Release notes for SUSE Manager Server 2.1
Version 2.1.0
Tuesday February 24, 2015
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html.
Also, for up to three years from SUSE's distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com or as otherwise instructed at http://www.suse.com/download-linux/source-code.html.
SUSE may charge a fee to recover its reasonable costs of distribution.
Version Revision History
- June 02, 2014: Initial release
- June 17, 2014: Changes for first maintenance update
- Oct 14, 2014:
- Tools channel rename
- Internet Explorer 8 is not supported
- Cheetah template escaping removed
- SCC integration
- Nov 11, 2014
- Jan 8, 2015
- Inter-Server-Sync changes
- Complete list of released patches with details
- Add links to bnc, bsc, and CVE references
- Feb 24, 2015
- Expanded support for RHEL7
- Service pack migration via API
spacecmd made available to clients
- Patch filtering in system set manager
spacewalk-debug reduced output
- Service pack migration with Inter-Server-Sync
= About SUSE Manager =
You have more than just a few Linux servers to manage, maybe even a mixed environment of RHEL and SLES?
Then SUSE Manager is the answer.
SUSE Manager gives you best of breed Linux lifecycle management based on the most mature codebase for any Linux management tool, with both RHEL and SLES support from one unified console, maintained and improved by the guys who wrote the fastest and most advanced Linux update stack on the planet.
SUSE Manager gives you the lowest possible Total Cost of Ownership for your Linux environment, from bare metal provisioning to daily patch management.
SUSE Manager is an open source (GPLv2) Linux systems management solution that allows you to:
- Inventory your systems (hardware and software information)
- Install and update software on your systems
- Collect and distribute your custom software packages into manageable groups
- Provision (AutoYaST / Kickstart) your systems
- Manage and deploy configuration files to your systems
- Monitor your systems
- Provision and start/stop/configure virtual guests
- Distribute content across multiple geographical sites in an efficient manner
- Track compliance of managed systems with OpenSCAP
Stay up-to-date
You can stay up-to-date regarding information about SUSE Manager and SUSE products:
Major changes since SUSE Manager Server 2.1 GA
Features
Expanded support for RHEL7
SUSE Linux Enterprise Server with Expanded Support for RHEL7 is now
available in SUSE Manager
Service pack migration via API
Two new API calls now allow to schedule service pack migrations or
distribution upgrades via the SUSE Manager API.
system.scheduleSPMigration
system.scheduleDistUpgrade
Navigate to Help -> API -> system -> scheduleSPMigration
(resp. Help -> API -> system -> scheduleDistUpgrade)
for details about these calls.
spacecmd made available to clients
The spacecmd package is now available to managed clients (except for
Expanded support for RHEL 5) via the SUSE Manager Tools channel.
Patch filtering in system set manager
When applying patches to an individual system there is a drop down box
to show all Security (or Bug Fixes, or Enhancement) patches. This drop
down box is now also available for systems in the system set manager.
spacewalk-debug reduced output
spacewalk-debug removes old backup files now before creating the
output tar file. This significantly reduces the size of the output file.
Service pack migration with Inter-Server-Sync
Service pack migration for clients attached to Inter-Server-Sync (ISS)
slaves is only possible if all parent channels are synced.
The ISS slave needs this information to verify the correctness of base
and child channels.
An alternative is to use the `system.scheduleSPMigration`` which does
not run these checks.
Support of Inter-Server-Sync with SUSE Customer Center
The switch from Novell Customer Center (NCC) to SUSE Customer Center
(SCC) as described below, also effects Inter-Server-Sync (ISS) slaves as follows:
- ISS slaves do not need mirror credentials any more
- The ISS master must be switched to SCC first, then the ISS slaves
can follow.
- ISS slaves need to run
mgr-sync enable-scc
after the master has been switched
SUSE Customer Center integration
With the release of SUSE Linux Enterprise (SLE) 12, a new
online service is available to manage subscriptions, channels, and
access to patches.
This is called SUSE Customer Center - SCC
In order to manage SUSE Linux Enterprise Server (SLES) 12 or Desktop
(SLED) 12 systems with SUSE Manager, you need to connect SUSE Manager
to the SUSE Customer Center.
If you haven't deployed SLE 12, there is no need to connect to SCC.
You will still be reminded in the setup wizard to switch
to the SUSE Customer Center. The migration process can be started from
the Web UI and will take a couple of minutes.
Please follow these detailed instructions
to connect SUSE Manager Server to the SUSE Customer Center.
Be patient, synching the complete data set from SUSE Customer Center
can take up to several minutes. This will be improved in later releases.
Changed setup workflow
The initial, text-based setup workflow has been adapted to connect to
SCC instead of NCC for the product and subscription data.
New mgr-sync tool
After SUSE Manager Server has been migrated to the SUSE Customer
Center, a new tool to manage the data synchronization between both
systems will be available.
mgr-sync is a full replacement of mgr-ncc-sync
mgr-sync has a simpler syntax and is easier to use. Run mgr-sync -h for help.
