0 GA

Features and changes

Version 5.0.2

Ubuntu 24.04 support as client

SUSE Manager 5.0 now supports managing Ubuntu 24.04 (amd64) clients as both
Salt and Salt SSH minions. All features previously available for managing older
Ubuntu versions are also functional for Ubuntu 24.04. For more details about
the supported features, check the Client Configuration Guide.

Check the Client Configuration Guide for information about how to manage Ubuntu
24.04 clients with SUSE Manager 5.0.

Note: SCAP profiles for Ubuntu 24.04 are not yet available in the
scap-security-guide package. Users will need to source and provide the
necessary SCAP content from an alternative location to use SUSE Manager SCAP
auditing features for Ubuntu 24.04.

Product migration from RHEL and Clones to SUSE Liberty Linux

Previously, we added the 'liberate' Salt formula for simplifying the process
for users to migrate from CentOS and RHEL instances to SUSE Liberty Linux. With
this latest release, we are enhancing this migration process even further. Now,
users can easily migrate systems already onboarded in SUSE Manager by
leveraging our enhanced product migration feature, previously limited to SUSE
products. This should significantly improve the user experience and make system
migrations to SUSE Liberty Linux smoother.

POS image templates now produce compressed images

Base POS image templates were updated and POS images built from base templates
are now compressed by default.

Date format for API endpoints

All API endpoints now return dates in the ISO-8601 format, simplifying the
process of chaining API calls where the expected date format is ISO-8601.
Please note that this change might require adjustments to your existing scripts
to ensure compatibility with the updated date format.

CVE fixes

This update includes critical CVE fixes. We highly recommend upgrading your
SUSE Manager instances as soon as possible to ensure they remain secure.

  * CVE-2024-47533 - Cobbler: Authentication Exploit

  * CVE-2024-22037 - SUSE Manager: Database password leaked by systemd
    uyuni-server-attestation service

  * CVE-2024-49502 - Validate proxy hostname format and escape proxy username
    to mitigate XSS vulnerabilities

  * CVE-2024-49503 - Escape organization credentials username to mitigate XSS
    vulnerability

Version 5.0.1

SUSE Manager Server cloud images

With this update, we are excited to announce the availability of Pay-as-you-go
(PAYG) and Bring-your-own-subscription (BYOS) images on Amazon Cloud and
Microsoft Azure. These new options complement our existing on-premises
deployment model, giving you more flexibility in how you use SUSE Manager.

The PAYG model allows you to pay only for what you use, eliminating complex
billing structures and offering a straightforward way to manage your cloud
infrastructure.

For more detailed information, please refer to the PAYG and BYOS section under
Public cloud guide in the SUSE Manager 5.0 documentation.

Configure AppStreams via Activation Keys

With the 5.0 release, we removed the restriction on flattening AppStream
repositories. This improvement allows users to manage their clients both from
SUSE Manager and directly on the client using DNF if needed.

We had also introduced a new Web UI page under System > Software > AppStreams,
where users can enable or disable modules and their streams on the client.

This enhancement now extends to Activation Keys as well. You can configure an
activation key with the desired AppStreams modules, and when a client will be
onboarded using that Activation Key, the correct AppStream modules will be
automatically enabled on that client.

Additionally, this update also introduces addAppStreams and removeAppStreams
methods to the ActivationKey namespace, allowing users to configure activation
keys and achieve the same through the API.

Migration: Prepare command

SUSE Manager 5.0 comes with the migrate command to facilitate the upgrade from
4.3 to 5.0. However, for large deployments with a substantial number of
packages and a large database, the migration process can be complex and
time-consuming.

To address this, we've added a --prepare option to the mgradm migrate command.
This option uses rsync to pre-copy content, significantly reducing the time
required for the actual migration. Additionally, the source server doesn't need
to be stopped during this pre-copy phase. Since it uses rsync, this command can
be run multiple times without any issues.

During the final migration, services on the source server are stopped, and the
migration command is executed to rsync everything once more and perform the
necessary transformations.

Transactional-update.timer Disabled

On transactional systems, such as SLE Micro, the transactional-update.timer
service will be automatically disabled during onboarding. This prevents
unexpected updates and reboots, giving users full control over system
management through SUSE Manager.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 5.0.2

cobbler:

  * Increase start timeout for cobblerd unit (bsc#1219450)

  * CVE-2024-47533: cobbler: Authentication Exploit (bsc#1231332)

patterns-suse-manager:

  * Remove not needed filters from patterns-suse-manager-rpmlintrc

      + no-binary

      + devel-package-with-non-devel-group

      + conflicts-with-provides

      + description-shorter-than-summary

      + useless-provides

  * Remove duplicated monitoring packages from patterns-suma_server

  * Spec file cleanup

      + Use macros instead of hardcoded paths

      + Sort package metadata according to spec-cleaner

  * Remove unneeded yast2-migration

  * Add supportutils-plugin-salt to both Server and Proxy patterns

python-susemanager-retail:

  * Update to version 1.0.1722253762.9f01ce8

      + Fix delta creation on containerized server (bsc#1226369)

saltboot-formula:

