Release notes for SUSE Manager 3.2 Server

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

Also, for up to three years from SUSE’s distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

July 2019: 3.2.9 release
June 25th 2019: 3.2.8 release
April 24th, 2019: 3.2.7 release
March 12th, 2019: 3.2.6 release
February 13th, 2019: 3.2.5 release
December 7th, 2018: 3.2.4 release
October 29th, 2018: 3.2.3 release
September 26th, 2018: 3.2.2 release
September 4th, 2018: 3.2.1 release
June 25th, 2018: 3.2.0 release

About SUSE Manager

SUSE Manager is a best-in-class open source infrastructure management solution for your software-defined infrastructure. Designed to help your enterprise DevOps and IT Operations teams to reduce complexity and regain control of IT and IoT assets, increase efficiency while meeting security policies and optimize operations with automation to reduce costs.

SUSE Manager helps your enterprise DevOps and IT operations teams to:

Optimize operations while reducing costs with automated Linux server and IoT device provisioning, patching and configuration for faster, consistent and repeatable server deployments.

Easily manage and optimize usage of your SUSE subscriptions helping you to ensure you aren’t buying subscriptions you don’t need
Improve onboarding efficiency of new HW with automated discovery (via PXE boot)
Optimize operations by enabling IT to quickly build container images based on their SUSE Manager repositories
Increase operational efficiency and support CI/CD, with a single tool (using Salt) for automated deployment of hardened OS templates (bare metal, VMs or containers) to tens of thousands of servers and IoT devices for faster, consistent & repeatable provisioning and configuration without compromising speed or security
Reduce costs with automated patch management enabling you to deploy patches based on software channel assigned to ensure systems are kept up to date

Reduce complexity and regain control of IT assets with a single tool to manage Linux systems across a variety of hardware architectures, hypervisors as well as container, IoT and cloud platforms

Reduce complexity with a single tool that lets you easily onboard and manage any Linux server connected to the network, from edge devices to your Kubernetes environment, no matter where it is located – in your data center, a 3rd party data center or in the cloud
Improve visibility of your infrastructure – with improved graphical visualization of your IT systems status and their relationships. Once an asset has been on-boarded, you’ll never “lose” it. So, if it goes offline or stops responding you will know. Quickly view your Linux assets and identify assets that need attention.
Simplify management and regain control of your IT assets with graphical visualization of your IT systems and their relationships as well as the capability to organize Linux servers into logical groupings – group them, tag them with additional details (location in the DC, Rack, etc)
- Locate and store HW specifics for the servers and IoT devices enabling grouping/tagging by HW characteristics (vendor tags, CPU architecture, RAM)

Ensure compliance with internal security policies and external regulations with automated monitoring, tracking, auditing and reporting of your systems/devices, VMs and containers across your development, test and production environments.

Comprehensive monitoring solution, that enables operations to monitor your Linux environments from the HW through the OS layer up to their applications
Detailed compliance auditing and reporting with the ability to track all HW and SW changes made to your managed Linux infrastructure
Easily track system compliance with automated patch management ensures daily notifications of systems not compliant with the current patch level
Faster non-compliant remediation with the ability to quickly identify systems deployed in hybrid cloud and container infrastructures that are out of compliance to hardened profiles/templates based on your own internal security policies

About SUSE Manager 3.2

SUSE Manager 3.2, the latest release of SUSE’s best-in-class open source infrastructure management software, comes with new enhancements focused on lowering costs, improving DevOps efficiency and easily managing large complex deployments across IoT, cloud and container infrastructures. As a key component of a software-defined infrastructure, SUSE Manager 3.2 provides three key benefits:

Lower costs and simplify deployment while easily scaling larger environments for Public Cloud infrastructures and Kubernetes deployments.
Improve DevOps efficiency and meet compliance requirements with a single tool to manage and maintain everything from your IoT edge devices to your containerized workloads.
Easily manage large complex deployments with new extended forms-based UI capabilities

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Check the SUSE Manager Wiki
Read the SUSE Blog

Installation

Requirements

SUSE Manager 3.2 Server is an extension for SLES 12 SP3 and SP4 for x86-64, Power Systems (ppc64le), or z Systems (s390x).

Please always start with the latest available service pack.

In the following, 'SP4' stands for "latest available".

Being an 'extension' means that installation is done in two steps

base operating system (SLES 12 SP4)
SUSE Manager 3.2 Server extension

This addresses the need of enterprise deployments to standardize on the base operating system as well as specific storage setups.

It is strongly recommended to use SUSE Manager with the embedded database. PostgreSQL is only supported as a local (embedded) database.

Registration code

The SUSE Manager 3.2 Server registration code, matching your hardware architecture, can be used to register the SLES 12 SP4 base system as well.

Installing the SUSE Manager 3.2 Server extension on SLES 12 SP4

You’ll need a physical or virtual SLES 12 SP4 x86_64, ppc64le, or s390x system to install SUSE Manager 3.2 Server.

When you install and register SLES 12 SP4, SUSE Manager 3.2 Server will show up in the list of available extensions.

You’ll need a valid SUSE Manager 3.2 Server registration code to access this extension.

Update from previous versions of SUSE Manager Server

You can update from SUSE Manager 3.1 Server to SUSE Manager 3.2 Server.

Updates from older versions than 3.1 are not supported.

SUSE Manager 3.1 Server must be on the latest patch level (3.1.9 as of this writing), based on SLES 12 SP4, and have PostgreSQL 9.6 running.

If your SUSE Manager 3.1 Server lacks any of these requisites, please refer to the SUSE Manager 3.1 Server release notes and documentation for further advise.

See the best practices manual for detailed instructions on how to upgrade.

All connected clients will continue to run and are manageable unchanged.

Update SUSE Manager Server in an Inter-Server-Sync (ISS) environment

To update a SUSE Manager Server from a previous version in an Inter-Server-Sync environment always update the master first. Running a new slave version against an older master version is not supported.

This applies to both major version updates and for maintenance updates.

Migrating from RHN Satellite

Is conditionally supported with SUSE Manager 3.2 Server.

If you have the need to migrate from RHN Satellite to SUSE Manager 3.2 Server, please get in contact with a SUSE sales engineer or a SUSE consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager, when deployed on appropriate hardware as described in the getting started guide, will scale to a 4-digit number of clients.

Scaling beyond that number needs special consideration as described in the advanced topic guide

One size never fits all. Getting advise from a SUSE partner, sales engineer, or consultant is recommended to adapt SUSE Manager to your environment.

Channels with large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Redhat Enterprise Linux, come with an enormous number of packages.

If you have channels with a large number of packages added to SUSE Manager, taskomatic might run out of memory.

In this case it’s recommended to increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding

taskomatic.java.maxmemory=4096

to this file.

A restart of taskomatic is needed after this change.

The number 4096 gives 4 GB of memory to taskomatic (up from the default 2GB) and should be raised even higher if taskomatic still runs out of memory.

Keep in mind this will affect to the total memory required by SUSE Manager Server.

Major changes since SUSE Manager Server 3.2 GA

Features and changes

Version 3.2.9

Bugfix release.

Version 3.2.8

Salt 2019.2.0 Update

Salt has been upgraded to the final 2019.2.0 release.

For changes in your manually created Salt states, please see the Salt 2019.2 upstream release notes.

Update of traditional Client Tools and Package renames

The traditional Client Tools were updated to Uyuni version 4.0. This come along with some package renames.

