• Version Revision History

• About SUSE Manager
  • Stay up-to-date
• Installation
  • Requirements
  • Registration code
  • Installing the SUSE Manager 3.1 Server extension on SLES 12 SP3
  • Update from previous versions of SUSE Manager Server
  • Migrating from RHN Satellite
• Major changes since SUSE Manager Server 3.1 GA
  • Features and changes
    • Version 3.1.3
      • Database cleanup migration
      • Check for duplicate minion ids
      • Minion power management
      • PostgreSQL backup configuration
      • Documentation
      • Removal of Certification Module for SLES 12 SP2 and SP3
      • New products supported
    • Version 3.1.2
      • PostgreSQL 9.6 support
        • Migrating from PostgreSQL 9.4 to PostgreSQL 9.6
      • SUSE Manager Server enabled for SLES 12 SP3
      • Channel changes on minions
      • SUSE CaaS Platform / Kubernetes integration
      • Container inspection / Image import
    • Version 3.1.1
      • New products supported
  • Patches
    • Version 3.1.3
      • Server
      • Salt
      • Client tools
    • Version 3.1.2
      • Client tools
      • Salt
      • Server
    • Version 3.1.1
• Major changes since SUSE Manager 3.0 Server
  • Upgrade of base system to SLES 12 SP2
  • SUSE Manager Proxy versions
  • Spacewalk 2.6
  • Managing Container Images
  • UI and Usability
    • Reduced vertical waste
    • New navigation structure
    • Action buttons visibility
    • Top of page button
  • Visualization
  • Scalability
  • Automatic product installation
  • Salt
    • Salt update to 2016.11.4
    • Minions in the system set manager
    • Bootstrap defaults to SALT now
    • OpenSCAP for minions
  • Change of jabberd database
    • jabberd removal and recreation
  • Formulas with Forms
  • Upstream changes since SUSE Manager 3.0
    • Spacewalk 2.6
    • Spacewalk 2.5
• Support
  • Supportconfig confidentiality disclaimer
  • Supportability of embedded software components
  • Red Hat Channels
  • Support for EOL'ed products
  • Support for SLES 10 based systems
  • spacewalk-utils
• Providing feedback to our products
• Documentation and other information
• Legal Notices
• Colophon

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html.

Also, for up to three years from SUSE's distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com or as otherwise instructed at http://www.suse.com/download-linux/source-code.html. SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

• January 9th, 2017: Alpha1 release
• February 10th, 2017: Alpha2 release
• March 10th, 2017: Beta1 release
• April 6th, 2017: Beta2 release
• May 8th, 2017: Beta3 release
• Jun 1st, 2017: RC1 release
• Jun 27th, 2017: GA release
• August 25th, 2017: 3.1.1
• October 9th, 2017: 3.1.2
• December 2017: 3.1.3

About SUSE Manager

You have more than just a few Linux servers to manage, maybe even a mixed environment of RHEL and SLES?

Then SUSE Manager is the answer.

SUSE Manager gives you best-in-class open source infrastructure management with new enhancements focused on improving DevOps efficiency, with both RHEL and SLES support from one unified console, maintained and improved by the guys who wrote the fastest and most advanced Linux update stack on the planet.

SUSE Manager gives you the lowest possible Total Cost of Ownership for your Linux environment, from bare metal provisioning to daily patch management. SUSE Manager is an open source (GPLv2) Linux systems management solution that allows you to:

• Inventory your systems (hardware and software information)
• Install and update software on your systems
• Collect and distribute your custom software packages into manageable groups
• Provision (AutoYaST / Kickstart) your systems
• Easily manage configurations with Salt
• Match subscriptions to products installed on your servers
• Provision and start/stop/configure virtual guests
• Distribute content across multiple geographical sites in an efficient manner
• Find vulnerable systems by searching by CVE number
• Track compliance of managed systems with OpenSCAP
• Improve DevOps efficiency and optimize operations with a single tool to setup and manage your container infrastructure
• Ensure container and cloud VM compliance to hardened profiles/templates across your DevOps environments based on your own internal security policies
• Reduce complexity and regain control of your assets with improved visibility of your systems and infrastructure deployments

Stay up-to-date

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

• Check the SUSE Manager Wiki
• Read the SUSE Blog

Installation

Requirements

SUSE Manager 3.1 Server is an extension for SLES 12 SP3 for x86-64 or z Systems (s390x).

This means that installation is done in two steps

• base operating system (SLES 12 SP3)
• SUSE Manager 3.1 Server extension

This addresses the need of enterprise deployments to standardize on the base operating system as well as specific storage setups.

It is strongly recommended to use SUSE Manager with the embedded database. PostgreSQL is only supported as a local (embedded) database.

Registration code

The SUSE Manager 3.1 Server registration code, matching your hardware architecture, can be used to register the SLES 12 SP3 base system as well.

Installing the SUSE Manager 3.1 Server extension on SLES 12 SP3

You'll need a physical or virtual SLES 12 SP3 x86_64 or s390x system to install SUSE Manager 3.1 Server.

When you install and register SLES 12 SP3, SUSE Manager 3.1 Server will show up in the list of available extensions.

You'll need a valid SUSE Manager 3.1 Server registration code to access this extension.