Support for SUSE Linux Enterprise Server and Desktop 12
A SUSE Manager Server connected to the SUSE Customer Center is able to
deploy and manage SUSE Linux Enterprise Server and Desktop 12 systems.
Management of PowerPC (ppc64le) systems running SUSE Linux Enterprise
Server 12 hasn't seen much testing yet and might be a bit unstable.
Notes
- Manager Tools channel rename for SLES 11 SP3
The SUSE Manager Tools channel for SLE 11 SP3 was named 'sles11-sp2-suse-manager-tools-<arch>-sp3' in SUSE Manager 1.7
and renamed to 'sles11-sp3-suse-manager-tools-<arch>' for SUSE Manager 2.1
- Internet Explorer 8 is not supported
Using SUSE Manager with Internet Explorer 8 is not supported, please
upgrade to Internet Explorer 9 or later.
- No automatic escaping in Cobbler templates
Patches
The SUSE Patch Finder is a
simple online service to view released patches.
Patch 10309: SUSE Manager Server 2.1
- This collective update for SUSE Manager Server 2.1 provides the following new features
-
- ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. (FATE#317789)
- New API calls: system.scheduleSPMigration(), system.scheduleDistUpgrade(). (FATE#314785, FATE#314340)
- Additionally, several issues have been fixed
-
- cobbler
-
- Fix re-installation on SLE with static network configuration. (bsc#883487)
- Add RHEL 7 as a valid operating system version.
- smdba
-
- Archival of PosgreSQL transaction log does not recover in case of no space left on device. (bsc#915140)
- sm-ncc-sync-data
-
- spacewalk-backend
-
- Convert mtime to localtime to prevent invalid times because of DST. (bsc#914437)
- Do not exit with error if a vendor channel has no URL associated. (bsc#914260)
- Copy all SUSE Manager logfiles into spacewalk-debug.
- Exclude old backup-logs from spacewalk-debug to reduce size.
- Fix ISS export with unset patch severity.
- Convert empty string to null for DMI values. (bsc#911272)
- Fixed double-counting of systems subscribed to more than one channel.
- spacewalk-certs-tools
-
- Do not allow registering a SUSE Manager server against itself. (bsc#841731)
- spacewalk-java
-
- Fix auditlog config yaml syntax. (bsc#913221)
- Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939)
- Fixed uncaught error which prevent correct error handling. (bsc#858971)
- Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
- Fix more cross-site-scripting (XSS) issues. (CVE-2014-7811, bsc#902915)
- Fix basic authentication for HTTP proxies. (bsc#912057)
- Accept repos with same SCC ID and different URLs. (bsc#911808)
- Avoid mgr-sync-refresh failure because clear_log_id was not called. (bsc#911166)
- Fix cross-site-scripting (XSS) issue in system-group (CVE-2014-7812, bsc#912886)
- Fix "Select All" buttons display on rhn:list and make it consistent with new rl:list. (bsc#909724)
- Fix List tag missing submit parameter for "Select All" and others. (bnc#909724)
- Sort filelist in configfile.compare event history alphabetically. (bsc#910243)
- Allow parenthesis in system group description. (bsc#903064)
- Provide new API documentation in PDF format. (bsc#896029)
- Update the example scripts section. (bsc#896029)
- Fixed wording issues on package lock page. (bsc#880022)
- Make text more clear for package profile sync. (bsc#884350)
- spacewalk-web
-
- Show Proxy tab if system is a proxy even when assigned to cloned channels. (bsc#913939)
- supportutils-plugin-susemanager
-
- Write current service and repository configuration into supportconfig.
- susemanager-jsp_en, susemanager-manuals_en
-
- Update text and image files (bsc#910494).
- Firewall rules are incomplete - ssh-push and ssh-push-tunnel settings missing. (bsc#904703).
- Document SP migration and ISS. (bsc#913215, partially).
- Fix "beta packages" mentioned in documentation. (bsc#886421).
- User guide: Snapshots: clarify snaphot usage. (bsc#906851).
- Document maximal supported configuration file limit. (bsc#910482).
- susemanager-schema
-
- Fix NPE by setting max_members to 0 instead of NULL. (bsc#912035)
- Fix old migration for future reference. (bsc#911180)
- Avoid NPE when migrating to SCC on Oracle migrated from 1.7. (bsc#911180)
- Fixed double-counting systems subscribed to more than one channel.
- susemanager
-
- Ask for the authentication beforehand. (bsc#908317)
- Bring back the ability to save credentials to the configuration file.
- Bring back token verification availability.
- Never ask for user credentials when scheduling a refresh.
- susemanager-sync-data
-
- tanukiwrapper
-
Patch 10252: spacecmd
- This update for spacecmd includes the following fixes
-
- Fix configchannel export: do not create 'contents' key for directories. (bsc#908849)
- Added feature to get installed packageversion of a system or systems managed by ssm to spacecmd.