Table 1. Package renames
Old Name	New Name
osad	mgr-osad
python2-osa-common	python2-mgr-osa-common
python2-osad	python2-mgr-osad
python3-osa-common	python3-mgr-osa-common
python3-osad	python3-mgr-osad
python2-rhncfg-actions	python2-mgr-cfg-actions
python2-rhncfg-client	python2-mgr-cfg-client
python2-rhncfg-management	python2-mgr-cfg-management
python2-rhncfg	python2-mgr-cfg
python3-rhncfg-actions	python3-mgr-cfg-actions
python3-rhncfg-client	python3-mgr-cfg-client
python3-rhncfg-management	python3-mgr-cfg-management
python3-rhncfg	python3-mgr-cfg
python2-rhn-virtualization-common	python2-mgr-virtualization-common
python2-rhn-virtualization-host	python2-mgr-virtualization-host
python3-rhn-virtualization-common	python3-mgr-virtualization-common
python3-rhn-virtualization-host	python3-mgr-virtualization-host
python2-rhnpush	python2-mgr-push
python3-rhnpush	python3-mgr-push
rhn-custom-info	mgr-custom-info
rhn-virtualization-common	mgr-virtualization-common
rhn-virtualization-host	mgr-virtualization-host
rhncfg	mgr-cfg
rhncfg-actions	mgr-cfg-actions
rhncfg-client	mgr-cfg-client
rhncfg-management	mgr-cfg-management
rhnpush	mgr-push
spacewalksd	mgr-daemon

Please update your bootstrap scripts, bootstrap repositories and activation keys if any of the packages are part of them.

Availability of monitoring packages: Prometheus, Grafana and various metrics exporters

For the new Monitoring Feature added in SUSE Manager 4.0 we added packages to provide Prometheus Monitoring for SLE12 and SLE15 in the Client Tools channel.

Prometheus is a monitoring tool, originally built at SoundCloud, that is used to record real-time metrics in a time-series database. Prometheus collects metrics via an HTTP pull model, and it is highly scalable. For more information, see: https://prometheus.io/docs/introduction/overview/

Together with Prometheus, we ship AlertManager, which manages Prometheus alerts, including silencing, inhibition, aggregation and sending out notifications via email and other methods. For more information, see: https://prometheus.io/docs/alerting/alertmanager/

Grafana is a tool for data visualization, monitoring and analysis. It is used to create dashboards with panels representing specific metrics over a set time-frame. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL and Influx DB. For more information, see: https://grafana.com/docs/

Prometheus, AlertManager and Grafana are provided in the following packages:

golang-github-prometheus-prometheus
golang-github-prometheus-alertmanager
grafana

Exporters

Exporters are libraries which help in exporting existing metrics from third-party systems as Prometheus metrics. Exporters are useful whenever it is not feasible to instrument a given application or system with Prometheus metrics directly. Multiple exporters can run on a monitored host to export local metrics.

Exporters we are providing as packages:

golang-github-prometheus-node_exporter - Hardware and operating system metrics
golang-github-boynux-squid_exporter - Squid Proxy metrics
golang-github-lusitaniae-apache_exporter - Apache HTTP server metrics
golang-github-wrouesnel-postgres_exporter - PostgreSQL database metrics

You need a Monitoring Subscription together with SUSE Manager 4.0 to get support for these packages.

Salt Rate Limiting (Batching)

Any action scheduled on multiple Salt minions has now an upper limit on the number of systems that will process it simultaneously. This is referred to as batch size in Salt jargon, and defaults to 100 minions.

Please check the documentation for performance considerations in large installations (more than 1000 minions).

Product Information Loaded from SCC

In the past information about product channels were shipped via maintenance updates. Now these information will be downloaded from SUSE Customer Center (SCC) like the other product and repository information.

In case of using the fromdir configuration with SMT or RMT, please check if they support already downloading this file. You can get the file with the following command:

curl -O https://scc.suse.com/suma/product_tree.json

Version 3.2.7

Support for Ubuntu Clients

Management of Ubuntu clients is now supported. We provide a repository with salt packages and some dependencies via update.suse.com.

Check the official documentation about Managing Ubuntu Clients to know how to setup the required channels in SUSE Manager.

The following new features were added since 3.2.6:

Support Ubuntu products and Debian architectures in mgr-sync
Support creating bootstrap repositories for Ubuntu 18.04 and 16.04
Add support for Ubuntu in the bootstrap script
Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled
Trust SUSE GPG key for client tools channels on Ubuntu systems

Access to SUSE Manager Client Tools for Red Hat without Expanded Support Subscription

A new product tree was added to give access to SUSE Manager Tools Channel for Red Hat without having an Expanded Support Subscription. To access it, a SUSE Manager Server subscription is sufficient.

Package download endpoint override

It is now possible to set a custom protocol, host and path for minions to download packages at installation time. This will override the default setting of the SUSE Manager Server or SUSE Manager Proxy used at registration time.

For more information please consult the Getting Started Guide.

New products added

SUSE Manager Tools for Ubuntu
SUSE Manager Tools for Red Hat
CaaSP 4 Toolchain

Version 3.2.6

Technical preview Ubuntu Support

First steps to support management of Ubuntu clients were added to this release (Salt minion based only).

Ubuntu salt packages for testing are available via the following URLs:

Salt for Ubuntu 18.04

Salt for Ubuntu 16.04

Salt packages in official product channels will be provided at a later point in time.

The following feature should already work:

Bootstrapping and performing initial state runs such as setting repositories and performing profile updates
Assigning .deb channels to minions
Information displayed in System details pages
Package install, update, and remove
Package install using Package States
Configuration and state channels

However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python.

Setting up Channels

In the SUSE Manager WebUI, navigate to Software > Manage Software Channels > Manage Repositories and click "Create Repository".
In the Create Repository dialog, use these values to create a new repository:
- In the Repository URL field, type the URL that contains the appropriate binary files, for example http://ubuntumirror.example.com/ubuntu/dists/bionic/main/binary-amd64/.
- In the Repository Type field, select deb.
Click "Create Repository" to create the repository.
Navigate to Software > Manage Software Channels > Overview and click "Create Channel".
In the Create Software Channel dialog, create the channel as required for your environment. Ensure that in the Architecture field, you select AMD64 Debian.
Click "Create Channel" to create the software channel.
Navigate to Software > Manage Software Channels > Overview and select your new channel from the channel list.
In the Repositories tab, click the Add/Remove tab, and select your new repository from the repository list.
Click the "Update Repositories" button
In the Repositories tab, click the Sync tab, and click the "Sync Now" button to synchronize the repository. A regular schedule can be configured on this page as well.

Change behavior on token refresh

Channel authentication tokens are valid by default for about 1 year. The renew of tokens happens automatically some time before they expire but they are not deployed automatically to the clients.

As the renew happens mostly without noticing by the administrator that behavior has changed to autodeploy renewed tokens to the clients automatically.

This old behavior can be preserved by setting

token_refresh_auto_deploy = false

in /etc/rhn/rhn.conf and restarting the services.

In case of a token renew without autodeployment enabled a log message will inform the administrator about it.

New option to force regeneration of channel metadata

A new option --force was added to spacecmd softwarechannel_regenerateyumcache to force a regeneration of the metadata files.

Retail terminal deployment is now by default done using ftp protocol

Due to performance limitations of previously used tftp protocol, retail terminal deployment now uses ftp protocol by default. This impacts only newly build OS images.

