This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

Also, for up to three years from SUSE’s distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

  • August 2018: 3.2.1 release

  • June 25th, 2018: 3.2.0 release

About SUSE Manager

SUSE Manager is a best-in-class open source infrastructure management solution for your software-defined infrastructure. Designed to help your enterprise DevOps and IT Operations teams to reduce complexity and regain control of IT and IoT assets, increase efficiency while meeting security policies and optimize operations with automation to reduce costs.

SUSE Manager helps your enterprise DevOps and IT operations teams to:

Optimize operations while reducing costs with automated Linux server and IoT device provisioning, patching and configuration for faster, consistent and repeatable server deployments.

  • Easily manage and optimize usage of your SUSE subscriptions helping you to ensure you aren’t buying subscriptions you don’t need

  • Improve onboarding efficiency of new HW with automated discovery (via PXE boot)

  • Optimize operations by enabling IT to quickly build container images based on their SUSE Manager repositories

  • Increase operational efficiency and support CI/CD, with a single tool (using Salt) for automated deployment of hardened OS templates (bare metal, VMs or containers) to tens of thousands of servers and IoT devices for faster, consistent & repeatable provisioning and configuration without compromising speed or security

  • Reduce costs with automated patch management enabling you to deploy patches based on software channel assigned to ensure systems are kept up to date

Reduce complexity and regain control of IT assets with a single tool to manage Linux systems across a variety of hardware architectures, hypervisors as well as container, IoT and cloud platforms

  • Reduce complexity with a single tool that lets you easily onboard and manage any Linux server connected to the network, from edge devices to your Kubernetes environment, no matter where it is located – in your data center, a 3rd party data center or in the cloud

  • Improve visibility of your infrastructure – with improved graphical visualization of your IT systems status and their relationships. Once an asset has been on-boarded, you’ll never “lose” it. So, if it goes offline or stops responding you will know. Quickly view your Linux assets and identify assets that need attention.

  • Simplify management and regain control of your IT assets with graphical visualization of your IT systems and their relationships as well as the capability to organize Linux servers into logical groupings – group them, tag them with additional details (location in the DC, Rack, etc)

    • Locate and store HW specifics for the servers and IoT devices enabling grouping/tagging by HW characteristics (vendor tags, CPU architecture, RAM)

Ensure compliance with internal security policies and external regulations with automated monitoring, tracking, auditing and reporting of your systems/devices, VMs and containers across your development, test and production environments.

  • Comprehensive monitoring solution, that enables operations to monitor your Linux environments from the HW through the OS layer up to their applications

  • Detailed compliance auditing and reporting with the ability to track all HW and SW changes made to your managed Linux infrastructure

  • Easily track system compliance with automated patch management ensures daily notifications of systems not compliant with the current patch level

  • Faster non-compliant remediation with the ability to quickly identify systems deployed in hybrid cloud and container infrastructures that are out of compliance to hardened profiles/templates based on your own internal security policies

About SUSE Manager 3.2

SUSE Manager 3.2, the latest release of SUSE’s best-in-class open source infrastructure management software, comes with new enhancements focused on lowering costs, improving DevOps efficiency and easily managing large complex deployments across IoT, cloud and container infrastructures. As a key component of a software-defined infrastructure, SUSE Manager 3.2 provides three key benefits:

  • Lower costs and simplify deployment while easily scaling larger environments for Public Cloud infrastructures and Kubernetes deployments.

  • Improve DevOps efficiency and meet compliance requirements with a single tool to manage and maintain everything from your IoT edge devices to your containerized workloads.

  • Easily manage large complex deployments with new extended forms-based UI capabilities

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Installation

Requirements

SUSE Manager 3.2 Server is an extension for SLES 12 SP3 for x86-64, Power Systems (ppc64le), or z Systems (s390x).

This means that installation is done in two steps

  • base operating system (SLES 12 SP3)

  • SUSE Manager 3.2 Server extension

This addresses the need of enterprise deployments to standardize on the base operating system as well as specific storage setups.