- Fix patch summary printing.
Patch 10076: libyaml-0-2
- This libyaml update fixes the following security issue
-
- Security Issues
-
Patch 10083: SUSE Manager 2.1
- This collective update for SUSE Manager Server 2.1 provides the following new features
-
- Connect SUSE Manager to the SUSE Customer Center.
- Manage SLE12 systems.
- Additionally, several issues have been fixed
-
- auditlog-keeper
-
- cobbler
-
- osad
-
- Removed PyXML dependency for RHEL systems.
- Fix osad through unauthenticated proxy case.
- pxe-default-image
-
- Wait for gateway to become available before register. (bsc#895001)
- smdba
-
- Space reclamation caused ORA-00942: table or view does not exist. (bsc#906850)
- Optimized space reclamation for Oracle.
- sm-ncc-sync-data
-
- Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
- spacecmd
-
- Call listAutoinstallableChannels() for listing distributions. (bsc#887879)
- Fix spacecmd schedule listing. (bsc#902494)
- Teach spacecmd report_errata to process all-errata in the absence of further args
- Fix call of setCustomOptions() during kickstart_importjson. (bsc#879904)
- spacewalk-backend
-
- Insert update tag at the correct place for SLE12. (bsc#907677)
- Different registration paths should lock tables in the same order.
- Use configuration file variable instead of hardcoded path part in spacewalk-data-fsck.
- Drop unused column product_list in suseProducts table.
- Trigger generation of metadata if the repo contains no packages. (bsc#870159)
- spacewalk-branding
-
- Fix link to macro documentation. (bsc#895961)
- Add User Guide to online help pages.
- Require online manual packages.
- Fix branding in error message. (bsc#902503)
- Change texts to print Inter-Server Synchronization additionally to ISS only.
- Disable credentials and products dialog on ISS slave.
- Improve the layout in case the exception message is large.
- SCC notification: change the link to the verb 'Migrate'.
- Make the SCC migration/refresh dialog show steps.
- Use the NCC/SCC acronyms together with the full name.
- Show alert message about disabling cron jobs.
- spacewalk-certs-tools
-
- Modify output in case a file is not found.
- Remove duplicates from authorized_keys2 as well. (bsc#885889)
- spacewalk-java
-
- Throw channel name exception if name is already used. (bnc#901675)
- Don't commit when XMLRPCExceptions are thrown. (bsc#908320)
- Remove "Select All" button from system currency report. (bsc#653265)
- Fix documentation search. (bsc#875452)
- Add API listAutoinstallableChannels(). (bsc#887879)
- Avoid ArrayIndexOutOfBoundsException with invalid URLs. (bsc#892711)
- Avoid NumberFormatException in case of invalid URL. (bsc#892711)
- Lookup kickstart tree only when org is found. (bsc#892711)
- Fix NPE on GET /rhn/common/DownloadFile.do. (bsc#892711)
- Port of the advanced provisioning option page to bootstrap. (bnc#862408)
- New installations should use SCC as default customer center.
- mgr-sync refresh sets wrong permissions on JSON files. (bnc#907337)
- Fix link to macro documentation. (bsc#895961)
- Forward to "raw mode" page in case this is an uploaded profile. (bsc#904841)
- Enlarge big text area to use more available screen space. (bnc#867836)
- Add User Guide to online help pages.
- Fix links to monitoring documentation. (bsc#906887)
- Check memory settings for virtual SUSE systems.
- Fix install type detection. (bsc#875231)
- Point "Register Clients" link to "Client Configuration Guide". (bsc#880026)
- Change order of installer type: prefer SUSE Linux. (bsc#860299)
- Fix ISE when clicking system currency. (bnc#905530)
- Set cobbler hostname variable when calling system.createSystemRecord. (bnc#904699)
- Fix wrong install=http://nullnull line when calling system.createSystemRecord. (bnc#904699)
- Fix JS injection on /rhn/systems/Search.do page.
- Configuration file URL should update when you create new revision.
- User does not need to be a channel admin to manage a channel.
- We should consider if text <> binary has changed for configuration files.
- All API methods should be able to find shared channels.
- Explain snapshot/rollback behavior better. (bsc#808947)
- Fix patch syncing: prevent hibernate.NonUniqueObjectException and rollback. (bsc#903880)
- Remove "Add Selected to SSM" from system overview page. (bsc#901776)
- Fix CVE audit in case of multi-version package installed and patch in multi channels. (bsc#903723)
- Update channel family membership when channel is updated. (bsc#901193)
- Log SCC data files as received to files in SCCWebClient.
- Add log warning if uploaded file size > 1MB. (bnc#901927)
- Fix channel package compare. (bsc#904690)
- Fix automatic configuration file deployment via snippet. (bsc#898426)
- Avoid NPE when using 'from-dir', regression introduced with SCC caching.