To move already built image to use ftp protocol, edit associated image pillar to use ftp:

images:
    $image_name:
        $image_version:
            url: ftp://ftp/$image_path

Old behavior can be preserved by editing newly built image pillar to use tftp protocol:

images:
    $image_name:
        $image_version:
            url: tftp://tftp/$image_path

New products supported

SLES11 SP4 LTSS

Version 3.2.5

Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is now supported.

Also building SLES 12 SP4 Retail Images is supported.

Updated backend for communicating with SCC

This update contains a new backend to communicate with the SUSE Customer Center (SCC). This requires to run a mgr-sync refresh at the end of the update procedure.

The whole update procedure:

$> spacewalk-service stop
$> zypper patch
$> spacewalk-schema-upgrade
$> spacewalk-service start
$> mgr-sync refresh

In case of Inter Server Sync (ISS) the master needs to be updated first, then the slave.

This change show products like they are setup in the SUSE Customer Center. As a consequence of this some older products show no architecture anymore and mirror all available architectures when such a product is selected for mirroring.

With this change also some invalid product combinations were removed. Please check /var/log/rhn/rhn_web_ui.log for error messages. Invalid channels can be removed using spacewalk-remove-channel command.

XMLRPC API changes

Due to the changes in the backend for communicating with SCC corresponding XMLRPC API has changed:

Deprecated calls:

synchronizeChannels()
synchronizeProductChannels()

New call:

synchronizeRepositories()

For a refresh the XMLRPC API should be called in the following order:

synchronizeChannelFamilies
synchronizeProducts
synchronizeRepositories
synchronizeSubscriptions

New products added

SLES 15 SP1 product family

Version 3.2.4

Support for PostgreSQL 10

A new version of the PostgreSQL database is available in SLES 12 SP3 and SP4 and can be used for SUSE Manager 3.2 Server.

New installations of SUSE Manager 3.2 Server based on SLES 12 SP4 will automatically pick up this version.

PostgreSQL 10 needs a new version of smdba to initiate backups. This version is part of the SUSE Manager 3.2.4 patch.

Migrating from PostgreSQL 9.6 to PostgreSQL 10

You should have an up-to-date database backup before attempting the migration.

Recommendation: Migrate from PostgreSQL 9.6 to 10 first, then SLES 12 SP3 to SLES 12 SP4.

Existing installations of SUSE Manager 3.2 Server will need to run

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh

to migrate from PostgreSQL 9.6 to PostgreSQL 10

Your SUSE Manager Server installation will not be accessible during the migration.

Note The migration will create a copy of the database under /var/lib/pgsql and thus needs sufficient disk space to hold two copies (9.6 and 10) of the database.

Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage.

If your system is scarce on disk space you can do an fast, in-place migration by running

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh fast

The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup.

This wiki page contains additional information about the database migration.

Migration to SLES 12 SP4

SUSE Manager 3.2 is now based on SLES 12 SP4. You can switch as soon as SLES 12 SP4 is available.

If you already have a SUSE Manager 3.2 Server or Proxy deployed, you can now initiate a service pack migration as outlined in the SLES documentation

Recommendation: Migrate from PostgreSQL 9.6 to 10 first, then SLES 12 SP3 to SLES 12 SP4.

If you deploy a SUSE Manager 3.2 Server or Proxy anew, please start with SLES 12 SP4 as the base operating system.

spacecmd: Support state channels

spacecmd, the command line access to the SUSE Manager API, has been adapted to support state channels (aka Salt Minion config channels) with the following changes

system_scheduleapplyconfigchannels
- new call to schedule application of the assigned config channels to the system (minion only)
configchannel_updateinitsls
- new call to update the init.sls file
configchannel_create
- adapted call, now has a -t option to specify the channel type (normal or state)
configchannel_import
- adapted call, honors channel type

Please use the help functionality of spacecmd for detailed option descriptions for each mentioned call.

Migration of SLEPOS configuration to SUSE Manager for Retail

This update provides the import of exported configuration of branch servers and terminals from SUSE Linux Enterprise Point of Service (SLEPOS) 11 or the SLEPOS components of SUSE Manager for Retail 3.1.

Importing this information allows customers to migrate their environment based on SLEPOS components to SUSE Manager 3.2.

This feature is a tech-preview and will be enhanced in future releases of SUSE Manager 3.2.

The migration guide is available at https://www.suse.com/documentation/suse-manager-for-retail-3-2

Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is not yet possible with SUSE Manager 3.2.4.

This deficiency will be removed with the next SUSE Manager update in early 2019.

New products added

SLES 12 SP4 product family
SUSE OpenStack Cloud 9

Version 3.2.3

Enablement for Retail scenarios

This update provides enablement for SUSE Manager in Retail (formerly: SLEPOS) scenarios.

New and updated formulas

branch-network-formula
pxe-formula
image-sync-formula
saltboot-formula
dhcpd-formula
bind-formula
vsftpd-formula
tftpd-formula

terminal deployment using saltboot event-based boot process

Ability to deploy and boot PXE/saltboot based OS images.

Templates for OS images are published in https://github.com/SUSE/manager-build-profiles/tree/master/OSImage repository.

commandline tools and Python API for mass configuration

retail_branch_init for branch server configuration
retail_yaml for mass configuration from YAML source files

Version 3.2.2

Prevent sudoers corruption

This update includes a fix to prevent a corrupted /etc/sudoers.d/spacewalk file (see bsc#1099517).

Any custom modifications to this file will be saved in /root/sudoers-spacewalk.save.

This should not happen as users should NOT modify /etc/sudoers.d/spacewalk

changed XMLRPC API calls

The following renames were done to ensure API consistency

populateSystemFormulaData to setSystemFormulaData
populateGroupFormulaData to setGroupFormulaData

The API calls

getSystemFormulaData
getGroupFormulaData

have changed parameters for the same reason.

OS Image building with Kiwi

The Kiwi build feature of SUSE Manager was extended to build installable Linux OS images and virtual machines.

Configuration channel label restriction

The dot (.) character is now forbidden in configuration channel labels, as it does not work with salt clients.

Dot (.) characters in existing configuration channels need to be manually replaced by another character, like underline (_)

Check for Dynamic CA-Trust Updates while bootstrapping on RES

When bootstrapping an ES6.x system the SUSE Manager CA certificate will be imported by the client.

When dynamic CA-Trust Updates are disabled ( as per default ), the registration and bootstrapping of the client will fail, giving a lot of output and making it difficult to find the real cause.

This update adds a short check at the start of the bootstrap script to advise the sysadmin to enable ca trust updates.

Set DNS name in createSystemRecord

The system.createSystemRecord() call now sets a dnsname in the generated cobbler configuration.

New products added

CaaSP 3.0 (deployment only)
Product class for Live Patching on PPC

Version 3.2.1

Repository metadata signing

It is now possible to optionally sign repository metadata in SUSE Manager.

While not strictly needed (packages are signed and all traffic is secure), it adds another layer of trust to the package distribution.

Please see 'Signing Repository Metadata' in the securiy chapter of the advanced topics guide for full details.

Test mode for highstate UI

In the Highstate UI we have added a toggle-button next to the "Apply Highstate" button to enable Salt test mode.

If enabled, salt apply.highstate is executed with test=True.

It cannot be guaranteed that this does not change anything due to bugs in Salt modules. That’s why it’s not called "dry-run".

In case you encounter a badly written Salt module not fully honoring test mode, please open a support request.