  * Update to version 0.1.1723628891.ffb1da5

      + Rework request stop function to avoid unnecessary warnings (bsc#1212985
        )

spacecmd:

  * Version 5.0.10-0

      + Speed up softwarechannel_removepackages (bsc#1227606)

      + Fix error in 'kickstart_delete' when using wildcards (bsc#1227578)

      + Spacecmd bootstrap now works with specified port (bsc#1229437)

      + Fix sls backup creation as directory with spacecmd (bsc#1230745)

spacewalk-backend:

  * Version 5.0.10-0

      + Ignore 'buildorder' parsing errors when parsing entries in module
        metadata (bsc#1230274)

      + Provide http_headers also to Debian repository syncer

      + Make spacewalk-data-fsck aware of orphaned RPMs (bsc#1227882)

      + reposync: import GPG keys to RPM DB individually (bsc#1217003)

      + Add log string to the journal when services are stopped because of
        insufficient disk space

spacewalk-certs-tools:

  * Version 5.0.8-0

      + Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#
        1229079)

spacewalk-java:

  * Version 5.0.14.0

      + limit frontend-log message size (bsc#1231900)

  * Version 5.0.13-0

      + Fix stretched button issue in Audit Search and Subscription Matching
        pages

      + Fix date input in 'errata.setDetails' endpoint in the HTTP API

      + Fix layout mismatch in patches management

      + Fix column alignment on repository and system pages

      + Integrate UI debugging stories

      + Require correct SCAP packages for Ubuntu and Debian (bsc#1227746)

      + Add detection of Ubuntu 24.04

      + Remove session timeout from webapp, in order to use the persisting one
        in /etc/tomcat/web.xml

      + Allow changing base channel to SUSE Liberty Linux LTSS when the system
        is on SUSE Liberty Linux (bsc#1228326)

      + Implement product migration from RHEL and Clones to SUSE Liberty Linux

      + Remove system also from Proxy SSH known_hosts (bsc#1228345)

      + Remove restrictions for Debian repositories in public cloud

      + Fix NullPointerException when generating subscription matcher input (
        bsc#1228638)

      + Open bootstrap script directory URL in a new page (bsc#1225603)

      + Delay package list refresh when Salt was updated (bsc#1217978)

      + Add SLE-Micro 5 to the list of systems which support monitoring (bsc#
        1227334)

      + Add all SLE-Micro systems to the list of systems which get PTF
        repositories

      + Use custom select instead of errata view for better performance (bsc#
        1225619)

      + Fix the date format output when using the HTTP API to use ISO8601
        format (bsc#1227543)

      + Change localhost PAYG header to match SUSE Manager product

      + ErrataManager.truncateErrata now tries to clean orphan erratas at the
        end (erratas with no channel)

      + Improve score comparison in system search to fix ISE (bsc#1228412)

spacewalk-proxy:

  * Version 5.0.4-0

      + Set proxy authtoken FQDN based on config file (bsc#1230255)

      + Allow execute of ssh-keygen command on the Proxy to cleanup SSH
        known_hosts (bsc#1228345)

spacewalk-setup:

  * Version 5.0.6-0

      + Collect spacewalk-setup-cobbler return code (bsc#1226847)

spacewalk-utils:

  * Version 5.0.5-0

      + Add repositories for Ubuntu 24.04 LTS

      + Drop unsupported tool spacewalk-final-archive as it is broken and may
        disclose sensitive information (bsc#1228945)

      + Move taskotop tool to spacewalk-utils package

spacewalk-web:

  * Version 5.0.14-0

      + CVE-2024-49502: Validate proxy hostname format and escape proxy
        username to mitigate XSS vulnerabilities (bsc#1231852)

      + CVE-2024-49503: Escape organization credentials username to mitigate
        XSS vulnerability (bsc#1231922)

  * Version 5.0.13-0

      + Fix Find Targets button behavior for the feature Salt > Remote Commands
        page

      + Fix the missing background color for the pending status badge and show/
        hide the response badge component.

      + Fix stretched button issue in Audit Search and Subscription Matching
        pages

      + Fix alert layout in formula catalog

      + Fix sticky header infinite scroll

      + Fix layout mismatch in patches management

      + Fix column alignment on repository and system pages

      + Integrate UI debugging stories

      + Fix Extra Packages column in systems list (bsc#1228980)

      + Update the WebUI version

susemanager:

  * Version 5.0.10-0

      + Enable bootstrapping for Ubuntu 24.04 LTS

      + Add missing package python3-ply to bootstrap repo definition (bsc#
        1228130)

      + Use different exit codes for different failures in mgr-setup (bsc#
        1230139)

      + Remove yast2 dependency from installation

susemanager-docs_en:

  * Documented Ubuntu 24.04 LTS as a supported client OS in Client
    Configuration Guide

  * Documented setting krb5_keytab in Administration Guide (bsc#1229077)

  * Added VMware image deployment documentation for Server in the Installation
    and Upgrade Guide (bsc#1227852 and bsc#1228351)

  * Documented migrating clients such as AlmaLinux, CentOS, Oracle Linux, and
    Rocky Linux to SUSE Liberty Linux and SUSE Liberty Linux 7 to SUSE Liberty
    Linux 7 LTSS