- Add support for SLE12 and refactor kernel and initrd default paths finders.
- Fix wizard mirror credentials side help to point to SCC.
- Make the SCC migration/refresh dialog show steps.
- Show alert message about disabling cron jobs.
- Schedule sync of all vendor channels in MgrSyncRefresh job.
- Add client hostname or IP to log messages. (bsc#904732)
- Hide email field for mirror credentials when on SCC.
- We do not want to use cascade for EVR and name attributes of PackageActionDetails.
- Fixed copying text from kickstart snippets. (bsc#880087)
- spacewalk-utils
-
- Prevent empty directory creation by scbd.
- Updated spacewalk-common-channels.ini to include Oracle Linux 7.
- Fix error if blacklist / removelist is not in scbd configuration file.
- Improve error messaging in scbd.
- spacewalk-web
-
- Add User Guide to online help pages.
- Fix links to monitoring documentation. (bsc#906887)
- Fix rhnChannelNewestPackage table by using refresh_newest_package function again.
- Improve the layout in case the exception message is large.
- Setup wizard: add tooltip to refresh button.
- Stop the spinner for the success task.
- Link the error message with the tomcat log viewer.
- Make the SCC migration/refresh dialog show steps.
- Add a refresh button to the SUSE products page.
- susemanager-manuals_en, susemanager-jsp_en
-
- susemanager-schema
-
- Fix migration script names to fix bare-metal registration (bsc#896109)
- Add virt-host-plat entitlement mappings for new arches.
- Create regular index instead and have one migration per DB. (bsc#905072)
- Drop unique index on package ids. (bsc#905072)
- Drop unused column product_list in suseProducts table.
- Drop unused column channel_family_id in suseProducts.
- susemanager
-
- Abort setup when invalid SSL country code given. (bnc#882468)
- Use noRepoSync parameter always.
- Enable and allow "mgr-sync refresh" in the case of ISS.
- Fixed error message on exception in mgr-sync. (bnc#905263)
- Fixed add product to not trigger redundant addition of base channel. (bnc#901928)
- Drop unused columns in suseProducts table.
- susemanager-sync-data
-
- Add channels for Public Cloud Module. (bsc#907586)
- Add new channel families SLE-WE and SLE-LP.
- Add ATI and nVidia channels for SLED11-SP3. (bsc#901108)
- Add channels for IBM-DLPAR for SLE12 ppc64le.
Patch 10022: apache2-mod_wsgi
- apache2-mod_wsgi was updated to fix one security issue
-
- Failure to handle errors when attempting to drop group privileges. (CVE-2014-8583)
- Security Issues
-
Patch 9952: SUSE Manager Server 2.1
- This collective update for SUSE Manager Server 2.1 provides the following fixes and enhancements
-
- cobbler
-
- Require syslinux-x86_64 on s390x. (bsc#884051)
- Fix fetching of profiles for auto-installation. (bsc#880936)
- oracle-config
-
- No need to pre-require Apache as its user and group are available in the base system.
- osad
-
- Enable and install osad during first installation. (bsc#901958)
- Fix traceback if http proxy is not configured.
- Support communication over proxy.
- pxe-default-image
-
- smdba
-
- Fully hot operations for PostgreSQL.
- Fix "system check breaks backup and other configuration".
- Implement rotating PostgreSQL backup. (bsc#896244)
- spacecmd
-
- spacewalk-backend
-
- Use the old style ISS method with NCC backend.
- Make spacewalk-debug SCC migration compatible.
- ISS: Export/import subscriptions and entitlements.
- ISS: Remove old import code for NCC products and subscriptions.
- ISS: Export/import suseProductChannels and suseUpgradePaths via ISS.
- ISS: Export/import SUSE Products via ISS.
- Fix cleanup when database init goes wrong.
- Update channel checksum type for vendor channels.
- Read mirror credentials from database depending on the Customer Center backend.
- Speed up satellite-sync by avoiding commonly-called dblink_exec.
- Backend should correctly checksum configuration files with macros.
- Fix spacewalk-debug to be fully PostgreSQL aware.
- Correct UTF8 configuration files from being marked as binary.
- Preserve the query parameters in the URL.
- Allow missing packages in patches if they are not part of this repository.
- Handle SLE 12 update tag correctly in reposync.
- Fix traceback when pushing RPMs with archive size greater than 4GB.
- Queue server for errata cache update when package list changes.
- Recognize oVirt node as virtual system.
- spacewalk-branding
-
- Integrate the refresh dialog with the setup wizard products page.
- Implement new "mgr-sync-refresh" taskomatic job.
- End-user documentation clarification.
- spacewalk-certs-tools
-
- bootstrap.sh: When installing certificate via rpm, support both curl and wget.
- bootstrap.sh: Fail if both curl and wget are missing.
- bootstrap.sh: Install certificate in the right location on SLE 12.
- Fix removal of existing host key entries. (bsc#886391)
- spacewalk-client-tools
-
- Allow unicode characters in proxy username and password.