Ordered and formated output of state apply results

The event history of a state apply is now similar to the output salt produces on the command line.

The result is ordered in the execution order and failed states are marked red.

In test mode, red marked states are states which would change something.

Ignore inactive containers in Kubernetes clusters

Non-running containers are now ignored when querying a kubernetes cluster.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 3.2.9

release-notes-susemanager

Fix invalid characters in ncurses mode (bsc#1102770)

spacewalk-backend

Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)

spacewalk-web

Change WebUI string version to 3.2.9

Version 3.2.8

cobbler

Removes string replace for textmode fix (bsc#1134195)

py26-compat-salt

Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs
Fix usermod options for SLE11 (bsc#1117017)
Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061)
Do not include "ordereddict" and "singledispatch" on the thin for Python 2.6 systems.
Fix paths for py26-compat dependencies on SLE15 and newer
Port optimization_order config parameter (bsc#1131423)
Use special tornado and msgpack-python compat packages on sles15sp1 and greater in py26-compat-salt.conf (bsc#1131423)
Add missing py26 thin dependencies
Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079)

salt-netapi-client

Version 0.16.0 see https://github.com/SUSE/salt-netapi-client/releases/tag/v0.16.0

spacewalk-backend

Use new names in code for client tool packages which were renamed (bsc#1134876)
Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)
Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424)

spacewalk-certs-tools

Add new packages names to instructions for adding remote configuration support for traditional clients
Print error message instead of stacktrace for client_config_update.py

spacewalk-config

Fix config declaration for rhn.conf (bsc#1132197)

spacewalk-java

Remove the 'Returning' clause from the query as oracle doesn’t support it (bsc#1135166)
Use new names in code for client tool packages which were renamed (bsc#1134876)
Handle the different retcodes that are being returned when salt module is not available (bsc#1131704)
Do not implicitly set parent channel when cloning (bsc#1130492)
Prevent Actions that were actually completed to be displayed as "in progress" forever (bsc#1131780)
Enable batching mode for salt synchronous calls
Show minion id in System Details GUI and API
Do not report Provisioning installed product to subscription matcher (bsc#1128838)
Fix product package conflicts with SLES for SAP systems (bsc#1130551)
Add support for Salt batch execution mode
Fix NPE on remote commands when no targets match (bsc#1123375)
Fix apidoc return order on mergePackages
Take into account only synced products when scheduling SP migration from the API (bsc#1131929)

spacewalk-web

Change WebUI string version to 3.2.8

susemanager

Make swap files readable only by root (bsc#1131954, CVE-2019-3684)
Do not show false errors when configuring swapfile during setup
Create bootstrap repo for new Red Hat channels (bsc#1133587)

susemanager-docs_en

Managing Systems Completely via SSH now fully supported (bsc#1131867).

susemanager-schema

Copy 3.1 schema migrations to 3.2 to be able to migrate from an older schema version to 3.2
Add support for Salt batch execution mode

susemanager-sls

Add support for Salt batch execution mode

susemanager-sync-data

Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)
Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)

salt

Fix async-batch to fire a single done event
Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784)
Include aliases in FQDNS grain (bsc#1121439)
Fix issue preventing syndic to start
Update to 2019.2.0 release (fate#327138, bsc#1133523) See https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html
Update year on spec copyright notice
Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs
Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061)
Incorporate virt.volume_info fixes (PR#131)
Fix for -t parameter in mount module
No longer limiting Python3 version to <3.7
Add virt.volume_infos and virt.volume_delete functions
Bugfix: properly refresh pillars (bsc#1125015)
Removes version from python3 requirement completely
Adds missing version update to %setup
Add virt.all_capabilities to return all host and domain capabilities at once
Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token.
Fix setup to use the right version tag
Add "id_" and "force" to the whitelist of API check
Add metadata to accepted keyword arguments (bsc#1122680)
Add salt-support script to package
Early feature: Salt support-config (salt-support)
More fixes on the spec file
Fix spaces and indentation
Use Adler32 algorithm to compute string checksums (bsc#1102819)
Update spec file patch ordering after MSI patch removal
Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079)
Fix batch/batch-async related issues

Version 3.2.7

apache-commons-lang3

Run fdupes on javadoc
Specify java target and source level 1.6 to make package compatible with JDK >= 1.8

cobbler

Fixes case where distribution detection returns None (bsc#1130658)
SUSE texmode fix (bsc#1109316)

drools

Update Drools to 7.17.0
Release Notes: https://issues.jboss.org/secure/ReleaseNote.jspa
Fixes for SLE 15 compatibility

guava

Updated from 13.0.1 to 27.0.1
Changes between 13.0.1 and 23.0:
Changes between 23.0 and 27.0.1: see https://github.com/google/guava/releases

jade4j

Conditional java/java-devel requires based on os version
Update dependency version for commons-lang3 to 3.4
Fix building javadoc

kie-api

Update KIE to 7.17.0
Release notes: https://issues.jboss.org/secure/ReleaseNote.jspa

optaplanner

Update Optaplanner to 7.17.0

py26-compat-salt

Fix minion arguments assign via sysctl (bsc#1124290)

smdba

Make 'smdba space-overview' postgresql version agnostic (bsc#1129956)
Fix version mismatch

spacecmd

Fix system_delete with SSM (bsc#1125744)

spacewalk-admin

Fix encoding bug in salt event processing (bsc#1129851)

spacewalk-backend

Fix linking of packages in reposync (bsc#1131677)
Fix: handle non-standard filenames for comps.xml (bsc#1120242)
Mgr-sign-metadata can optionally clear-sign metadata files

spacewalk-branding

Introduce a description label for the new 'minion-checkin' Taskomatic job (bsc#1122837)

spacewalk-certs-tools

Add support for Ubuntu to bootstrap script
Clean up downloaded gpg keys after bootstrap (bsc#1126075)

spacewalk-java

Fix retrieval of build time for .deb repositories (bsc#1131721)
Allow access to susemanager tools channels without res subscription (bsc#1127542)
Add support for SLES 15 live patches in CVE audit
Add a Taskomatic job to perform minion check-in regularly, drop use of Salt’s Mine (bsc#1122837)
Fix errata_details to return details correctly (bsc#1128228)
Support ubuntu products and debian architectures in mgr-sync
Adapt check for available repositories to debian style repositories
Add support for custom username when bootstrapping with Salt-SSH
Read and update running kernel release value at each startup of minion (bsc#1122381)
Add error message on sync refresh when there are no scc credentials
Fix apidoc issues
Fix deleting server when minion_formulas.json is empty (bsc#1122230)
Minion-action-cleanup Taskomatic task: do not clean actions younger than one hour
Schedule full package refresh only once per action chain if needed (bsc#1126518)
Check and schedule package refresh in response to events independently of what originates them (bsc#1126099)
Add configuration option to limit the number of changelog entries added to the repository metadata (fate#325676)
Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled

spacewalk-web

Show undetected subscription-matching message object as a string anyway (bsc#1125600)
Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195)
Allow username input on bootstrap page when using Salt-SSH
Add cache buster for static files (js/css) to fix caching issues after upgrading.