Update from previous versions of SUSE Manager Server

You can update from SUSE Manager 3.0 Server to SUSE Manager 3.1 Server.

Updates from older versions are not supported.

The actual upgrade can be done as a two-step or a one-step approach.

The two-step approach migrates the SUSE Manager 3.0 Server to SLES 12 SP3 first, followed by an update to SUSE Manager 3.1 Server.

The one-step approach migrates the SUSE Manager 3.0 Server to SUSE Manager 3.1 Server together with the service pack migration of the base system from SLES 12 SP1 to SLES 12 SP3.

See the best practices manual for detailed instructions on how to upgrade.

All connected clients will continue to run and are manageable unchanged.

Migrating from RHN Satellite

Is conditionally supported with SUSE Manager 3.1 Server.

If you have the need to migrate from RHN Satellite to SUSE Manager 3.1 Server, please get in contact with a SUSE sales engineer or a SUSE consultant before starting the migration.

Major changes since SUSE Manager Server 3.1 GA

Features and changes

Version 3.1.3

Database cleanup migration

After several reports about duplicate package ids in the database, a cleanup task was introduced in spacewalk-schema-upgrade to repair such cases.

Warning In case your database is corrupted with duplicate package ids, this cleanup task can take hours to complete. Runtimes of 4-5 hours are normal.

Here is how to check for duplicate package ids

  echo "select min(id) as id \
         from rhnpackageevr \
        group by version, release, epoch \
          having count(*) > 1;" \
    | spacewalk-sql --select-mode-direct -

  echo "select min(id) as id \
          from rhnPackageCapability \
          group by name, version \
          having count(*) > 1;"\
    | spacewalk-sql --select-mode-direct -

These read-only checks can be run during normal operation of SUSE Manager. Just running the checks can take a long time (up to 1hr in some of our test scenarios. YMMV).

If any of these queries returns a non-empty result, it can be stopped immediately. Your database has duplicate package ids in this case and the next run of spacewalk-schema-upgrade will take hours.

Take this under consideration before starting the upgrade to SUSE Manager 3.1.3.

Check for duplicate minion ids

With this update we introduce a unique constraint on minion_id in the database.

When multiple systems exists already with the same minion_id, the schema migration will fail.

There will be a list of the duplicates in the schema migration log. In this case, duplicate minion_id need a manual cleanup:

• start spacewalk-service
• remove the duplicate machines
• stop spacewalk-service
• finish the schema migration
  ==== Minion configuration channels ====
  Configuration channels, allowing central deployment of configuration files to clients, are now available for Salt minions.
  This feature is a tech-preview and will be enhanced in future releases of SUSE Manager 3.1.
  See 'Configuration Management for Salt ' in the Reference manual for the currently enabled functionality and its limitations.

Minion power management

Power management (power on, off, and reboot systems via the IPMI protocol if the systems are IPMI-enabled) is now enabled for Salt minions.

PostgreSQL backup configuration

During the migration of PostgreSQL from 9.4 to 9.6, the backup configuration might get lost and needs to be recreated with smdba.

Documentation

The 'image building' chapter was improved and moved to the Advanced Topics manual.

Removal of Certification Module for SLES 12 SP2 and SP3

Certification Module was accidently provided for SLES12 SP2 and SP3.

But this module does not exist for these service packs and got removed in SUSE Manager.

If you have mirrored this module for SP2 or SP3, please remove the channels using spacewalk-remove-channel command

New products supported

• Open Enterprise Server (OES) 2018
• SUSE Manager for Retail 3.1
• SUSE CaaS Platform - channels only, no update management
• IBM DLPAR channels for SAP SPx ppc64le

Version 3.1.2

PostgreSQL 9.6 support

A new version of the PostgreSQL database is available in SLES 12 SP2 and can be used for SUSE Manager 3.1 Server.

New installations of SUSE Manager 3.1 Server based on SLES 12 SP3 will automatically pick up this version.

Migrating from PostgreSQL 9.4 to PostgreSQL 9.6

Note: SUSE Manager 3.1 Server must NOT be migrated to SLES 12 SP3 before migrating PostgreSQL to version 9.6.

The migration needs PostgreSQL 9.4 and 9.6 installed in parallel and PostgreSQL 9.4 is only available in SLES 12 SP2

You should have an up-to-date database backup before attempting the migration.

Existing installations of SUSE Manager 3.1 Server will need to run

      /usr/lib/susemanager/bin/pg-migrate.sh

to migrate from PostgreSQL 9.4 to PostgreSQL 9.6

Your SUSE Manager Server installation will not be accessible during the migration.

Migration will create a copy of the database under /var/lib/pgsql and thus needs sufficient disk space to hold two copies (9.4 and 9.6) of the database.

Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage.

If your system is scarce on disk space you can do an fast, in-place migration by running

      /usr/lib/susemanager/bin/pg-migrate.sh fast

The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup.

This wiki page contains additional information about the migration.

SUSE Manager Server enabled for SLES 12 SP3

SUSE Manager 3.1 is now based on SLES 12 SP3.

If you already have a SUSE Manager 3.1 Server or Proxy deployed, you can now initiate a service pack migration as outlined in the SLES documentation.

Please migrate to PostgreSQL 9.6 as outlined above before starting the service pack migration.