- Send correct hostname. (bsc#887538)
- spacewalk-config
-
- Add recommended Apache settings from the Security Team.
- spacewalk-java
-
- Sync correct repositories. (bnc#904959)
- No refresh if this server is an ISS slave.
- Refresh is needed only if we are migrated to use SCC yet.
- Integrate the refresh dialog with the setup wizard products page.
- Implement new "mgr-sync-refresh" taskomatic job.
- Introduce caching of repositories read from SCC.
- Fix pxt page link to point to the ported version of that page. (bsc#903720)
- Only show the SMT warning if we are using from-mirror or from-dir.
- Add progress and reload page after finish.
- Do not allow to cancel the kickstart once completed.
- Don't schedule a remote-cmd if the system can't execute it.
- Schedule configuration actions asynchronously.
- Correctly apply patches to multiple systems in SSM. (bsc#898242)
- Ping SCC for testing proxy status if SCC is enabled.
- Implement the API methods to work with mirror credentials.
- Fix CVE audit when some packages of a patch are already installed. (bsc#899266)
- Download CSV button does not export all columns ("Base Channel" missing). (bsc#896238)
- Support SCC API v4 and token authentication with updates.suse.com.
- Official repository host is now updates.suse.com (after channels.xml change).
- Support list/add channels and products with SCC.
- SCC client for managing products and channels.
- Implement SLE 12 style of update tag handling while generating updateinfo.
- Add Korea to the list of timezones.
- Read and display only a limited number of logfile lines. (bsc#883009)
- Fix package upgrade via SSM. (bsc#889721)
- Fix logrotate for /var/log/rhn/rhn_web_api.log. (bsc#884081)
- spacewalk-reports
-
- Improve documentation.
- Do not sort multival values within one column to match other multival values (in another columns).
- spacewalk-search
-
- Set newly constructed "db_name" even if db_ssl_enabled is disabled.
- Fix package searching in shared channels.
- spacewalk-setup
-
- No activation if database population should be skipped. (bsc#900956)
- Give Tomcat read permissions on the NCCcredentials file.
- Do not enable spacewalk-service in runlevel 4. (bsc#879992)
- spacewalk-utils
-
- Add openSUSE 13.2 repositories to spacewalk-common-channels.
- Improve clone-by-date dependency resolution.
- Make clone-by-date able to specify --parents from configuration file.
- Add CentOS 7 and EPEL 7 channels.
- spacewalk-web
-
- Integrate the refresh dialog with the setup wizard products page.
- Add aarch64 and ppc64le to parent-child channel compatibility list.
- WebUI cloning should use the same SQL query as API.
- susemanager-manuals_en, susemanager-jsp_en
-
- Clarification about supported Web browsers. (bsc#889905)
- susemanager-schema
-
- Add SLE 12 distribution targets to database.
- Fix evr_t schema upgrade. (bsc#881111)
- Allow evr_t to be compared with NULL in Oracle. (bsc#881111)
- Speed up satellite-sync by avoiding commonly-called dblink_exec.
- Make configuration file deletion faster if there are lots of snapshots.
- Add Fedora 21 and CentOS 7 GPG keys.
- Add support to ppc64le architecture.
- Add Korea to the list of timezones.
- susemanager
-
- Schedule refresh after setup with SCC.
- On an ISS slave, disallow the use of mgr-sync with the exception of enable-scc.
- Recommend to run refresh after credentials are changed.
- ISS setup for SCC do not need mirror credentials anymore.
- Rename "Mirror Credentials" to "Organization Credentials" for SCC.
- Complete initial setup with SCC.
- Added --from-options switch to mgr-sync.
- Replace /etc/motd after setup. (bsc#883379)
- Adapt YaST setup to check credentials against SCC.
- Added mirror credential manipulation functions to mgr-sync.
- Implement mgr-sync to manage products and channels from SCC.
- Make mgr-create-bootstrap-repo SCC and SLE 12 aware.
- suseRegisterInfo
-
- Re-add legacy suse_register_info to successfully perform the update. (bsc#898428)
- zypp-plugin-spacewalk
-
- Check for retrieveOnly option in up2date configuration and set download_only. (bsc#896254)
- Changed the spec file to force usage of the official python VM. (bsc#889363)
- yum
-
Patch 9812: sm-ncc-sync-data
- This update for sm-ncc-sync-data contains the following changes
-
- Add SUSE Cloud 4 channels. (bnc#883057)
- Add channels for SUSE Manager Server 2.1 s390x.
- Fix parent label of the LTSS channel for SLMS.