subscription-matcher

Update dependencies (Drools, Optaplanner, Guava, Xstream)
Make the java and java-devel requirements variable
Relax the requirement condition on apache-commons-lang3

susemanager

Support creating bootstrap repos for Ubuntu 18.04 and 16.04.
Allow alternative names for bootstrap packages, to allow using old client tools after package renames
Feat: create Ubuntu empty repository
Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765)
Add bootstrap repo definition for SLE15 SP1

susemanager-docs_en

Update text and image files.
Enhance documentation on Ubuntu clients (bsc#1131991)
Fix bad link.
Update Manual Backup and smdba sections.
Troubleshooting Salt clients.
Fix package endpoint in salt pillar content.
Ubuntu Clients supported.
Change License to GFL 1.2, as it is the real license for the doc since 3.2.0

susemanager-schema

Add a Taskomatic job to perform minion check-in regularly, drop use of Salt’s Mine (bsc#1122837)
Fix performance regression in inter-server-sync (bsc#1128781)
Set minion-action-cleanup run frequency from hourly to daily at midnight

susemanager-sls

Update get_kernel_live_version module to support older Salt versions (bsc#1131490)
Update get_kernel_live_version module to support SLES 15 live patches
Do not configure Salt Mine in newly registered minions (bsc#1122837)
Fix Salt error related to remove_traditional_stack when bootstrapping an Ubuntu minion (bsc#1128724)
Automatically trust SUSE GPG key for client tools channels on Ubuntu systems
Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381)

susemanager-sync-data

Allow access to susemanager tools channels without res subscription (bsc#1127542)
Add Ubuntu product definitions
Adapt to SCC changes
Add CaaSP 4 Toolchain

xstream

Update xstream to 1.4.10
Major changes:
New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package).
Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework.
Improve performance by minimizing call stack of mapper chain.
XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
JavaBeanConverter does not respect ignored unknown elements.
Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x.
Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.
Feat: modify patch to be compatible with JDK 11 building
Fixes for SLE 15 compatibility

Version 3.2.6

cobbler

Fix for SUSE distribution detection in ISO building (bsc#1123991)

salt-netapi-client

Fix javadoc building for JDK11 and later
Make salt-netapi-client compatible with JDK 1.8 and JDK 11

spacecmd

Add '--force', '-f' option to regenerateYumCache (bsc#1127389)

spacewalk-backend

fix typo in syncing product extensions (bsc#1118492)
Make reposync use and append token correctly to the URL
Added 'mgr-sign-metadata-ctl' for repository metadata signing

spacewalk-branding

Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081)

spacewalk-config

Add rewrite rules for .deb repository metadata paths

spacewalk-java

Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492)
Change default image download protocol from tftp to ftp
Fix a problem when cloning public child channels with a private base channel (bsc#1124639)
Prevent crash of mgr-sync refresh when channel label could not be found (bsc#1125451)
Keep assigned channels on traditional to minion migration (bsc#1122836)
Add support for Ubuntu minions (fate#324534, fate#326848, fate#326811) as technical preview
Fix/enhance Debian/Ubuntu repository generation
Implement HTTP token authentication for Ubuntu clients
Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213)
Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856)
Add configurable option to auto deploy new tokens (bsc#1123019)
Show beta products if a beta subscription is available (bsc#1123189)
Merge unlimited virtualization lifecycle products with the single variant (bsc#1114059)
Improve performance for granting and revoking permissions to user for groups (bsc#1111810)
Fix for duplicate key violation when cloning erratas that have no packages associated (bsc#1111686)
Update spec file to no longer install tomcat context file in cache directory (bsc#1111308)

spacewalk-web

Fix initializing of the datetime picker (bsc#1126862)
Sort activation key list on create image profile page (bsc#1122770)
Sort channel lists on the product page of the setup wizard
Sort activation key list on bootstrap page (bsc#1122770)
Remove RH-specific warning message (bsc#1118100)

susemanager

Add python-setuptools package dependency to SLES12 bootstrap repo (bsc#1119964)
Add configurable option to auto deploy new tokens (bsc#1123019)
Fix broken shebang in postgresql migration scripts
Ensure POSTGRES_LANG is correctly set (bsc#1121787)

susemanager-docs_en

Update text and image files.
Clarification about syncing support (bsc#1124013).
Replace SCC screen shot.
Improve Salt configuration channel description.
Add "spacewalk-report" documentation (from 2.1).
Fix image build host version numbers.

susemanager-frontend-libs

Update jquery.timepicker to 1.11.14 (bsc#1119081)

susemanager-schema

Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492)
Removing invalid suse-openstack-cloud-6 and suse-packagehub-12-sp4 channel_labels (bsc#1125451)
Clean the susesccrepository table before modify it (bsc#1125456)
Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213)
Remove wrong channel_family labels (bsc#1123189)
Remove unused 'remove_servergroup_perm' stored procedure (bsc#1111810)

susemanager-sls

Fix mgr_events to use current ioloop (bsc#1126280)
Added option to read 'pkg_download_point_…' pillar values and use it in repo url
Add support for Ubuntu minions
Prevent the pkgset beacon from firing during onboarding (bsc#1122896)

susemanager-sync-data

Fix channel label for suse-openstack-cloud-6 and packagehub-12-sp4-* (bsc#1125451)
Add SLES11 SP4 LTSS channels (bsc#1123989)

Version 3.2.5

branch-network-formula

Netconfig update requires bind directory to exists for bind forward, ensure it (bsc#1116365)
Rework network update in branch-network formula (bsc#1116365)

py26-compat-salt

Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029)

python-susemanager-retail

Force one python version for SLE12 (python2) and SLE15 (python3)
Add disklabel: none to migrated RAID

saltboot-formula

Use FTP active mode for image download
Always deploy image when image is specified in partitioning pillar (bsc#1119807)
Call blockdev.formatted with force=True
Allow RAID images to be defined by saltboot formula
image information can be provided directly for disk
allow "none" disk label in formula and in that case hide partitioning information

smdba

Tuning: add cpu_tuple_cost (bsc#1105791)

spacecmd

Fix importing state channels using configchannel_import
Fix getting file info for latest revision (via configchannel_filedetails)
Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798)

spacewalk-admin

Use a Salt engine to process return results (bsc#1099988)

spacewalk-backend

Move channel update close to commit to avoid long lock (bsc#1121424)
Adapt Inter Server Sync code to new SCC sync backend
Fix issue raising exceptions 'with_traceback' on Python 2
Hide Python traceback and show only error message (bsc#1110427)
Honor renamed postgresql10 log directory for supportconfig

spacewalk-branding

Better label visualization when the input is disabled. (bsc#1110772)

spacewalk-client-tools

Fix XML-RPC type serialization (bsc#1116610)

spacewalk-java

Avoid a NullPointerException error in Taskomatic (bsc#1119271)
Reset channel assignments when base channel changes on registration (bsc#1118917)
Allow bootstrapping minions with a pending minion key being present (bsc#1119727)
Hide 'unknown virtual host manager' when virtual host manager of all hosts is known (bsc#1119320)
Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910)
Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies (bsc#1089121)
Read OEM Orderitems from DB instead of create always new items (bsc#1098826)
Fix mgr-sync refresh when subscription was removed (bsc#1105720)
XMLRPC API: Include init.sls in channel file list (bsc#1111191)
Fix the config channels assignment via SSM (bsc#1117759)
Install product packages during bootstrapping minions (bsc#1104680)
Fix cloning channels when managing the same errata for both vendor and private orgs (bsc#1111686)
Introduce Loggerhead-module.js to store logs from the frontend
Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978)
Hide already applied errata and channel entries from the output list in audit.listSystemsByPatchStatus (bsc#1111963)
Prevent failing KickstartCommand when customPosition is null (bsc#1112121)
Automatically schedule an Action to refresh minion repos after deletion of an assigned channel (bsc#1115029)
Performance improvements in channel management functionalities (bsc#1114877)
Handle with an error message if state file fails to render (bsc#1110757)
When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)
Add check for yast autoinstall profiles when setting kickstartTree (bsc#1114115)
Use a Salt engine to process return results (bsc#1099988)
Fix handling of CVEs including multiple patches in CVE audit (bsc#1111963)
fix synchronizing Expanded Support Channel with missing architecture (bsc#1122565)