It is strongly recommended to use SUSE Manager with the embedded database. PostgreSQL is only supported as a local (embedded) database.

Registration code

The SUSE Manager 3.2 Server registration code, matching your hardware architecture, can be used to register the SLES 12 SP3 base system as well.

Installing the SUSE Manager 3.2 Server extension on SLES 12 SP3

You’ll need a physical or virtual SLES 12 SP3 x86_64, ppc64le, or s390x system to install SUSE Manager 3.2 Server.

When you install and register SLES 12 SP3, SUSE Manager 3.2 Server will show up in the list of available extensions.

You’ll need a valid SUSE Manager 3.2 Server registration code to access this extension.

Update from previous versions of SUSE Manager Server

You can update from SUSE Manager 3.1 Server to SUSE Manager 3.2 Server.

Updates from older versions than 3.1 are not supported.

SUSE Manager 3.1 Server must be on the latest patch level (3.1.6 as of this writing), based on SLES 12 SP3, and have PostgreSQL 9.6 running.

If your SUSE Manager 3.1 Server lacks any of these requisites, please refer to the SUSE Manager 3.1 Server release notes and documentation for further advise.

See the best practices manual for detailed instructions on how to upgrade.

All connected clients will continue to run and are manageable unchanged.

Migrating from RHN Satellite

Is conditionally supported with SUSE Manager 3.2 Server.

If you have the need to migrate from RHN Satellite to SUSE Manager 3.2 Server, please get in contact with a SUSE sales engineer or a SUSE consultant before starting the migration.

Major changes since SUSE Manager Server 3.2 GA

Features and changes

Version 3.2.1

Repository metadata signing

It is now possible to optionally sign repository metadata in SUSE Manager.

While not strictly needed (packages are signed and all traffic is secure), it adds another layer of trust to the package distribution.

Please see 'Signing Repository Metadata' in the securiy chapter of the advanced topics guide for full details.

Test mode for highstate UI

In the Highstate UI we have added a toggle-button next to the "Apply Highstate" button to enable Salt test mode.

If enabled, salt apply.highstate is executed with test=True.

It cannot be guaranteed that this does not change anything due to bugs in Salt modules. That’s why it’s not called "dry-run".

In case you encounter a badly written Salt module not fully honoring test mode, please open a support request.

Ordered and formated output of state apply results

The event history of a state apply is now similar to the output salt produces on the command line.

The result is ordered in the execution order and failed states are marked red.

In test mode, red marked states are states which would change something.

Ignore inactive containers in Kubernetes clusters

Non-running containers are now ignored when querying a kubernetes cluster.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 3.2.1

cobbler

  • Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (bsc#1097733)

nutch-core
py26-compat-salt

  • Handle packages with multiple version properly with zypper (bsc#1096514)

  • Fix file.get_diff regression in 2018.3 (bsc#1098394)

  • Fix file.managed binary file utf8 error (bsc#1098394)

  • Add custom SUSE capabilities as Grains (bsc#1089526)

  • Bugfix: state file.line warning (bsc#1093458)

  • Enable '--with-salt-version' parameter for setup.py script

  • Add environment variable to know if yum is invoked from Salt (bsc#1057635)

spacewalk-backend

  • Fix directory permissions (bsc#1101152)

  • Feature: implement optional signing repository metadata

  • Fix truncated result message of server actions (bsc#1039043)

  • Do not copy 'foreign_entitlement' from virtual host to the registered guest (bsc#1093381)

spacewalk-branding

  • Disable child channel selection only if channel is actually assigned (bsc#1097697)

spacewalk-config

  • Remove not needed build dependency to cobbler (bsc#1102137)

spacewalk-java

  • Fix: errata id should be unique (bsc#1089662)

  • Fix race condition when applying patches to systems (bsc#1097250)

  • Improve cve-server-channels Taskomatic task’s performance (bsc#1094524)

  • Fix union and intersection button in grouplist (bsc#1100570)