  * Added documentation about orphaned packages in Client Configuration Guide (
    bsc#1227882)

  * Clarified meaning of the Default contact method in Client

  * Added prerequisite for server migration in Installation and Upgrade Guide (
    bsc#1229902)

  * Updated outdated links in Retail Guide

  * Added troubleshooting section about full disk with containers in
    Administration Guide and notes to persistent storage setup in Installation
    and Upgrade Guide

  * Added volume SSSD to the list of etc persistent volumes to

  * Documented Cobbler kernel options in Client Configuration Guide

  * In network ports section, added port 443 for clients and removed Cobbler
    only used internally (bsc#1217338)

  * Added installer-updates.suse.com to the list of URLs in Installation and
    Upgrade Guide (bsc#1229178)

  * Improved documentation around non-compliant packages (also known as extra
    packages) in Reference Guide

  * Restructured documentation of Systems menu and system details tab in
    Reference Guide

  * Enhanced instructions about the permissions for the IAM role in Public
    Cloud Guide

  * Removed Verify Packages section from Package Management chapter in Client
    Configuration Guide

  * Documented activating AppStreams automatically with an activation key in
    Client Configuration Guide

susemanager-schema:

  * Version 5.0.12-0

      + During schema upgrade, avoid insert problem when Extern - Oracle Linux
        9 is not present (bsc#1230021)

      + Remove superfluous joins from errata view

susemanager-sls:

  * Version 5.0.11-0

      + Implement product migration from RHEL and Clones to SUSE Liberty Linux

susemanager-sync-data:

  * Version 5.0.8-0

      + add SUSE Linux Enterprise 15 SP5 LTSS channel families

      + add MicroOS PPC channel family

      + set Ubuntu 22.04 to released

  * Version 5.0.7-0

      + Add Ubuntu 24.04 support

      + Add channel family for SLES 12 SP5 LTSS Extended Security

uyuni-common-libs:

  * Version 5.0.5-0

      + Enforce directory permissions at repo-sync when creating directories (
        bsc#1229260)

uyuni-tools:

  * Version 0.1.24-0

      + CVE-2024-22037: Use podman secret to store the database credentials (
        bsc#1231497)

      + Redact JSESSIONID and pxt-session-cookie values from logs and console
        output (bsc#1231568)

  * Version 0.1.23-0

      + Ensure namespace is defined in all kubernetes commands

      + Use SCC credentials to authenticate against registry.suse.com for
        kubernetes (bsc#1231157)

      + Fix namespace usage on mgrctl cp command

  * Version 0.1.22-0

      + Set projectId also for test packages/images

      + mgradm migration should not pull Confidential Computing and Hub image
        is replicas == 0 (bsc#1229432, bsc#1230136)

      + Do not allow SUSE Manager downgrade

      + Prevent completion issue when /var/log/uyuni-tools.log is missing

      + Fix proxy shared volume flag

      + During migration, exclude mgr-sync configuration file (bsc#1228685)

      + Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and
        postgresql.conf files (bsc#1231206)

      + During migration, handle empty autoinstallation path (bsc#1230285)

      + During migration, handle symlinks (bsc#1230288)

      + During migration, trust the remote sender's file list (bsc#1228424)

      + Use SCC flags during podman pull

      + Restore SELinux permission after migration (bsc#1229501)

      + Share volumes between containers (bsc#1223142)

      + Save supportconfig in current directory (bsc#1226759)

      + Fix error code handling on reinstallation (bsc#1230139)

      + Fix creating first user and organization

      + Add missing variable quotes for install vars (bsc#1229108)

      + Add API login and logout calls to allow persistent login

uyuni-storage-setup:

  * Version 5.0.3-0

      + Do not create partition on extra storage disk

  * Version 5.0.2-0

      + Do not build debuginfo package

server-attestation-image:

  * Version 5.0.6

      + Update for next release

server-hub-xmlrpc-api-image:

  * Version 5.0.8

      + Update for next release

server-image:

  * Version 5.0.9

      + Add HANA and cluster formulas to Server image (bsc#1230536)

      + Use /etc/krb5.conf.d for all kerberos related configurations (bsc#
        1229077)

      + Do not install outdated package "spacewalk-utils-extras" on Server
        image (bsc#1228945)

      + Fix package name search when syncing volumes data (bsc#1229923)

server-migration-14-16-image:

  * Version 5.0.9

      + Update for next release

Version 5.0.1

rhnlib:

  * Version 5.0.4-0

      + Add the old TLS code for very old traditional clients still on python
        2.7 (bsc#1228198)

spacewalk-admin:

  * Version 5.0.8-0

      + Remove mgr-check-payg service

spacewalk-backend:

  * Version 5.0.9-0

      + Support more NEVRA types when importing module metadata

      + yum_src: use proper name variable name for subprocess.TimeoutExpired

      + Check and populate PTF attributes at the time of importing packages (
        bsc#1225619)

      + reposync: introduce timeout when syncing DEB channels (bsc#1225960)