spacewalk-setup

Use a Salt engine to process return results (bsc#1099988)

spacewalk-utils

Exit with an error if spacewalk-common-channels does not match any channel

spacewalk-web

Show feedback messages after using the retry option on the notification messages page
Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
Fix wording for taskotop (cosmetical only)(bsc#1118112)
When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)

subscription-matcher

Old style hard bundle merging fix (bsc#1114059)

susemanager

Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826)
Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly.
Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap repos for openSUSE and CentOS
Fetch packages from correct channel when creating a bootstrap repository
Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x (bsc#1116566)
Add python3-six to bootstrap repo for SLES15 (bsc#1118478)

susemanager-docs_en

Update text and image files.
Enhance forms documentation (more attributes).
Proxy: for example, migration from traditional to Salt not supported.
RAM requirements for host running kiwi OS images.
Notification properties.
Update scalability documentation.

susemanager-schema

Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies
Performance improvements in channel management functionalities (bsc#1114877)
Use a Salt engine to process return results (bsc#1099988)

susemanager-sls

Allow bootstrapping minions with a pending minion key being present (bsc#1119727)
Use a Salt engine to process return results (bsc#1099988)

susemanager-sync-data

Add sle-module-web-scripting for OES2018 (bsc#1119233)
Add new set of data for the new SCC sync backend
Enable SLE15 SP1 family (bsc#1114268)
Enable OES2018 SP1 (bsc#1116826)

tika-core

New upstream version (1.20). Fixes infinite loop in SQLite3Parser (CVE-2018-17197) (bsc#1121038)

Version 3.2.4

apache-mybatis

Install missing LICENSE.txt file (bsc#1114814)

cobbler

Fix service restart after logrotate for cobblerd (bsc#1113747)
Rotate cobbler logs at higher frequency to prevent disk fillup (bsc#1113747)

hadoop

Install missing LICENSE.txt file (bsc#1114814)

image-sync-formula

Handle empty images pillar (bsc#1105359)

lucene

Install missing LICENSE.txt file (bsc#1114814)

nekohtml

Install missing LICENSE.txt file (bsc#1114814)

nutch-core

Install missing LICENSE.txt file (bsc#1114814)
Add conditional requirement for java 1.8
Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch (bsc#1107869)
Add new tarball file for v1.0.1
Bump up version to 1.0.1 and fix paths
Adjustments after upgrade of tika-core to v1.19

picocontainer

Install missing LICENSE.txt file (bsc#1114814)

python-susemanager-retail

Improve error reporting on duplicate systems
Output partition size as int (bsc#1116517)
Start partition numbers from 1
Warn on long group names
Improved logging support
Add retail_yaml --only-new option
Print import summary (bsc#1112754)
Add retail_migration tool
Check for duplicate addresses in yaml (bsc#1111497)

salt-netapi-client

Version 0.15.0 See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.15.0

saltboot-formula

Send pxe_update by external command to make sure it is finished (bsc#1111387)
Better error message on missing partitioning pillar (bsc#1110625)

spacecmd

Show group id on group_details (bsc#1111542)
State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.

spacewalk-branding

Automatic cleanup of notification messages after a configurable lifetime
ActivationKey base and child channel in a reactjs component
New messages are added for XMLRPC API for state channels

spacewalk-config

Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181)

spacewalk-java

Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint
Fix scheduling jobs to prevent forever pending events (bsc#1114991)
Performance improvements for group listings and detail page (bsc#1111810)
Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)
Add check if ssh-file permissions are correct (bsc#1114181)
Increase maximum number of threads and open files for taskomatic (bsc#1111966)
When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)
Allow listing empty system profiles via XMLRPC
Automatic cleanup of notification messages after a configurable lifetime
Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)
Do not try cleanup when deleting empty system profiles (bsc#1111247)
Better error handling when a websocket connection is aborted (bsc#1080474)
Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)
ActivationKey base and child channel in a reactjs component
Fix typo in messages (bsc#1111249)
Cleanup formula data and assignment when migrating formulas or when removing system
Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)
Added shortcut for editing Software Channel
Fix permissions check on formula list api call (bsc#1106626)
Add sp migration dry runs to the daily status report (bsc#1083094)

spacewalk-search

Fix nutch-core path (bsc#1112445)

spacewalk-setup

Increase maximum number of threads and open files for taskomatic (bsc#1111966)

spacewalk-utils

Fix typo at --phases option help

spacewalk-web

Make datetimepicker update displayed time (bsc#1041999)
Show human-readable system cleanup error messages
ActivationKey base and child channel in a reactjs component
Fix typo in messages (bsc#1111249)

susemanager:

Add new option --with-parent-channel to mgr-create-bootrap-repo to specify parent channel to use if multiple options are available (bsc#1104487)

susemanager-docs_en
Update text and image files.
Add information about SLE12 SP4 as base OS for Server and Proxy

susemanager-frontend-libs
Fix package version (bsc#1115449)

susemanager-schema
Automatic cleanup of notification messages after a configurable lifetime
Add missing minion-action-chain-cleanup to db init scripts

susemanager-sls
Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)

susemanager-sync-data
SUSE OpenStack Cloud 9 enablement (bsc#1113557)
Add SUSE Manager 3.1 and 3.2 to SLES12 SP4

tika-core
Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)
Install missing LICENSE.txt file (bsc#1114814)
New upstream version (0.19.1)

Version 3.2.3

bind-formula

Do not allow empty values in SOA pillar
Generate rev zones for any zone
Include forwarders, allow generic options in bind formula
Advanced features in form
Updated from upstream

dhcpd-formula

Form hardware address clarification (bsc#1106243)
Allow hosts to be specified under specific subnet
Mark domain name as optional in form
Update form.yml to use edit-groups
Remove no longer needed local changes
Update formula from upstream:
- Add support for several config options
- Add domain-search option
- Class and subnet pool minor fixes / additions
- Add option next-server for hosts in dhcpd.conf

nutch-core

Change default hadoop.log location to /var/log/nutch
Disable log file rotation in the log4j configuration in order to handle rotation using logrotate and change the path of hadoop.log to /var/log/nutch (bsc#1107869)

patterns-suse-manager

Adjusted pacakges list for Retail pattern

py26-compat-salt

Fix wrong recurse behavior on for linux_acl.present (bsc#1106164)
Adding backport for string arg normalization and fix for SUSE ES os

spacecmd

Add summary to softwarechannel.clone when calling older API versions (bsc#1109023)
New function/Update old functions to handle state channels as well