Patch 9910: spacewalk-java
- Security Issues
-
Patch 9675: perl-Class-Singleton, perl-File-Slurp, perl-JSON, perl-Readonly
Patch 9719: spacewalk-java
- Additionally, the following bug was fixed
-
- Fixed package upgrade via SSM when using the Oracle DB as backend. (bnc#889721)
- Security Issues
-
Patch 9527: oracle-update
- Security Issues
-
Patch 9519: apache2-mod_wsgi
- The following issues have been fixed in mod_wsgi
-
- Security Issues
-
Patch 9430: SUSE Manager Server 2.1
- This collective update for SUSE Manager Server 2.1 provides the following fixes and enhancements
-
- auditlog-keeper
-
- Fix value too long for type character varying(2048). (bnc#872351)
- osad
-
- Call python using the -s option.
- rhnlib
-
- Ensure bytes strings are sent to pyOpenSSL. (bnc#880388)
- rhnpush
-
- Add default path structure to proxy lookaside that avoids collisions.
- Make rhnpush backwards-compatible with old spacewalk-proxy.
- spacecmd
-
- Added option to force deployment of a config channel to all subscribed systems.
- Added last boot message in system_details command.
- Updated kickstart_import documentation.
- Added kickstart_import_raw command.
- spacewalk-backend
-
- Additional spacewalk backend methods and capability needed.
- Spacewalk changes needed to support collisionless proxy lookaside.
- spacewalk-branding
-
- CVE patches adapted for colour blind users. (bnc#872298)
- Underline in icons is removed. (bnc#880001)
- spacewalk-java
-
- New page added for viewing channels a repo is associated to.
- Allow pasting of keys into textarea.
- Provide a faster systemgroup.listSystemsMinimal API method.
- Disable caching of Locale between page loads.
- Add spacewalk-report for systems with extra packages.
- Improve performance of Systems with Extra Packages query.
- System Event History page: fix link to pending events on Oracle databases.
- Fix human dates now() staying unmodified. (bnc#880081)
- Escape package name to prevent from script injection.
- Allow for null evr and archs on event history detail. (bnc#880327)
- Disable form autocompletion in some places. (bnc#879998)
- Add errata type selection to SSM page.
- Fix datepicker time at xx:xx PM pre-filled with xx:xx AM. (bnc#881522)
- spacewalk-reports
-
- Use base_channel_id and child_channel_id instead of channel_id in activation_key report.
- Added channel- and server-group-ids to activation-keys.
- Spacewalk-report fix allows all activation-key info to live in one report.
- Added spacewalk-report for systems with extra packages.
- spacewalk-setup
-
- Setup /etc/sudoers in SUSE Manager upgrade scripts (bnc#881711)
- spacewalk-utils
-
- Fixed spacewalk-hostname-rename to work with PostgreSQL backend.
- Added limitation of spacewalk-clone-by-date for RHEL4 and earlier.
- spacewalk-web
-
- Add development_environment to rhn_web.conf.
- susemanager-schema
-
- Index for user_id on wupi table speeds up errata mailer.
- Copy upstream schema migration to SUSE Manager schema upgrade.
- susemanager
-
- Update the sudoers file after SUSE Manager upgrade. (bnc#881711)
- Fix oracle2postgres.sh (database configuration).
Patch 9423: struts
- Apache Struts was updated to fix a security issue
-
- CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.
New features since SUSE Manager Server 1.7
Improved User Interface
The Web UI is now based on the Twitter Bootstrap framework, dramatically enhancing its usability on mobile devices and tablets.
Unattended bare-metal system provisioning
SUSE Manager can be configured so that unprovisioned ("bare-metal") systems capable of PXE booting are added to an organization. After that happens, those systems will appear in the Systems list, where regular provisioning via autoinstallation is possible in a completely unattended fashion.
First-time installation support in System Set Manager
In SUSE Manager 1.7, the System Set Manager Autoinstallation tab could be used to re-install a system using an Autoinstallation profile. With SUSE Manager 2.1, the same tab can be used to create Cobbler system records to install an OS to a machine even if it didn't have one.
This replicates functionality provided by the Create Cobbler System Record button in Manager 1.7 for multiple systems.
Power Management
SUSE Manager allows you to power on, off and reboot systems via the IPMI protocol.
Action chaining
SUSE Manager can group a number of operations in a sequence, called an Action Chain, so that they are all scheduled at once and performed in a particular order.
Using Action Chains can be useful when dealing with some administrative tasks, for example rebooting a systems after deploying a patch.
Action chaining can also be controlled via the API. See ‘actionchain’ in the API documentation.
Service location protocol
A SUSE Manager server announces itself via the SLP (service location protocol) service now. This can be used by clients to find the nearest SUSE Manager server to connect to.
Package locks
Locking of packages on the client (via zypper) is now possible. Locking prevents a change in the state of a package. An installed package cannot be upgraded or removed. An uninstalled package cannot be installed.
Setup wizard
This feature moves the CLI-based initial setup of SUSE Manager Server to the web UI. This setup will be started automatically after initial login into SUSE Manager.
The setup workflow will provide proxy settings, mirror credentials, and product selection, including syncing of mandatory channels.