      + Refresh channel newest packages after importing Appstreams metadata

spacewalk-certs-tools:

  * Version 5.0.7-0

      + Support multiple certificates for root-ca-file and server-cert-file

spacewalk-client-tools:

  * Version 5.0.7-0

      + Update translation strings

spacewalk-config:

  * Version 5.0.4-0

      + Trust the Content-Length header from ajp (bsc#1226439)

spacewalk-java:

  * Version 5.0.12-0

      + Update setup wizard UI

      + Report a server/report id mismatch when calling
        getCoCoAttestationResultDetails

      + Prevent the API for confidential computing to work on systems without
        OS support

      + Ensure getCoCoAttestationConfig works when a configuration is not
        present

      + Prevent error while serializing an attestation report without an
        attested date

      + Add missing support for field attest on boot in the
        getCoCoAttestationConfig and setCoCoAttestationConfig API

      + Require byte-buddy and byte-buddy-dep using maven dependencies

      + Fix NullPointerException when context has no timezone set

      + Enhance optional type adapter to parse legacy JSON data from DB

      + Update last sync refresh timestamp only when at least one time products
        were synced before

      + Prevent error when listing history events without completion time (bsc#
        1146701)

      + Autoinstallation: prevent "duplicate IP address" issues cause by
        container networks (bsc#1226461)

      + Check the correct Salt package before product migration (bsc#1224209)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Add API calls getNotifications, makeNotificationRead,
        makeAllNotificationsRead, deleteNotification to UserNotificationHandler

      + Configure AppStreams via Activation Keys

      + Fix package profile update on CentOS 7 when yum-utils is not installed
        (bsc#1227133)

      + Fix layout of advanced package search page

      + Add info URL for Cobbler to clean the system profile (bsc#1219645)

      + Fix the URL to download the autoinstallation file (bsc#1226313)

      + Fix input alignment and style issues on schedule creation page

      + Add entry to apidoc faqs about methods listed more than ones (bsc#
        1217248)

      + Remove unused MinionActionChainCleanup job

      + Allow free products and SUSE Manager Proxy being managed by SUSE
        Manager Server PAYG

      + Fix a race condition during PAYG setup by re-detecting compliance when
        the instance report BYOS but payg_compliance.json is available

      + Show SUSE Manager Proxy for different architectures when using SUSE
        Manager Server PAYG

      + Do not explicitly trigger Cobbler sync when adding a system via SUMA
        API (bsc#1219450)

      + Improve SQL queries and performance to check for PTF packages (bsc#
        1225619)

      + Fix false positive SSH key generation error (bsc#1226491)

      + Change syncAll call at start-up to be asynchronous (bsc#1224004)

      + Fix transactional update check for SL Micro (bsc#1227406)

      + Fix Appstream queries to avoid duplicates in packages lists

spacewalk-web:

  * Version 5.0.12-0

      + Update the WebUI version

  * Version 5.0.11-0

      + Fix btn-info style in new theme

      + Fix missing margin in CVE audit list on cve page

      + Fix broken layout of system formulas configuration page

      + Fix table filters for description, first character dropdown and toggle
        button.

      + Fix channel selection using SSM (bsc#1226917)

      + Fix broken layout in monitoring page

      + Fix missing margin between inline radio buttons

      + Fix OpenSCAP search page layout

      + Remove Bare metal systems tab from General Configuration page

      + Update setup wizard UI

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix space between radio button and label in forms

      + Fix layout of SSM subpages in updated theme

      + Fix broken layout of build image page

      + Fix layout of advanced package search page

      + Fix badege color in salt key table

      + Fix hidden section issue in Monitoring and General Configuration pages

      + Fix double padding in recurring actions table

      + Fix missing top border in table footer

      + Fix broken layout of system highstate page

      + Fix input alignment and style issues on schedule creation page

      + Fix datetime selection when using maintenance windows (bsc#1228036)

      + Configure AppStreams via Activation Keys

susemanager:

  * Version 5.0.9-0

      + Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
        updates for Hub scenario (bsc#1211899)

      + Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data

susemanager-build-keys:

  * Vesion 15.5.1

      + extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339)

          o gpg-pubkey-39db7c82-66c5d91a.asc

susemanager-schema:

  * Version 5.0.11-0

      + Remove unused MinionActionChainCleanup job

      + Execute the cobbler-sync-default task once per 5 minutes by default (
        bsc#1219450)

      + Introduce new attributes to detect PTF packages (bsc#1225619)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix queries related to Appstreams to avoid inconsistencies when listing
        packages

susemanager-sync-data:

  * Version 5.0.6-0

      + Fix CentOS 7 repo URLs (bsc#1227526)

susemanager-sls:

  * Version 5.0.10-0

      + Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)

      + Start using DEB822 format for repository sources beginning with Ubuntu
        24.04

      + Disable transactional-update.timer on SUSE Linux Enterprise Micro at
        bootstrap

      + sumautil: properly detect bridge interfaces (bsc#1226461)

      + Fix typo on directories to cleanup when deleting a system (bsc#1228101)

      + Granslate GPG URL if URL has server name and client behind proxy (bsc#
        1223988)