  • Fix checking for salt pkg upgrade when generating action chain sls

  • Add queue=true to state.apply calls generated in action chain sls files

  • Feature: show ordered and formated output of state apply results

  • Fix defining a schedule for repo-sync (bsc#1100793)

  • Drop removed network interfaces on hardware profile update (bsc#1099781)

  • Feature: implement test-mode for highstate UI

  • Feature: implement optional signing repository metadata

  • Valid optional channel must be added before reposync starts (bsc#1099583)

  • Fix tabs and links in the SSM "Misc" section (bsc#1098388)

  • Handle binary files appropriately (bsc#1096264)

  • XML-RPC API call system.scheduleChangeChannels() fails when no children are given (bsc#1098815)

  • Ignore inactive containers in Kubernetes clusters

  • Explicitly require IBM java for SLES < SLE15 (bsc#1099454)

  • Do not break backward compatibility on package installation/removal (bsc#1096514)

  • Fix minion software profile to allow multiple installed versions for the same package name (bsc#1089526)

  • Fix NPE in image pages when showing containers with non-SUSE distros (bsc#1097676)

  • Do not log when received 'docker://' prefix from Kubernetes clusters

  • Fix cleaning up tasks when starting up taskomatic (bsc#1095210)

  • Mark all proceeding actions in action-chain failed after an action failed(bsc#1096510)

  • Check if directory /srv/susemanager/salt/actionchains exists before deleting minion action chain files

  • Specify old udev name as alternative when parsing hw results

  • Fix detection of a xen virtualization host (bsc#1096056)

  • Fix hardware refresh with multiple IPs on a network interface (bsc#1041134)

  • Fix truncated result message of server actions (bsc#1039043)

  • Fix: limit naming of action chain (bsc#1086335)

  • Add missing result fields for errata query (bsc#1097615)

  • Add new 'upgrade_satellite_refresh_custom_sls_files' task to refresh custom SLS files generated for minions (bsc#1094543)

  • Improve gatherer-matcher Taskomatic task’s performance (bsc#1094524)

  • Show chain of proxies correctly (bsc#1084128)

spacewalk-search

  • Fix the search when server is missing primary interface (bsc#1099638)

spacewalk-setup

  • Sudoers file is now in /etc/sudoers.d/spacewalk (bsc#1099517)

spacewalk-web

  • Refactor buttons.js

  • Feature: implement test-mode for highstate UI

  • Disable child channel selection only if channel is actually assigned(bsc#1097697)

  • Fix typo in 'Installed Products' label in image overview page

  • Fix css issues on minion-state pages (bsc#1083295)

  • Show feedback on button clicked (bsc#1085464)

  • Show chain of proxies correctly (bsc#1084128)

  • Improve the gulpfile watch mode performance (bsc#1096747)

susemanager

  • Fix mgr-create-bootstrap-repo with custom channels (bsc#1099934)

  • Add package python-pyudev for bootstrapping (bsc#1099311)

  • Feat: allow cleanup of bootstrap repo (bsc#1096204)

susemanager-frontend-libs

  • Update susemanager-nodejs-sdk-devel to 1.0.2 (bsc#1096747)

susemanager-schema

  • Copy missing action-chain schema migration to correct directory (bsc#1100760)

  • Fix truncated result message of server actions (bsc#1039043)

  • Fix config channels state revision inconsistency after migration (bsc#1094543)

susemanager-sls

  • Use custom Salt capabilities to prevent breaking backward compatibility (bsc#1096514)

  • Update profileupdate.sls to report all versions installed (bsc#1089526)

  • Do not install 'python-salt' on container build hosts with older Salt versions (bsc#1097699)

Major changes since SUSE Manager 3.1 Server

Salt 2018.3.0

Salt has been upgraded to the final 2018.3.0 release.

We do intend to upgrade Salt regularly to more recent versions.

For changes in your manually created Salt states, please see the Salt 2017.7 and 2018.3 upstream release notes.

Salt action chains

Action chains are enabled for Salt minions now. It works like action chains for traditional clients, see the documentation for details.