spacewalk-java

Fix 'image deployed' event data parsing (bsc#1110316)
Handle 'image deployed' salt event by executing post-deployment procedures
Fix NullPointerException when refreshing deleted software channel (bsc#1094992)
Remove special characters from HW type string
Fix script is deleted too early (bsc#1105807)
Make Kiwi OS Image building enabled by default
Change Saltboot grain trigger from "initrd" to "saltboot_initrd"
Optimize execution of actions in minions (bsc#1099857)
Add last_boot to listSystems() API call
Changed localization strings for file summaries (bsc#1090676)
Added menu item entries for creating/deleting file preservation lists (bsc#1034030)
Check valid postgresql database version
Fix displayed number of systems requiring reboot in Tasks pane (bsc#1106875)
Modify acls: hide 'System details -> Groups and Formulas' tab for non-minions with bootstrap entitlement
Double check if the websocket connection is still open on sendText failure (bsc#1080474)
Remove the reference of channel from revision before deleting it(bsc#1107850)
Pair a new starting minion with empty profile based on its HW address (MAC)
Allow creating empty minion profiles via XMLRPC, allow assigning and editing formula for them
Added link from virtualization tab to Scheduled > Pending Actions (bsc#1037389)

spacewalk-search

Limit number of old java logfiles (bsc#1107869)

spacewalk-web

Fix applying default values to edit-group
Respect $name in dictionary edit-group
Filter out empty values in edit-group (bsc#1104837)

subscription-matcher

Set core dumps location for IBM java (bsc#1107302)
Fix OutOfMemoryError crashes (bsc#1094524)

supportutils-plugin-susemanager

Add postgresql version info

susemanager-branding-oss

Use ASCII quotation marks in license file (bsc#1098970)

susemanager-docs_en

Rebuilt same bsc bugs apply from former push
SUSE Manager documentation doesn’t contain note that third party software is not allowed on the server (bsc#1105497)
SUSE Manager 3.2 Proxy online doc: broken links (bsc#1102857)
Entities added to single file entities.adoc
Cleaned up adoc sources
Added a Dockerfile for building docs via a single command see: doc-susemanager/docker-builder instructions coming soon

susemanager-schema

Check valid postgresql database version
Add index for HW address on network interface

susemanager-sls

Install all available known kiwi boot descriptions
Fix: Cleanup Kiwi cache in highstate (bsc#1109892)
Removed the ssl certificate verification while checking bootstrap repo URL (bsc#1095220)
Removed the need for curl to be present at bootstrap phase (bsc#1095220)

susemanager-sync-data

Add SUSE Manager for Retail Branch Server (bsc#1108004)

tftpd-formula

Adjust tftpd defaults for standalone use

vsftpd-formula

Adjusted default directory
Use boolean values in pillar

Version 3.2.2

patterns-suse-manager

Remove unneeded requires for minion proxy; traditional clients still will get those packages via bootstrap repo

py26-compat-salt

Prepend current directory when path is just filename (bsc#1095942)

spacecmd

Suggest not to use password option for spacecmd (bsc#1103090)

spacewalk-backend

Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool(bsc#1104120)
Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388)

spacewalk-branding

Missing link to LDAP instructions (bsc#1102464)
Fix copyright for the package specfile (bsc#1103696)
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

spacewalk-certs-tools

Feat: check for Dynamic CA-Trust Updates while bootstrapping on RES (FATE#325588)
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

spacewalk-config

Feat: add OS Image building with Kiwi fate#322959 fate#323057 fate#323056
Fix /etc/sudoers.d/spacewalk file (related to bsc#1099517)

spacewalk-java

Fix mgr-sync refresh when subscription was removed (bsc#1105720)
Method to Unsubscribe channel from system (bsc#1104120)
Enable auto patch updates for salt clients
Fix ACLs for system details settings
Fix: delete old custom OS images pillar before generation (bsc#1105107)
Fix an error in the system software channels UI due to SUSE product channels missing a corresponding synced channel (bsc#1105886)
Fix 'Compare Config Files' task hanging (bsc#1103218)
Reschedule taskomatic jobs if task threads limit reached (bsc#1096511)
XMLRPC API for state channels
Subscribe saltbooted minion to software channels, respect activation key in final registration steps
Fix deletion of Taskomatic schedules via the GUI (bsc#1095569)
Generate OS image pillars via Java
Logic constraint: results must be ordered and grouped by systemId first (bsc#1101033)
Store activation key in the Kiwi built image
Do not wrap output if stderr is not present (bsc#1105074)
Store image size in image pillar as integer value
Fix retrieving salt-ssh pub key for proxy setup when key already exists (bsc#1105062)
Implement the 2-phase registration of saltbooted minions (SUMA for Retail)
Avoid an NPE on expired tokens (bsc#1104503)
Generate systemid certificate on suse/systemid/generate event (fate#323069)
Fix system group overview patch status (bsc#1102478)
Allow salt systems to be registered as proxies (fate#323069)
Add DNS name to cobbler network interface (fate#326501, bsc#1104020)
Fix behavior when canceling actions (bsc#1098993)
Speedup listing systems of a group (bsc#1102009)
Disallow '.' in config channel names (bsc#1100731)
Add python3 xmlrpc api example to docs.
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)
Apply State Result - use different color for applied changes
Fix missing acl to toggle notifications in user prefs in salt clients (bsc#1100131)

spacewalk-setup

Clean up correct system sudoers file (bsc#1099517)
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

spacewalk-web

Allow relative path in visibleIf tag in formulas
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)
Refactor the fetching and cache the child channels and mandatory channels in System Details change channels page

subscription-matcher

Update partnumbers rule file (bsc#1095972)
Use intermediate object to store confirmed matches within a penalty group and prevent infinite reactivation of Inherited virtualization rule (bsc#1094524)

susemanager

Bootstrap repos for SLE12 SP4 (bsc#1107117)
Do not fail if postgresql user has no interactive login shell
Fix broken stderr redirection in mgr-setup
Add new dependency python-setuptools to bootstrap packages (bsc#1106026)
Add debug mode for mgr-create-bootstrap-repo
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

susemanager-docs_en

OS Image building with Kiwi: SUSE Manager can now build Kiwi-based image creation for installable Linux OS images and virtual machines.
Missing link to LDAP instructions (bsc#1102464)

susemanager-schema

Enable auto patch updates for Salt minions
Enable system preferences for Salt minions (bsc#1098388)
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

susemanager-sls

Fix merging of image pillars
Fix: delete old custom OS images pillar before generation (bsc#1105107)
Generate OS image pillars via Java
Store activation key in the Kiwi built image
Implement the 2-phase registration of saltbooted minions (SUSE Manager for Retail)
Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

susemanager-sync-data

Support SLE12 SP4 product family (bsc#1107117)
Add CaaSP 3.0 channels (bsc#1105045)
Add product class for Live Patching on PPC (bsc#1104025)

Version 3.2.1

cobbler

Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (bsc#1097733)

nutch-core

Fix nutch log level (bsc#1097145)
Fix hadoop log dir (bsc#1061574)

py26-compat-salt

Handle packages with multiple version properly with zypper (bsc#1096514)
Fix file.get_diff regression in 2018.3 (bsc#1098394)
Fix file.managed binary file utf8 error (bsc#1098394)
Add custom SUSE capabilities as Grains (bsc#1089526)
Bugfix: state file.line warning (bsc#1093458)
Enable '--with-salt-version' parameter for setup.py script
Add environment variable to know if yum is invoked from Salt (bsc#1057635)

spacewalk-backend

Fix directory permissions (bsc#1101152)
Feature: implement optional signing repository metadata
Fix truncated result message of server actions (bsc#1039043)
Do not copy 'foreign_entitlement' from virtual host to the registered guest (bsc#1093381)

spacewalk-branding

Disable child channel selection only if channel is actually assigned (bsc#1097697)

spacewalk-config

Remove not needed build dependency to cobbler (bsc#1102137)