      + Fix yum-utils package missing on CentOS7 minions (bsc#1227133)

      + Remove reboot from uptodate state, introduce reboot and rebootifneeded
        states

      + Fix package profile update on CentOS 7 when yum-utils is not installed
        (bsc#1227133)

spacecmd:

  * Version 5.0.9-0

      + Update translation strings

uyuni-payg-timer:

  * Version 5.0.2-0

      + Adapt packages to check for modifications

  * Version 5.0.1-0

      + Do not check for billing-data-service outside of the container

      + Fix accessing 'has_metering_access' on BYOS systems (bsc#1226483)

      + Implement a timer to collect PAYG data of the Uyuni host and copy them
        in the container

uyuni-storage-setup:

  * Version 5.0.1-0

      + Provide uyuni-storage-setup-server

uyuni-tools:

  * Version 0.1.21-0

      + mgrpxy: Fix typo on Systemd template

  * Version 0.1.20-0

      + Update the push tag to 5.0.1

      + mgrpxy: expose port on IPv6 network (bsc#1227951)

  * Version 0.1.19-0

      + Skip updating Tomcat remote debug if conf file is not present

  * Version 0.1.18-0

      + Setup Confidential Computing container during migration (bsc#1227588)

      + Add the /etc/uyuni/uyuni-tools.yaml path to the config help

      + Split systemd config files to not loose configuration at upgrade (bsc#
        1227718)

      + Use the same logic for image computation in mgradm and mgrpxy (bsc#
        1228026)

      + Allow building with different Helm and container default registry paths
        (bsc#1226191)

      + Fix recursion in mgradm upgrade podman list --help

      + Setup hub xmlrpc API service in migration to Podman (bsc#1227588)

      + Setup disabled hub xmlrpc API service in all cases (bsc#1227584)

      + Clean the inspection code to make it faster

      + Properly detect IPv6 enabled on Podman network (bsc#1224349)

      + Fix the log file path generation

      + Write scripts output to uyuni-tools.log file

      + Add uyuni-hubxml-rpc to the list of values in mgradm scale --help

      + Use path in mgradm support sql file input (bsc#1227505)

      + On Ubuntu build with go1.21 instead of go1.20

      + Enforce Cobbler setup (bsc#1226847)

      + Expose port on IPv6 network (bsc#1227951)

      + show output of podman image search --list-tags command

      + Implement mgrpxy support config command

      + During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/
        tomcat.conf (bsc#1228183)

      + During migration, remove java.annotation,com.sun.xml.bind and
        UseConcMarkSweepGC settings

      + Disable node exporter port for Kubernetes

      + Fix start, stop and restart in Kubernetes

      + Increase start timeout in Kubernetes

      + Fix traefik query

      + Fix password entry usability (bsc#1226437)

      + Add --prepare option to migrate command

      + Fix random error during installation of CA certificate (bsc#1227245)

      + Clarify and fix distro name guessing when not provided (bsc#1226284)

      + Replace not working Fatal error by plain error return (bsc#1220136)

      + Allow server installation with preexisting storage volumes

      + Do not report error when purging mounted volume (bsc#1225349)

      + Preserve PAGER settings from the host for interactive sql usage (bsc#
        1226914)

      + Add mgrpxy command to clear the Squid cache

      + Use local images for Confidential Computing and Hub containers (bsc#
        1227586)

uyuni-java-parent:

  * Version 5.0.5-0

      + Update for next release

uyuni-java-common:

  * Version 5.0.5-0

      + Update for next release

coco-attestation:

  * Version 5.0.5-0

      + Ensure the report and the nonce are not empty before attempting to
        validate

      + Mark Secure Boot as succeeded only if the correct message is present

init-image:

  * Version 5.0.8

      + Update for next release

server-attestation-image:

  * Version 5.0.5

      + Correctly handle podman stop command

server-helm:

  * Version 5.0.7

      + Update for next release

server-hub-xmlrpc-api-image:

  * Version 5.0.7

      + Update for next release

server-image:

  * Version 5.0.8

      + Update for next release

server-migration-14-16-image:

  * Version 5.0.8

      + Update for next release

Major changes since SUSE Manager Server 4.3

Base system changed

SUSE Manager 4.3 was built on SUSE Linux Enterprise 15 SP4. SUSE Manager 5.0,
moves to SUSE Linux Enterprise Micro 5.5 as the container host system. This
change was made because SLE Micro is designed for container workloads and has a
longer lifecycle. The SLE Micro subscription for the Server will be included in
the SUSE Manager subscription, eliminating the need for customers to purchase
the underlying OS subscription separately.

The supported container host is SLE Micro 5.5, while the image itself will be
based on bci-init image, which is then based on SLES 15 SP6.

Salt 3006.0

SUSE Manager 5.0, continues to use Salt 3006.0. It is considered by upstream to
be a long-term support (LTS) version. Our plan is to upgrade to the next LTS
version, which will be 3008.0 when available. Short-term support (STS) versions
of salt are not supported for use with SUSE Manager.

Throughout this process, all critical bug fixes, including CVEs, L3 fixes, and
essential features needed for SUSE Manager, will be provided.