Major changes since SUSE Manager Server 1.7
Base system upgrade to SLES 11 SP3
The underlying SLES 11 base system has been upgraded to Service Pack 3 (including updates)
Upgrade to upstream Spacewalk 2.1
The SUSE Manager code has been updated to reflect the 2.1 release of the upstream Spacewalk project (including updates)
Change in behavior in network setup
The network setup does not default to ‘dhcp’, you need to choose dhcp or static manually.
Non compliant systems
The semantics of ‘non compliant systems’ have been changed. A system is considered ‘non compliant’ if it has packages installed which are not available in a channel. A non compliant system cannot be re-installed.
The old semantics looked for packages in all available channels.
The new semantics look for packages only in channels assigned to the system.
Channel synchronisation logging
Logging of channel synchronisation (triggered by mgr-ncc-sync) was done per channel and sync run. Every new sync created a new log file. A cron job was used to clean up older logs files.
SUSE Manager 2.1 changes this to one log file per channel. All synchronisation runs for a specific channel log to the same file. Older log files are rotated and compressed now using logrotate.
Inter Server Sync between 1.7 (master) and 2.1 (slave)
An inter server sync (ISS) between a SUSE Manager 1.7 Server as master and a SUSE Manager 2.1 Server as client will succeed but generate an error mail to the admin. The error mail is harmless and can be deleted.
Embedded Oracle DB needs extra permission
When upgrading a SUSE Manager Server with Database 1.7 (using embedded Oracle DB), an additional permission (create role) will be added.
New package pgtcl
Stored procedures in PostgreSQL can now be written in the TCL language. The package pgtcl will be added on upgrade.
Reboot action status is reflected immediately in UI
The status of a rebooted client is now updated immediately. There was a delay in the status update in the past.
Taskomatic memory limits lifted
Taskomatic, the scheduler component of SUSE Manager, has an increased memory limitation (raised from 1 GB to 2GB). This might require an increase of main memory.
spacewalk-utils
spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.
* L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)
The following tools of spacewalk-utils are fully supported:
- spacewalk-clone-by-date
- spacewalk-sync-setup (New for 2.1; See Inter Server Synchronization, Automated Configuration in the installation manual)
- spacewalk-manage-channel-lifecycle (New for 2.1)
SUSE Manager Server requirements
System requirements
SUSE Manager Server is a 64bit Java application with an embedded database backend. This requires sufficient CPU power and main memory. A multi-core 64bit CPU (x86_64) is required, accompanied with a minimum of 4 GB of main memory. Adding more main memory will significantly improve performance.
Disk space requirements
The database will write a recovery log, taking a lot of disk space. You need to follow a strict backup strategy to copy this log to a safe place and reclaim the disk space. See the SUSE Manager manual for details.
Database sizing requirements
The SUSE Manager Server database contains all information required to manage clients. This includes all installable packages and updates as well as lists of installed packages for every client. This data requires a lot of storage space on the harddisk, typically 50 GB or more per package repository.
See the Installation guide for more details on the system requirements.
SUSE Manager Server distribution
SUSE Manager Server is distributed as an appliance which bundles an operating system (SLES 11 SP3 x86_64) with the SUSE Manager Server application and a database.
The installable ISO of the SUSE Manager Server appliance can be deployed on physical hardware or fully virtualized (e.g. KVM, VMware) hosts.
Installation and Setup
Installation is done in two major steps. The first installs the appliance and configures the underlying SLES 11 operating system. The second configures SUSE Manager Server and populates the database with initial data.
See the Installation guide for step-by-step instructions for installing and configuring SUSE Manager Server.
Upgrading from SUSE Manager Server 1.7
An existing SUSE Manager Server 1.7 installation can be upgraded to SUSE Manager Server 2.1 with the help of YaST2 wagon. This is essentially the same workflow as a SLES service pack upgrade.
After the service pack migration has finished successfully, reboot the server and run
/usr/lib/susemanager/bin/susemanager-upgrade.sh
to complete the SUSE Manager Server upgrade
Be aware that the required database schema migration can be a time-consuming process, esp. if monitoring is enabled and used.
Upgrading from SUSE Manager Server 1.2
An upgrade from SUSE Manager Server 1.2 to SUSE Manager Server 2.1 is not supported. If you still have SUSE Manager Server 1.2 running, please upgrade to SUSE Manager Server 1.7 first and then do the upgrade to SUSE Manager Server 2.1
Migrating from RHN Satellite
It is also possible to migrate data from an existing Red Hat Satellite Server.
Satellite migration requires SUSE Manager Server with an external Oracle database.
The migration itself is a time-consuming process and requires careful planning and expertise. Migration needs to sync the complete database as well as all cached RPM packages. Depending on the network bandwidth and the database setup, this can take up to a day or more.
Depending on the actual database structure and contents, a server migration might also fail. Please report problems via your support channel.
How to apply patches on first install
On first install (i.e. before running yast2 susemanager_setup) just follow the Quick Start guide and apply available patches using either zypper patch or YaST Online Update.