If you deploy a SUSE Manager 3.1 Server or Proxy anew, please start with SLES 12 SP3 as the base operating system.

Release notes and documentation have been adapted to reflect this.

Channel changes on minions

This update brings an important change in semantics when changing channel assignments on minions.

In the past, channel assignment changes were executed immediately, without respecting config change time slots. Effectively doing a 'change of client configuration outside of a maintenance window'.

This is fixed with 3.1.2 by delaying state application until

• a package installation or upgrade is executed
• a patch installation is executed
• a service pack migration is executed
• the state is explicitly applied via the web UI
• the state is explicitly applied via the command line

A respective web UI information is also shown for the client.

SUSE CaaS Platform / Kubernetes integration

This update brings the initial integration of SUSE Manager with the SUSE CaaS Platform

You can now search containers running on the SUSE CaaS Platform for

• known vulnerabilities
• outstanding patches
• pending package updates

The SUSE CaaS Platform / Kubernetes infrastructure data can also be visualized via the Systems > Visualization page.

Container inspection / Image import

Inspection of containers build by SUSE Manager was already part of the 3.1 release.

Now you can also import and inspect any 'foreign' container image available in the configured container registry.

This feature is currently limited to SLES-based containers. The container needs to have Python installed.

Version 3.1.1

Bugfix release

New products supported

• SUSE Enterprise Storage 5
• SUSE OpenStack Cloud Continuous Delivery 6

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 3.1.3

Server

cobbler:

• Fix koan wait parameter initialization
• Fix setup.py to identify SUSE OS correctly (bsc#1046679)

nutch:

• Log Hadoop into proper log dir (bsc#1061574)

osad:

• Fixed TypeError for force flag in setup_config that could happen when jabberd restart was needed. (bsc#1064393)

spacecmd:

• Configchannel export binary flag to json (bsc#1044719)

spacewalk-backend:

• Fix issues with syncing deb repos (bsc#1050433)
• Honor MAX_LOG_AGE for (renamed) cobbler/tasks logs file in spacewalk-debug (bsc#1025201)
• Add hostname to duplicate machine_id email (bsc#1055292)
• Fix link to manual and the described procedure
• Don't crash when token is set to 'fake' (bsc#1060022)
• When searching for not installed products exclude release packages which are provided by others (bsc#1067509)
• Search for product packages when installed packages are available (bsc#1060182)
• RhnServerNetwork refactoring (bsc#1063419)
• Non admin or disabled user cannot make changes to a system anymore
• No need to be autonomous when inserting to rhnArchType,
• Add suseLib.accessible() doing a HEAD request to test
• Fix extract keyid from RPM header
• Call yum update_md with the option to get all updateinfos
• Backport upstrem fixes
• Fix checksum handling.
• Change suseServer ostarget to a foreign key to suseOSTarget(id) client registration.
• Reposync: find checksums for packages in channels with org_id null
• Skip patch instead of abort if no checksum for a package

spacewalk-branding:

• Improve text for system types page (bsc#1057084)
• Disallow entering multiple identical mirror credentials (bsc#971785)

spacewalk-certs-tools:

• Add comment to explain that FULLY_UPDATE_THIS_BOX gets ignored on salt minions (bsc#1036254)
• Do not use registration keys from last autoinstallation (bsc#1057599)

spacewalk-java:

• Implemented assignment of configuration channels to Salt systems via Salt states
• Added file structure under Salt root for configuration management
• Enabled configuration management UI for Salt systems
• Remove SUSE Manager specific configuration from Salt ssh minion when deleting system from SUSE Manager (bsc#1048326)
• Support Open Enterprise Server 2018 (bsc#1060182)
• Enable autofocus for login field
• Do not remove virtual instances for registered systems (bsc#1063759)
• Process right configfile on 'scheduleFileComparisons' API calls (bsc#1066663)
• Fix reported UUIDs for guests instances within a virtual host (bsc#1063759)
• Generate Order Items for OEM subscriptions (bsc#1045141)
• Fix alignment of systemtype counts text (bsc#1057084)
• Enable 'Power Management' features on Salt minions.
• Fix editing of vhm config params (bsc#1063185)
• Skip the server if no channel can be guessed (bsc#1040420)
• Added a method to check if OS on machine supports containerization or not(bsc#1052728)
• 'Cancel Autoinstallation' link has been changed to look like button to make it more visible (bsc#1035955)
• Make systems in system group list selectable by the group admins (bsc#1021432)
• Hide non-relevant typed systems in SystemCurrency (bsc#1019097)
• Start registration for accepted minions only on the minion start event, not automatically on any event (bsc#1054044)
• Exclude salt systems from the list of target systems for traditional configuration stack installation
• Keep the the GPG Check value if validation fails (bsc#1061548)
• Extract Proxy version from installed product (bsc#1055467)
• Provide another create method(with additional parameter Gpgcheck) to create software channel through XML RPC(bsc#1060691).
• Improve duplicate hostname and transaction handling in minion registration
• Added 'Machine Id' information as part of details in System namespace for XMLRPC API(bsc#1054902)
• Modified the displayed message after updation of activation key (bsc#1060389)
• Display GUI message after successfully deleting custom key (bsc#1048295)
• Fix links on schedule pages (bsc#1059201)
• Harmonize presentation of patch information (bsc#1032065)
• Display a feedback message when user deletes configuration channel(bsc#1048355)
• Fix duplicate machine id in event history on minion restart (bsc#1059388)
• Show link in message when rescheduling actions (bsc#1032122)
• Prevent ISE when distribution does not exist (bsc#1059524)
• Do not store registration-keys during autoinstallation (bsc#1057599)
• Enable package profile comparisons on minions
• Disallow entering multiple identical mirror credentials (bsc#971785)
• Ensure correct ordering of patches (bsc#1059801)
• Fix cloning Kickstart Profiles with Custom Options (bsc#1061576)
• Checkin the foreign host if a s390 minion finished a job (bsc#971916)
• Increase max length of hardware address to 32 byte (bsc#989991)
• Set the creator user for minions correctly in case it is known (bsc#1058862)
• Fix minor UI issues on overview page (bsc#1063590)
• Hide invisible first level menu items (bsc#1063822)
• Fail gracefully when GPG files are requested (bsc#1065676)
• Fix unscheduling actions for traditional systems (bsc#1065216)
• Add logging messages for SP migration (bsc#1066819, bsc#1066404)
• Improve messaging for "Compare Packages" (bsc#1065844)
• When searching for not installed products exclude release packages which are provided by others (bsc#1067509)
• RhnServerNetwork refactoring (bsc#1063419)
• Add Adelaide timezone to selectable timezones (bsc#1063891)
• Add missing help icons/links (bsc#1049425)
• Fixed invalid help links (bsc#1049425)
• Fixes overlapping text narrow window (bsc#1009118)
• Fix text for activation key buttons (bsc#1042975)
• Removed duplicate overview menu item (bsc#1045981)
• Make the packages require the frontend-libs
• Do not allow creating kickstart profiles that differ from existing ones
• Fix system.listLatestUpgradablePackages API to list upgradable packages
• Backported better installation server detection code
• Fix display of XML snippets in the web ui using session install=.... parameter
• Settings the correct architecture in cobbler, needed by virt.
• Rename sm-register to mgr-register
• Some style fixes

spacewalk-reports:

• Add machine_id and minion_id to system-profiles and inventory report (bsc#1054902)
• RhnServerNetwork refactoring (bsc#1063419)

spacewalk-search:

• RhnServerNetwork refactoring (bsc#1063419)

spacewalk-web:

• Disallow entering multiple identical mirror credentials (bsc#971785)
• Fix runtime data display in Images page (bsc#1062972)
• Add delete button to img-overview page (bsc#1061245)
• Update wording for image profiles in image build page (bsc#1058323)
• Rename 'Refresh Data' button in VHM details page
• Update browser URL correctly after deleting a VHM from the details page (bsc#1061596)
• Show 'Nodes' list only for Kubernetes VHMs (bsc#1061563)
• Remove import button from image over page (bsc#1058128)
• Use the same datetime format as the rest of the product (bsc#1054424)

supportutils-plugin-salt:

• Collect local grains on Salt systems.
• Added saltlogfiles to plugin list, so that salt logs are also included. (bsc#1063805)

supportutils-plugin-susemanager:

• Use correct function validate_rpm for supportconfig (bsc#1062094)

susemanager:

• Support Open Enterprise Server 2018 (bsc#1060182)
• Fixed bootstrap repository path for SLES4SAP version 12 and 12.1 (bsc#1062936)
• Ensure postgres db template uses unicode (bsc#1062476)
• Fix error message for database upgrade failure
• Check for sufficient diskspace in /var/lib/pgsql

susemanager-docs_en:

• Updated package
• API Documentation Update (bsc#1069576)
• Suse manager 3.1: online update Reference Guide, Best Practices, Getting Started (bsc#1069461)
• Suse manager 3: online update (bsc#1062366)
• SUSE Manager documentation is missing single-page html format (bsc#1056994)
• Incorrect database location (bsc#1059576)
• Service Pack Migration documentation points to 404 webpage (bsc#1059466)
• Tech specs of https://www.suse.com/products/suse-manager/ does not show supported client systems (bsc#1056868)
• Best Practices July 6 2017 -- Chapter 8 missing graphics (bsc#1056188)
• Outdated screenshots for the proxy (bsc#1055524)
• Lack of documentation: Using a custom SSL Certificate (bsc#1052691)
• Wrong pattern name in instruction (bsc#1066641)

susemanager-schema:

• Add Adelaide timezone to selectable timezones (bsc#1063891)
• Added new relationships for Salt config management
• Added new config channel type(state) and file type(sls)
• Enable 'Power Management' features on Salt minions.
• Enablement of the package profile feature for minions
• Re-create unique index on minion_id (bsc#1059568, bsc#1056358)
• Increase max length of hardware address to 32 byte (bsc#989991)
• Fix unique index for evr and capability and remove duplicates during migration (bsc#1058110)
• RhnServerNetwork refactoring (bsc#1063419)
• Registration of REHL4 clients fails due to incomplete
• Fix copyright
• Change suseServer ostarget to a foreign key to suseOSTarget(id)
• Add RES GPG Key to DB
• Add SUSE and Novell GPG Keys to DB

susemanager-sls:

• Fix cleanup state error when deleting ssh-push minion (bsc#1070161)
• Added state templates for deploying/comparing config channels for Salt
• Fix failing certs state for Tumbleweed (bsc#970630)
• Fix deprecated SLS files to avoid deprecation warnings during highstate (bsc#1041993)
• Support xccdf 1.2 namespace in openscap result file (bsc#1059319)
• Ensure correct ordering of patches (bsc#1059801)
• Fix create empty top.sls with no-op (bsc#1053038)
• Enabling certificate deployment for Leap 42.3 clients which is needed for bootstrapping

susemanager-sync-data:

• Support Open Enterprise Server 2018 (bsc#1060182)
• Support SUSE Manager for Retail 3.1 (bsc#1052079)
• Fix description for HA channel (bsc#1063588)
• Add support for CAASP (bsc#1052283)
• Add IBM DLPAR channels to SLES for SAP SPx ppc64le (bsc#1068057)
• Remove Certification Module 12 from SP2 and SP3 (bsc#1066819)

virtual-host-gatherer:

• Skip safely VMs which have no config attribute on VMware (bsc#1066923)

Salt

salt:

• Removed deprecation warning for beacon configuration using dictionaries (bsc#1041993)
• Fixed beacons failure when pillar-based suppressing config-based. (bsc#1060230)
• Re-added previously removed unit-test for (bsc#1050003)
• Fixes for CVE-2017-14695 and CVE-2017-14696 (bsc#1062462)
• Add missing follow-up for CVE-2017-12791 (bsc#1053955)
• Fixed salt target-type field returns "String" for existing jids but an empty "Array" for non existing jids. (issue#1711)
• Fixed minion resource exhaustion when many functions are being executed in parallel (bsc#1059758)
• Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (bsc#985112)
• Fix for delete_deployment in Kubernetes module (bsc#1059291)
• Catching error when PIDfile cannot be deleted (bsc#1050003)
• Use $HOME to get the user home directory instead using '~' char (bsc#1042749)

Client tools

cobbler:

• Fix koan wait parameter initialization
• Fix setup.py to identify SUSE OS correctly (bsc#1046679)

osad:

• Fixed TypeError for force flag in setup_config that could happen when jabberd restart was needed. (bsc#1064393)

spacecmd:

• Fix bsc number for change 'configchannel export binary flag to json'
• Configchannel export binary flag to json (bsc#1044719)

spacewalk-backend:

• Fix issues with syncing deb repos (bsc#1050433)
• Honor MAX_LOG_AGE for (renamed) cobbler/tasks logs file in spacewalk-debug (bsc#1025201)
• Add hostname to duplicate machine_id email (bsc#1055292)
• Fix link to manual and the described procedure
• Don't crash when token is set to 'fake' (bsc#1060022)
• When searching for not installed products exclude release packages which are provided by others (bsc#1067509)
• Search for product packages when installed packages are available (bsc#1060182)
• RhnServerNetwork refactoring (bsc#1063419)
• Non admin or disabled user cannot make changes to a system anymore
• No need to be autonomous when inserting to rhnArchType,
• Add suseLib.accessible() doing a HEAD request to test
• Fix extract keyid from RPM header
• Call yum update_md with the option to get all updateinfos
• Backport upstrem fixes
• Fix checksum handling.
• Change suseServer ostarget to a foreign key to suseOSTarget(id) client registration.
• Reposync: find checksums for packages in channels with org_id null
• Skip patch instead of abort if no checksum for a package

spacewalk-oscap:

• Support xccdf 1.2 namespace in openscap result file (bsc#1059319)

supportutils-plugin-salt:

• Collect local grains on Salt systems.
• Added saltlogfiles to plugin list, so that salt logs are also included. (bsc#1063805)

zypp-plugin-spacewalk:

• Python3 compatibility
• Build python2/python3 subpackages
• Build as noarch for SLES12 and higher

Version 3.1.2

Client tools

spacecmd:

• Switched logging from warning to debug.

spacewalk-backend:

• Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126)
• Increase rpclib timeout to 10 minutes. (bsc#1026930)

supportutils-plugin-salt:

• Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694)

Salt

The following security issue has been fixed:

• CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID (bsc#1053955).

Additionally, the following non-security issues have been fixed:

• Added support for SUSE Manager scalability features. (bsc#1052264)
• Introduced the kubernetes module. (bsc#1051948)
• Notify systemd synchronously via NOTIFY_SOCKET. (bsc#1053376)

Server

salt-netapi-client:

• Xor gson type adapter is now generic in its left type.
• Fixed problems with payload encoding.
• Support for setting returned information for install an listPkg calls.
• Support for rand_thin_dir in salt ssh configuration.

smdba:

• Ensure cleanup of existing too low value for default_statistics_target. (bsc#1022286)

spacecmd:

• Switched logging from warning to debug.

spacewalk:

• Support PostgreSQL 9.6. (bsc#1045152)

spacewalk-backend:

• Fix SP migration for traditional clients which were registered by a currently disabled user. (bsc#1057126)
• Increase rpclib timeout to 10 minutes. (bsc#1026930)

spacewalk-branding:

• Fixes ise error with invalid custom key id. (bsc#1048294)
• Add message about channel changes on salt managed systems to UI and API documentation. (bsc#1048845)
• Visualization UI look & feel improvements.
• Add missing translations.
• Fix ace_editor textarea width.