     The Python version for the Salt bundle has been upgraded from 3.10 to
Note 3.11. This upgrade aligns with the Python version available in SLE and
     also offers better performance.

PostgreSQL 16

The database engine has been updated from PostgreSQL 14 to PostgreSQL 16, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

Upgrade to Java 17

In SUSE Manager 5.0, we're upgrading to the next LTS version of Java, which is
Java 17. This update brings several new features, security enhancements,
including support for new TLS versions and improved certificate validation.

For more information on this topic, see https://www.oracle.com/java/
technologies/javase/17-relnote-issues.html

New products enabled

SUSE Manager 5.0 supports an even wider range of operating systems as clients.
The following additional OS releases will be supported in SUSE Manager 5.0.

  * SUSE Linux Enterprise Server 15 SP6 Family

  * SUSE Linux Micro 6.0

  * openSUSE Leap 15.6

For more information about the registration process, refer Registration section
, and for more information about supported features, consult Supported Features
.

Native support for AppStream repositories

Following the integration of modularity and modular repositories in Red Hat
Enterprise Linux and its derivatives, SUSE Manager initially implemented
modularity through Content Lifecycle Management (CLM) and the introduction of
AppStream filters. These filters effectively removed the modularity features
from a repository by flattening it, enabling consumption through the SUSE
Manager UI and API. However, this approach introduced complexity and limited
functionality, prompting the need for a more comprehensive solution.

With this milestone, we have eliminated the restriction on flattening the
AppStream repositories. This enhancement allows users to manage their clients,
both from SUSE Manager and directly from the client using DNF if necessary.

Additionally, a new UI page has been introduced under System > Software >
AppStreams. This page enables users to select the modules and their respective
streams they wish to enable/disable on the client.

SUSE Manager 5.0 also introduces two new API namespaces: channel.appstreams and
system.appstreams. These namespaces provide different endpoints that can be
used to retrieve more information about available module streams, and enable or
disable them on a specific system using API.

For further details about these endpoints, please refer to the SUSE Manager API
Documentation.

Confidential Computing Attestation

SUSE Manager will be assisting in supporting Confidential Computing
Attestation, specifically for AMD SEV-SNP clients. This functionality is
compatible with hardware featuring either an AMD EPYC Milan CPU or an AMD EPYC
Genoa CPU. Additionally, there is a Secure Boot module that handles the Secure
Boot check in the context of Confidential Computing Attestation. For the Secure
Boot module, offline RPMs for aarch64, ppc64le, and s390x will be made
available with the next MU 5.0.1, while the RPM for x86_64 is already
available.

SUSE Manager offers both a user-friendly UI and API to simplify the utilization
of this feature for users.

For more information, please refer to the Confidential Computing

New update-salt recurring state

SUSE Manager 5.0 also comes with new state to update Salt in recurring states.
Additionally, we enhance the detection of needed reboots and the update-to-date
state.

These improvements have led to the update of a common workflow for keeping the
system up to date with SUSE Manager.

For more information, please refer to Clients Update Using Recurring Actions
workflow in the official documentation.

System getRelevantErrata API endpoint

A new API endpoint, System.getRelevantErrata , has been introduced. This
endpoint accepts a list of systems and returns all errata relevant to those
systems.

For further details about these endpoint, please refer to the SUSE Manager API
Documentation

Monitoring

Node exporter upgraded to 1.7.0

golang-github-prometheus-node_exporter has been updated from version 1.5.0 to
1.7.0

The update includes also several bug fixes and features but no breaking
changes.

Please note that supervisord and ntp collectors have been deprecated in version
1.6.0 and they will be removed in future versions.

Check the upstream changelogs for more details:

  * https://github.com/prometheus/node_exporter/releases/tag/v1.6.0

  * https://github.com/prometheus/node_exporter/releases/tag/v1.6.1

  * https://github.com/prometheus/node_exporter/releases/tag/v1.7.0

Grafana upgraded to 9.5.18

Grafana has been updated from version 9.5.16 to 9.5.18, signifying a minor
update that addresses several bugs.

This update also fixes the following security vulnerability:

  * CVE-2024-1313 - bsc#1222155

For detailed information about the fixes and features, you can refer to the
following links:

  * Grafana Release v9.5.17

  * Grafana Release v9.5.18

Changed behaviour of repo-sync

Repositories are now kept strictly in sync with the upstream repository. For
example, when a package is removed from the upstream repo, it is also removed
from the channel directly connected to that repo. Cloned channels will remain
unchanged unless the admin syncs them with the original parent channel.

Users can disable this behavior for custom channels; however, it cannot be
changed for vendor channels.

Removed features

Traditional Stack removed

Starting with the SUSE Manager 4.3 release, the traditional client stack was
marked as deprecated. Now, with the release of SUSE Manager 5.0, we are
completely removing support for the traditional (Spacewalk client) stack.

For additional details on migrating traditional clients to Salt clients, please
refer to Migrate traditional clients to Salt clients.