spacewalk-java

Fix: errata id should be unique (bsc#1089662)
Fix race condition when applying patches to systems (bsc#1097250)
Improve cve-server-channels Taskomatic task’s performance (bsc#1094524)
Fix union and intersection button in grouplist (bsc#1100570)
Fix checking for salt pkg upgrade when generating action chain sls
Add queue=true to state.apply calls generated in action chain sls files
Feature: show ordered and formated output of state apply results
Fix defining a schedule for repo-sync (bsc#1100793)
Drop removed network interfaces on hardware profile update (bsc#1099781)
Feature: implement test-mode for highstate UI
Feature: implement optional signing repository metadata
Valid optional channel must be added before reposync starts (bsc#1099583)
Fix tabs and links in the SSM "Misc" section (bsc#1098388)
Handle binary files appropriately (bsc#1096264)
XML-RPC API call system.scheduleChangeChannels() fails when no children are given (bsc#1098815)
Ignore inactive containers in Kubernetes clusters
Explicitly require IBM java for SLES < SLE15 (bsc#1099454)
Do not break backward compatibility on package installation/removal (bsc#1096514)
Fix minion software profile to allow multiple installed versions for the same package name (bsc#1089526)
Fix NPE in image pages when showing containers with non-SUSE distros (bsc#1097676)
Do not log when received 'docker://' prefix from Kubernetes clusters
Fix cleaning up tasks when starting up taskomatic (bsc#1095210)
Mark all proceeding actions in action-chain failed after an action failed(bsc#1096510)
Check if directory /srv/susemanager/salt/actionchains exists before deleting minion action chain files
Specify old udev name as alternative when parsing hw results
Fix detection of a xen virtualization host (bsc#1096056)
Fix hardware refresh with multiple IPs on a network interface (bsc#1041134)
Fix truncated result message of server actions (bsc#1039043)
Fix: limit naming of action chain (bsc#1086335)
Add missing result fields for errata query (bsc#1097615)
Add new 'upgrade_satellite_refresh_custom_sls_files' task to refresh custom SLS files generated for minions (bsc#1094543)
Improve gatherer-matcher Taskomatic task’s performance (bsc#1094524)
Show chain of proxies correctly (bsc#1084128)

spacewalk-search

Fix the search when server is missing primary interface (bsc#1099638)

spacewalk-setup

Sudoers file is now in /etc/sudoers.d/spacewalk (bsc#1099517)

spacewalk-web

Refactor buttons.js
Feature: implement test-mode for highstate UI
Disable child channel selection only if channel is actually assigned(bsc#1097697)
Fix typo in 'Installed Products' label in image overview page
Fix css issues on minion-state pages (bsc#1083295)
Show feedback on button clicked (bsc#1085464)
Show chain of proxies correctly (bsc#1084128)
Improve the gulpfile watch mode performance (bsc#1096747)

susemanager

Fix mgr-create-bootstrap-repo with custom channels (bsc#1099934)
Add package python-pyudev for bootstrapping (bsc#1099311)
Feat: allow cleanup of bootstrap repo (bsc#1096204)

susemanager-frontend-libs

Update susemanager-nodejs-sdk-devel to 1.0.2 (bsc#1096747)

susemanager-schema

Copy missing action-chain schema migration to correct directory (bsc#1100760)
Fix truncated result message of server actions (bsc#1039043)
Fix config channels state revision inconsistency after migration (bsc#1094543)

susemanager-sls

Use custom Salt capabilities to prevent breaking backward compatibility (bsc#1096514)
Update profileupdate.sls to report all versions installed (bsc#1089526)
Do not install 'python-salt' on container build hosts with older Salt versions (bsc#1097699)

Major changes since SUSE Manager 3.1 Server

Salt 2018.3.0

Salt has been upgraded to the final 2018.3.0 release.

We do intend to upgrade Salt regularly to more recent versions.

For changes in your manually created Salt states, please see the Salt 2017.7 and 2018.3 upstream release notes.

Salt action chains

Action chains are enabled for Salt minions now. It works like action chains for traditional clients, see the documentation for details.

SLE 15

The SLE 15 product family is fully supported as a client operating system.

Due to its new module concept, the product selection page in SUSE Manager was redesigned. Please see the documentation about choosing SLE 15 modules.

SLES 15 and Python 3

SLES 15 utilizes Python 3 as its default system version. Due to this change any older bootstrap scripts (based on python 2) must be regenerated for SLES 15 systems.

Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.

Formulas with Forms improvements

Formula data can now be managed with XMLRPC API.
New types so almost any kind of upstream formula can be handled by SUSE Manager.

SUSE Manager Proxy versions

SUSE Manager 3.2 Server can work with version 3.1 of SUSE Manager Proxy.

When upgrading, upgrade the server first, followed by proxies. See the advanced topics manual for detailed upgrade instructions.

Upstream changes since SUSE Manager 3.1

Note: Changes from the upstream project are listed here as-is. There’s no guarantee that all of them are actually available in SUSE Manager 3.2 Server.

Spacewalk 2.8

SUSE Manager 3.2 Server is based on Spacewalk 2.8 with many new features added by SUSE.

Spacewalk now installable on Fedora 27 and has been tested on Fedora 28 Beta as well
Spacewalk supports Fedora 27 and Fedora 28 clients
Python 2 packages are no longer needed on systems with Python 3 as default
Spacewalk server is now capable of syncing and distributing of Fedora modularity (modules.yaml) files.
PostgreSQL 10 is now supported
Package dwr updated to version 3.0.2 fixing security vulnerabilities
It’s now possible to manage errata severities via Spacewalk server Several bugfixes
Updated API calls:
- errata.create/setDetails - add possibility to manage severities
- system.schedulePackageRemoveByNevra - support removal of packages which are not in database

Spacewalk 2.7

Spacewalk now supported on Fedora 25 and Fedora 26
Spacewalk supports Fedora 25 and Fedora 26 clients
Improved Debian/Ubuntu version parsing and matching
Spacewalk wiki now hosted on GitHub
Significant improvements to channel synchronization speed
New utility to monitor what taskomatic daemon is doing - taskotop is part of spacewalk-utils package
jabberd, which support OSAD, now uses sqlite database for improved reliability
jpackage libraries/packages replaced with standard ones
Improved kickstart profile support
New API calls:
- channel.listManageableChannels
- schedule.failSystemAction
API calls restored for backward compatibility:
- proxy.createMonitoringScout
- satellite.isMonitoringEnabled
- satellite.isMonitoringEnabledBySystemId

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from the SUSE Manager Server or clients.

The standard disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

In the SUSE Manager Server’s case, please be aware that supportconfig’s output will contain information about clients as well.

In particular, debug data for the Subscription Matching feature contain a list of the registered clients, their installed product and some minimal hardware information (CPU socket count). It also contains a copy of subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.

Support for EOL’ed products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. See the Product Support Lifecycle page.

This support is limited to scenarios to bring production systems to a supported state. Either by migrating to a supported service pack or by upgrading to a supported product version.

spacewalk-utils

spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.

L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)

The following tools of spacewalk-utils are fully supported:

spacewalk-clone-by-date
spacewalk-sync-setup
spacewalk-manage-channel-lifecycle

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information

Technical Information: SUSE Manager contains additional or updated documentation for SUSE Manager Server 3.2.

These Release Notes are available online. Further information about SUSE Manager is available [in the Wiki http://wiki.microfocus.com/index.php/SUSE_Manager]

Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Linux GmbH
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Mary Higgins, Sri Rasiah
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2019 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.