spacewalk-config:

• Resolve comps.xml file for repositories. (bsc#1048528)

spacewalk-doc-indexes:

• Update index files.

spacewalk-java:

• Only unselect element if it is selectable. (bsc#1052373)
• Adapt Salt runner and wheel calls to the new error handling introduced in salt-netapi-client-0.12.0.
• Change log level and event history for duplicate machine id. (bsc#1041489)
• Trim spaces around the target expression in the Salt remote command page. (bsc#1056678)
• Check entitlement usage based on grains when onboarding a minion. (bsc#1043880)
• Fixes ise error with invalid custom key id. (bsc#1048294)
• Image runtime UI.
• Redesign VHM pages on ReactJS.
• Add VHM type Kubernetes.
• Kubernetes runner and image matching implementation.
• XMLRPC method for importing images.
• Extra return data fields for content management XMLRPC methods.
• Add back 'Add Selected to SSM' buttons to Group pages. (bsc#1047702)
• Fix a ConstraintViolationException when refreshing hardware with changed network interfaces or IP addresses.
• Add message about channel changes on salt managed systems to UI and API documentation. (bsc#1048845)
• Show Child Channels tab in SSM again if a salt minion is in the set.
• Improve performance of package installation and patch application.
• Visualization UI loo & feel improvements.
• Import image UI.
• Update images list and overview pages for external images.
• Add syntax highlighting for state catalog.
• Delete and create new ServerNetAddress if it already exists on HW refresh. (bsc#1054225)
• Check if base product exists to prevent NPE.
• Fix enter key submit on ListTag filter input. (bsc#1048762)
• Create VirtpollerData object with JSON content instead null. (bsc#1049170)
• Fix unsetting of image build host when a related action is deleted.
• Prevent malformed XML if arch is set to NULL. (bsc#1045575)
• Resolve comps.xml file for repositories. (bsc#1048528)
• Fix address review issues.
• Install update stack erratas as a package list. (bsc#1049139)
• Feat: Allow deletion for server subset. (bsc#1051452)

spacewalk-web:

• Image runtime UI.
• Redesign VHM pages on ReactJS.
• Dropdown button ReactJS component.
• Use ModalButton component in subscription matching pages.
• Visualization UI look & feel improvements.
• Show a list of channels when an activation key is selected in image import form.
• Improve error handling in image import UI.
• Import image UI.
• Update images list and overview pages for external images.
• Remove the unused code that caused problems on some browsers. (bsc#1050399)
• Use ace editor for custom states with yaml syntax highlighting.
• Fix enter key submit on ListTag filter input. (bsc#1048762)

supportutils-plugin-salt:

• Prevent supportconfig from getting stuck when minions are unreachable. (bsc#1048694)

susemanager:

• Fix migration from SUSE Manager versions > 2.1. (bsc#1055306)
• Do not use checkpoint_segments parameter during migrations.

susemanager-docs_en:

• General update for version 3.1.

susemanager-schema:

• DB objects for Kubernetes integration.
• Backend for importing images.
• Fix unsetting of image build host when a related action is deleted.

susemanager-sls:

• Kubernetes runner implementation.
• Addition of parameters to package manipulation states to improve SUSE Manager performance.

susemanager-sync-data:

• Add Proxy subchannels for SLES 12 SP3. (bsc#1053850)

virtual-host-gatherer:

• Parameters to configure Kuberntes module from kubeconfig.
• Implement kubernetes gatherer module.

python-websocket-client:

• New package for kubernetes integration

Version 3.1.1

jabberd:

• Securtity update to version 2.6.1
• Fixed offered SASL mechanism check (bsc#1047282, CVE-2017-10807)
• Gracefully drop unhandled HTTP connections
• wss:// (WebSocket over SSL) support in c2s
• Removed explicit SQLite transactions
• SQLite postconnect SQL support
• SQLite DB setup script improvements
• Reordered MIO backends priority
• Support for RSA/DH/ECDH key agreement

osad:

• Reduce maximal size of osad log before rotating
• Perform osad restart in posttrans (bsc#1039913)

salt-netapi-client:

• Update to version 0.12.0

smdba:

• Support postgresql96 (bsc#1045152)

spacecmd:

• Configchannel export binary flag to json (bsc#729910)

spacewalk-backend:

• Make master_label static to keep its value when retrying (bsc#1038321)
• Adapt for the new gpgcheck flag for the channels

spacewalk-branding:

• Fix overlapping of elem. (bsc#1031143)
• Fix overlapping text narrow window (bsc#1009118)
• Fix formulas action buttons position (bsc#1047513)
• Fix broken link (bsc#1033999)
• Alphabar: change title to 'Select first character' (bsc1042199)

spacewalk-certs-tools:

• Improve text for bootstrap (bsc#1032324)

spacewalk-java:

• Fix: don't add default channel if AK is not valid (bsc#1047656)
• Add 'Enable GPG check' function for channels
• No legend icon for Activity Ocurring. (bsc#1051719)
• Implement API call for bootstrapping systems
• Fix product ids reported for SUSE Manager Server to the subscription matcher
• Fix adding products when assigning channels (bsc#1049664)
• Set default memory size for SLES 12 installations to 1024MB (bsc#1047707)
• BugFix: enable remote-command for Salt clients in SSM (bsc#1050385)
• Add missing help icons/links (bsc#1049425)
• Fixed invalid help links (bsc#1049425)
• Fix: wrong openscap xid (bsc#1030898)
• Organization name allows XSS CVE-2017-7538 (bsc#1048968)
• Fixes overlapping text narrow window (bsc#1009118)
• Adapt to the salt-netapi-client update (v0.12.0)
• Fixes alignment on the orgdetails (bsc#1017513)
• Fix text for activation key buttons (bsc#1042975)
• Add a dynamic counter of the remaining textarea length
• Bugfix: set, check and cut textarea maxlength (bsc#1043430)
• MinionActionExecutor: raise skip timeout (bsc#1046865)
• Update channels.xml with OpenStack Cloud Continuous Delivery 6 (bsc#1039458)
• Do not create VirtualInstance duplicates for the same 'uuid'
• Add taskomatic task to cleanup duplicated uuids for same system id
• Handle possible wrong UUIDs on SLE11 minions (bsc#1046218)
• Removed duplicate overview menu item (bsc#1045981)
• Enable act-key name empty on creation (bsc#1032350)
• Fix NPE when there's not udev results (bsc#1042552)
• Alphabar: change title to 'Select first character' (bsc1042199)
• Duplicate Systems: correct language not to mention 'profiles' (bsc1035728)
• Fix list filters to work with URL special characters (bsc#1042846)
• Use getActive() instead of isActive() for JavaBeans compliance (bsc#1043143)
• Fix: hide non-org event details (bsc#1039579)

spacewalk-search:

• Remove executable bit from service files (bsc#1051518)

spacewalk-utils:

• Don't show password on input in spacewalk-manage-channel-lifecycle (bsc#1043795)

spacewalk-web:

• Fix overlapping of elem. (bsc#1031143)
• Fix formulas action buttons position (bsc#1047513)
• Do not show old messages (bsc#1043831)
• Add a dynamic counter of the remaining textarea length
• Confirm if navigating away while bootstrapping

susemanager:

• Assert correct java version (bsc#1049575)
• Create bootstrap repo for SLES for SAP 11 SP1 (bsc#1049471)
• Adjust the bootstrap repo with SLE 12 SP3 repos

susemanager-docs_en:

• Icinga services example is confusing (bsc#1019759)
• Section ref Configuration Management is unclear (bsc#1047352)
• "host_name" is missing in service definition example for Icinga (bsc#1049162)
• Documentation on moving database incorrect (bsc#1031602)
• Missing page in Advanced Topics guide: Autoinstallation (bsc#1047680)
• API documentation" is not available online (bsc#1047641)
• Reference Guide Documentation issues in GMC2 (bsc#1045266 )
• Update online documentation components (bsc# 1046314)
• New: Update online documentation (bsc#1046176)

susemanager-schema:

• Adapt for the new gpgcheck flag for the channels

susemanager-sync-data:

• Support SUSE Enterprise Storage 5 and SUSE LINUX Enterprise Server 12 - SP3 for SAP Applications on ppc64le (bsc#1028098)
• Update channels.xml with OpenStack Cloud Continuous Delivery 6 (bsc#1039458)
• Add the SLE 12 SP3-related products (bsc#1037609)

Major changes since SUSE Manager 3.0 Server

Upgrade of base system to SLES 12 SP2

SUSE Manager 3.1 is based on SLES 12 SP2 as its base operating system.

SUSE Manager Proxy versions

SUSE Manager 3.1 Server can work with version 3.0 of SUSE Manager Proxy.

When upgrading, upgrade the server first, followed by proxies. See the advanced topics manual for detailed upgrade instructions.

Spacewalk 2.6

SUSE Manager 3.1 Server is based on Spacewalk 2.6 with many new features added by SUSE.

Managing Container Images

You can now enable Salt minions to act as container build hosts.

Manage and audit your container images by creating image stores, define image profiles and build images.

For more information see 'Building Containers' in the reference manual.

UI and Usability

Reduced vertical waste

The page header has been improved to dramatically reduce the space wasted, giving more visibility to the actual page content.

New navigation structure

The horizontal navigation items have been moved from the page header to the left navigation plane. See 'Navigation' in the reference manual.

Action buttons visibility

Action buttons, historically placed at the end of lists, have been moved to the top and will stay visible even if the list is scrolled down.

Top of page button

A shortcut to scroll up to the top of the page has been added to the lower right corner of the UI.

Visualization

You can now visualize your systems infrastructure. This feature allows you to search, filter and partition systems by name, base channel, check-in date, etc.

The initial release focusses on data from the SUSE Manager database.

Future improvements will enrich this with data from external systems, like monitoring systems or virtualization hosts.

Scalability

SUSE Manager 3.1 Server provides many scalability enhancements over SUSE Manager 3.0 Server. Some operations have seen a ten-fold speed improvement over previous releases.

We will continue to invest into this area in further maintenance updates.

Automatic product installation

If a newly added child channel provides a SUSE product (like a SLES module or extension), this product is automatically installed.