          In SUSE Manager 5.0, the same set of client tools as in SUSE Manager
          4.3 is utilized to deliver the necessary packages for the clients.
          However, it is essential to recognize that while certain traditional
          stack-related packages are still supported in 4.3, they are no longer
Important supported in 5.0. Therefore, although users may still observe some of
          these packages, and zypper may list them as L3 supported sources,
          they are only supported within the context of SUSE Manager 4.3. Any
          packages related to the traditional stack are not supported in SUSE
          Manager 5.0.

Bare metal discovery/provisioning

This feature was implemented using the traditional stack and will be dropped
with SUSE Manager 5.0.

Visualization pages

Visualization pages have been removed from SUSE Manager 5.0.

Deprecated features

Virtualization

Starting from the SUSE Manager 5.0 release, the libvirt management feature will
be deprecated and subsequently removed in future versions. If you still rely on
VM management functionalities, we highly recommend considering alternatives
like Harvester.

ISSv1

Starting from the SUSE Manager 5.0 release, ISSv1 will be deprecated and
eventually removed in future versions. We strongly advise transitioning to
ISSv2 or newer synchronization solutions. If you encounter any gaps or issues
during this transition, please contact us.

Upgrade

Upgrading with SUSE Manager Proxy

Although SUSE Manager Server 5.0 works with SUSE Manager Proxy 4.3 and SUSE
Manager Retail Branch Server 4.3, we highly recommend upgrading your Proxy and
Retail Branch Server when feasible. The product is designed for optimal
performance when used in a scenario where all components ? SUSE Manager Server,
SUSE Manager Proxy, and Retail Branch Server ? are of the same version. It's
generally advised to avoid using mixed versions long-term in production
environments.

When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE
Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail
Branch Servers are in use, see the Upgrade Guide on https://
documentation.suse.com/suma/5.0/.

Important Only the containerized versions of SUSE Manager Proxy and Retail
          Branch Server will be available for SUSE Manager 5.0.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Unsupported products

  * SUSE Linux Enterprise Server Expanded Support 6

  * SUSE Linux Enterprise Server 11

  * Red Hat Enterprise Linux 6

  * Oracle Linux 6

  * CentOS 6

  * CentOS 8

  * CentOS Stream

  * Ubuntu 16.04

  * Ubuntu 18.04

  * Debian 9

  * Debian 10

We encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis.

Deprecated products

The support policy of SUSE Manager clients can be summarized as: "if the
operating system is under general support by its vendor, then SUSE Manager
supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be
considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output
of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig or mgradm support, the output will contain
information about your clients as well as about the Server. In particular,
debug data for the subscription matching feature contains a list of registered
clients, their installed products, and some minimal hardware information (such
as the CPU socket count). It also contains a copy of the subscription data
available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory
in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE
booting, are only supported in the context of SUSE Manager. Stand-alone usage
(e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products
past their end-of-life date. For more information about product support, see
Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to
assisting you to bring production systems to a supported state. This could be
either by migrating to a supported service pack or by upgrading to a supported
product version.

Support for SUSE Liberty Linux

SUSE Manager supports SUSE Liberty Linux 7, 8 and 9. SUSE Liberty Linux clients
are sometimes also called SUSE Linux Enterprise Server with Expanded Support
(SLESES) or simply RES.

SUSE has offered LTSS support for SUSE Liberty Linux 7, and SUSE Manager will
continue to support it throughout the LTSS phase.

For a detailed list of supported features, check the Client Configuration Guide
.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports RHEL/Oracle Linux 8 and 9.

SUSE Manager has the ability to mirror all entitled content for the supported
operating systems. Although SUSE Manager doesn't assign content for specific
systems using subscription-manager, it does rely on it initially to retrieve
the list of repositories that are available. By utilizing the same EUS channels
that Red Hat provides, customers can limit content to individual dot releases.

CentOS Stream is explicitly not supported by SUSE.

Note: Direct sync'ing ULN repos with SUSE Manager are not currently supported.
An Oracle Local Distribution for ULN must be used. To set up a local ULN
mirror, please consult the Oracle documentation provided at the following link

Support for Rocky Linux & AlmaLinux

SUSE Manager supports Rocky Linux 8/9 and AlmaLinux 8/9.

For a detailed list of supported features for AlmaLinux, check the Client
Configuration Guide. For a detailed list of supported features for Rocky Linux,
check the Client Configuration Guide.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 20.04 LTS, 22.04 and 24.04 LTS clients using Salt.

Support for Ubuntu is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 12 "bookworm" & Debian 11 "bullseye" clients using
Salt.

Support for Debian is limited to a growing list of specific features. For a
detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers
the same functionality that is supported for the x86_64 architecture. Client
tools are not available yet from SCC but the CentOS 7 client tools from Uyuni
can be enabled using spacewalk-common-channels. There's no CentOS 8 support.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is
limited to problem determination, which means technical support designed to
provide compatibility information, usage support, on-going maintenance,
information gathering, and basic troubleshooting using available documentation.
At the time of writing, any problems or bugs specific to RHEL and CentOS on
ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional
support or features for these operating systems.