SLE 15

The SLE 15 product family is fully supported as a client operating system.

Due to its new module concept, the product selection page in SUSE Manager was redesigned. Please see the documentation about choosing SLE 15 modules.

SLES 15 and Python 3

SLES 15 utilizes Python 3 as its default system version. Due to this change any older bootstrap scripts (based on python 2) must be regenerated for SLES 15 systems.

Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.

Formulas with Forms improvements

  • Formula data can now be managed with XMLRPC API.

  • New types so almost any kind of upstream formula can be handled by SUSE Manager.

SUSE Manager Proxy versions

SUSE Manager 3.2 Server can work with version 3.1 of SUSE Manager Proxy.

When upgrading, upgrade the server first, followed by proxies. See the advanced topics manual for detailed upgrade instructions.

Upstream changes since SUSE Manager 3.1

Note: Changes from the upstream project are listed here as-is. There’s no guarantee that all of them are actually available in SUSE Manager 3.2 Server.

Spacewalk 2.8

SUSE Manager 3.2 Server is based on Spacewalk 2.8 with many new features added by SUSE.

  • Spacewalk now installable on Fedora 27 and has been tested on Fedora 28 Beta as well

  • Spacewalk supports Fedora 27 and Fedora 28 clients

  • Python 2 packages are no longer needed on systems with Python 3 as default

  • Spacewalk server is now capable of syncing and distributing of Fedora modularity (modules.yaml) files.

  • PostgreSQL 10 is now supported

  • Package dwr updated to version 3.0.2 fixing security vulnerabilities

  • It’s now possible to manage errata severities via Spacewalk server Several bugfixes

  • Updated API calls:

    • errata.create/setDetails - add possibility to manage severities

    • system.schedulePackageRemoveByNevra - support removal of packages which are not in database

Spacewalk 2.7

  • Spacewalk now supported on Fedora 25 and Fedora 26

  • Spacewalk supports Fedora 25 and Fedora 26 clients

  • Improved Debian/Ubuntu version parsing and matching

  • Spacewalk wiki now hosted on GitHub

  • Significant improvements to channel synchronization speed

  • New utility to monitor what taskomatic daemon is doing - taskotop is part of spacewalk-utils package

  • jabberd, which support OSAD, now uses sqlite database for improved reliability

  • jpackage libraries/packages replaced with standard ones

  • Improved kickstart profile support

  • New API calls:

    • channel.listManageableChannels

    • schedule.failSystemAction

  • API calls restored for backward compatibility:

    • proxy.createMonitoringScout

    • satellite.isMonitoringEnabled

    • satellite.isMonitoringEnabledBySystemId

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from the SUSE Manager Server or clients.

The standard disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

In the SUSE Manager Server’s case, please be aware that supportconfig’s output will contain information about clients as well.

In particular, debug data for the Subscription Matching feature contain a list of the registered clients, their installed product and some minimal hardware information (CPU socket count). It also contains a copy of subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.

Red Hat Channels

Managing Red Hat clients requires availability of appropriate Red Hat packages. These are not available through the SUSE Customer Center (SCC) but must be provided by other means, e.g. from a retired Red Hat Satellite installation.

Support for EOL’ed products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. See the Product Support Lifecycle page.

This support is limited to scenarios to bring production systems to a supported state. Either by migrating to a supported service pack or by upgrading to a supported product version.

spacewalk-utils

spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.

  • L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)

The following tools of spacewalk-utils are fully supported:

  • spacewalk-clone-by-date

  • spacewalk-sync-setup

  • spacewalk-manage-channel-lifecycle

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information

Technical Information: SUSE Manager contains additional or updated documentation for SUSE Manager Server 3.2.

These Release Notes are available online. Further information about SUSE Manager is available [in the Wiki http://wiki.microfocus.com/index.php/SUSE_Manager]

Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Linux GmbH
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Jane Smithard, Graham Norton,
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the Microfocus Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2018 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.microfocus.com/about/legal and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list. All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.