Salt

Salt update to 2016.11.4

Salt has been upgraded to the 2016.11.4 release. This represents the 'latest & greatest' release from upstream at time of 'code freeze' for SUSE Manager 3.1.

We do intend to upgrade Salt regularly to more recent versions.

Minions in the system set manager

The system set manager (SSM) now supports minions. You can as well add or remove a minion from the current set.

The System Set Manager Overview page has an 'Apply Highstate' button now.

Bootstrap defaults to SALT now

The 'bootstrap' script by default installs a Salt minion now.

The --salt option is deprecated.

Use --traditional to install a traditional (non-Salt) client.

OpenSCAP for minions

You can now work with OpenSCAP and Salt minions. To begin using OpenSCAP with Salt minions you can follow the traditional setup guide

This feature does not yet work for minions attached via salt-ssh.

Change of jabberd database

jabberd now uses sqlite in place of the berkeley db database to improve stability and performance. sqlite is the preferred database option for jabberd.

Fresh installations of SUSE Manager 3.1 Server will use sqlite by default.

Existing installation need to manually switch to this database as follows

      # systemctl stop jabberd
      # spacewalk-setup-jabberd
      # systemctl start jabberd

jabberd removal and recreation

Notice that the sqlite variant of the jabberd database does not get re-created automatically.

The workaround for corruptions of the old database - regular removal - does not apply anymore.

In case you erroneously deleted the sqlite database, jabberd will not be able to re-create it.

You need to run /usr/share/spacewalk/setup/jabberd/create_sqlite3_database to create the database schema and restart jabberd.

Formulas with Forms

Salt formulas can be integrated with the Manager UI. A sample Formula with Form to configure locale-related settings (timezone/locale/keyboard) is included.

Upstream changes since SUSE Manager 3.0

Note: Changes from the upstream project are listed here as-is. There's no guarantee that all of them are actually available in SUSE Manager 3.1 Server.

Spacewalk 2.6

• Spacewalk now supported on Fedora 24
• Spacewalk supports Fedora 24 clients
• spacewalk-repo-sync improvements:
  • now it can sync channels with several repositories
  • it can update Kickstart Tree in a repository
  • add possibility to sync Debian/Ubuntu apt repositories
• improved Python 2/3 compatibility for all tools
• New API calls:
  • system.listSuggestedReboot
  • actionchain.addErrataUpdate

Spacewalk 2.5

• Spacewalk now supported on Fedora 23
• Spacewalk supports Fedora 23 clients
• System entitlements and Software Channels entitlements were removed
• Improved first organization creation
• OSAD now works in failover mode via proxy
• Plenty of small enhancements and fixes
  • 'Select All' button now correctly selects only filtered systems/packages/errata etc.
  • RDO Openstack guests are now correctly recognized as virtual guests
  • And many, many more ...
• New API calls:
  • packages.listSourcePackages
  • packages.removeSourcePackage
  • system.scheduleLabelScriptRun
  • system.schedulePackageInstallByNevra
  • system.schedulePackageRemoveByNevra

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from the SUSE Manager Server or clients.

The standard disclaimer applies:

  Detailed system information and logs are collected and organized in a
  manner that helps reduce service request resolution times.
  Private system information can be disclosed when using this tool.
  
  If this is a concern, please prune private data from the log files.
  
  Several startup options are available to exclude more sensitive
  information. Supportconfig data is used only for diagnostic purposes
  and is considered confidential information.

In the SUSE Manager Server's case, please be aware that supportconfig's output will contain information about clients as well.

In particular, debug data for the Subscription Matching feature contain a list of the registered clients, their installed product and some minimal hardware information (CPU socket count). It also contains a copy of subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.

Red Hat Channels

Managing Red Hat clients requires availability of appropriate Red Hat packages. These are not available through the SUSE Customer Center (SCC) but must be provided by other means, e.g. from a retired Red Hat Satellite installation.

Support for EOL'ed products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. See the Product Support Lifecycle page.

This support is limited to scenarios to bring production systems to a supported state. Either by migrating to a supported service pack or by upgrading to a supported product version.

Support for SLES 10 based systems

The SUSE Manager client stack for SLES10 based systems is identical to the one used on SLES11 based systems. SLES 10 systems managed by SUSE Manager will have the ZENworks Managemen Daemon (ZMD) and the rug command line tool removed.

Salt is not available for SLES 10.

Note that SLES 10 has already reached its end-of-life date and engineering only provides 'best effort' support.

spacewalk-utils

spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.

* L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)

The following tools of spacewalk-utils are fully supported:

• spacewalk-clone-by-date
• spacewalk-sync-setup
• spacewalk-manage-channel-lifecycle

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information

Technical Information: SUSE Manager contains additional or updated documentation for SUSE Manager Server 3.1.

These Release Notes are available online. Further information about SUSE Manager is available in the Wiki

Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

  SUSE Linux GmbH 
  Maxfeldstr. 5 
  D-90409 Nürnberg 
  Tel: +49 (0)911 740 53 - 0 
  Email: feedback@suse.com 
  Registrierung/Registration Number: HRB 21284 AG Nürnberg 
  Geschäftsführer/Managing Director: Jeff Hawn, Jennifer Guild, Felix Imendörffer 
  Steuernummer/Sales Tax ID: DE 192 167 791 
  Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the Microfocus Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2017 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list. All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.