SCAP Security Guide support

SUSE provides scap-security-guide package for different OpenSCAP profiles. In
the current version of scap-security-guide, SUSE supports the following
profiles:

  * DISA STIG profile for SUSE Linux Enterprise Server 12 and 15

  * PCI-DSS profile for SUSE Linux Enterprise Server 12 and 15

  * HIPAA profile for SUSE Linux Enterprise Server 12 and 15

Other profiles, like the CIS profile, are community supplied and not officially
supported by SUSE.

For Non-SUSE OSs, please note that the included profiles are community supplied
and not officially supported by SUSE.

Browser support

To effectively manage your SUSE Manager environment via the Web UI, it's
essential to use an up-to-date web browser. SUSE Manager is compatible with:

  * The latest Firefox browser provided with SUSE Linux Enterprise Server

  * The latest Chrome browser across all operating systems

  * The latest Edge browser provided with Windows

Please note that Windows Internet Explorer is not supported. The SUSE Manager
Web UI may not render correctly when accessed through Windows Internet
Explorer.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The only supported methods for installing SUSE Manager is by utilizing images
provided by SUSE, or the tools provided in the SUSE Manager 5.0 Extension, on
top of SUSE Linux Enterprise Micro 5.5.

Known issues

Important: Migration from 4.3 to 5.0 Issue

This note is specifically for users who have already migrated from SUSE Manager
4.3 to 5.0.

During the migration, a step was overlooked, which caused an issue that has now
been addressed in this maintenance update. However, if you have made any
changes to the following files post-migration:

  * /var/lib/pgsql/data/pg_hba.conf

  * /var/lib/pgsql/data/postgresql.conf

These changes will be overwritten after this update. Please double-check these
files and reapply any modifications if needed.

Salt - IPv6 Connection refusal after migrating to SUSE Manager 5.0

In an IPv6-enabled environment, migrating from a 4.3 server to a new 5.0 server
might result in Salt connections to ports 4505 and 4506 on the new server being
refused.

Workaround: Inside the container, make sure /etc/salt/master has the following
configuration:

# The address of the interface to bind to:
#interface: 0.0.0.0
interface: '::'

# Whether the master should listen for IPv6 connections. If this is set to True,
# the interface option must be adjusted, too. (For example: "interface: '::'")
#ipv6: False
ipv6: True

Monitoring for SUSE Linux Micro 6.0

Monitoring is currently unavailable on SUSE Linux Micro 6.0 clients. We are
working on it and expect it to be resolved with upcoming maintenance updates.

Migration from SLE Micro 5.5 to SUSE Linux Micro 6.0

Currently, there are some issues with migrating from SLE Micro 5.5 to SUSE
Linux Micro 6.0. Before a migration, users need to manually import the ALP key
for SUSE Linux Micro 6.0 into SLE Micro 5.5 and additionally sync the SUSE
Linux Extras 6.0 module too. This is a known bug, and once fixed, these manual
steps will no longer be necessary.

Migration from SLES 15 SP3 to SLES 15 SP4 issue

In some cases, the action for product migration from SLES 15 SP3 minion to SLES
15 SP4 fails with the error message Unable to parse migration result, even
though the actual migration was successful.

We are investigating this issue. For now, if the migration was successful, you
can ignore this message.

Retail: Local boot issue of SLE12 SP5 based images

If, after PXE booting and rebooting, the SLES 12 SP5 terminal gets stuck at the
"GRUB" message, users need to use the latest profile available in the SUSE/
manager-build-profiles repository.

Transactional systems - Salt SSH execution

The Salt SSH execution utilized during the onboarding process may face
inconsistencies if a Salt Minion or the Salt Bundle is already present on the
Minion, which could potentially result in onboarding failure.

Workaround: If the salt-minion or venv-salt-minion packages are already
installed, remove them, and then proceed to onboard the SUSE Linux Enterprise
Micro or openSUSE Leap Micro system.

mgrpush tool

The mgrpush tool will be functional only from the client side. Although it
remains on the Server for the time being, it will no longer function and will
eventually be removed.

mgr-bootstrap tool removed from the Proxy

The mgr-bootstrap tool has been taken out from the Proxy and will be removed
from the Server as well in future. Overall, several tools on both the Server
and Proxy will be phased out in favor of the API or integrated into mgrpxy/
mgradm.

If users wish to create a bootstrap script to register against the Proxy, they
can do so using the following command from the Server container:

mgr-boostrap --hostname $proxyfqdn

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE
products:

  * Check the newest SUSE Manager 5.0 release notes

  * Read the SUSE Blog

  * Use the SUSE Best Practices for SUSE Manager

  * Join the upstream Uyuni community and monthly community meetings

  * Join the channels users and devel at Gitter to chat with upstream
    community.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE
Customer Service or Sales representatives

Resources

Latest product documentation: https://documentation.suse.com/suma/5.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/
suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/source-code/ for additional information on the
source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Frankenstra?e 146
D-90461 N?rnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Please refer to the SUSE Legal
information page for more information on exporting SUSE software. SUSE assumes
no responsibility for your failure to obtain any necessary export approvals.

Copyright ? 2012-2024 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Team.

Last updated 2024-10-29 13:36:10 +0400