How to apply patches to a running SUSE Manager Server
In general, follow the patch description when installing updates. Only apply updates to a stopped SUSE Manager Server (spacewalk-service stop)
For changes to the database schema, running spacewalk-schema-upgrade is required. Proceed as follows:
- Log in as root user to the SUSE Manager server console.
- Stop the Spacewalk service: spacewalk-service stop
- Apply the patch using either zypper patch or YaST Online Update.
- Upgrade the database schema with: spacewalk-schema-upgrade
- Start the Spacewalk service: spacewalk-service start
Upgrade from SUSE Manager Server 1.7
SUSE Manager Server 1.7 can be upgraded to SUSE Manager Server 2.1 by the help of YaST wagon, similar to a SLES 11 SP2 to SP3 service pack migration.
Upgrade of Inter Server Sync setups
In ISS (Inter Server Sync) setups, upgrade all slaves to 2.1 before upgrading the master.
Activation of SUSE Manager Server
With the purchase of SUSE Manager Server you will get an activation code. This code needs to be entered at the registration step during installation.
This code enables your SUSE Manager Server to retrieve updates from the Novell Customer Center. Regularly installing updates is a mandatory step to keep your SUSE Manager Server stable and secure. Before applying some updates the SUSE Manager services needs to be stopped and only restarted after the update has been applied. See the SUSE Manager Installation Guide for details.
Entitlement counting in SUSE Manager
SUSE Manager currently doesn't technically limit the number of deployed servers in most cases, except for a theoretical limit of 200,000 entitlements/subscriptions. Please note that this is a technical limitation and does not indicate in any way that you can deploy more servers than you have valid subscriptions for!
Later releases of SUSE Manager Server will keep track of allowed and used entitlements for managed systems.
Supportability of embedded software components
All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.
About SLES 12
SUSE Linux Enterprise Server 12 (SLES 12), scheduled for autumn 2014, has a new signing key for packages and repositories. If you upgraded from SUSE Manager 1.7, you need to manually accept this new key into SUSE Manager 2.1 when prompted to.
A fresh installation of SUSE Manager 2.1 will have this key included.
About the Client Tools Channel
The Client Tools Channel contains client-side packages to enable specific functionality. Please refer to the Client Configuration Guide about which packages relate to which function. Some packages have a very specific use case and installing them blindly is discouraged.
Red Hat Channels
Managing Red Hat clients requires availability of appropriate Red Hat packages. These are not available through the Novell Customer Center (NCC) but must be provided by other means, e.g. from a retired Red Hat Satellite installation.
Support for SLES 10 based systems
The SUSE Manager client stack for SLES10 based systems is identical to the one used on SLES11 based systems. SLES 10 systems managed by SUSE Manager will have the ZENworks Managemen Daemon (ZMD) and the rug command line tool removed.
SUSE Manager Proxy versions
SUSE Manager Server 2.1 can work with version 1.7 of SUSE Manager Proxy.
Upgrade of SUSE Manager Proxy from version 1.7 to 2.1 is possible.
Known bugs
- Audit log line too long
- Schedule autoinstallation in advanced configuration mask is not working
- RH client registration fails to install packages
- 500 Error on Rollback
- insserv errors during yast2 susemanager_setup run
- "Register Systems" link points to non-matching documentation
- Events > History (none) gives internal error
Upstream changes since SUSE Manager 1.7
- Auditing feature which enables tracking information like "Who created this user?" or "Who deleted this server?"
- SCAP improvements
- The latest Spacewalk is able to aggregate full SCAP results, including the XCCDF Result file, OVAL Result Files and OpenSCAP HTML Report. These files are available for user download at the scan's details page.
- This feature needs to be turned on in an organization's Configuration settings
- ISS Features
- WebUI is now smoother thanks to CSS3 (if you are using IE8 and lower you won't see this)
- Plenty of small enhancements like overview page for Physical systems only
- SCAP improvements
- Support for XCCDF 1.2
- XCCDF Diff, comparison of two XCCDF scans.
- Allow --cpe command-line argument to oscap
- User Interface Enhancements
- Display Activation key used to register, on system profile page
- Highlightning of hovered row in tables
- CSS rules for printing of WebUI pages
- Link associated errata to package from package overview page
- Added CVS download/report of Software Channel Entitlements
- Bug 877451 - yum-like per-repo configuration for spacewalk-repo-sync
- Bug 878216 - make rhncfg diff output configurable
- Updates to spacewalk-repo-sync:
- Syncing over SSL and IPv6 works correctly
- Sync Kickstart Trees (Distributions)
- New features related to Kickstarting systems:
- Allow the selection of a primary network interface from hardware profile
- Allow Kickstart Profile to automatically update to newest applicable Distribution
- OpenSCAP functionality extended
- Distribution-channel mapping can be customized per organization
- (RHEL only) spacewalk-repo-sync now downloads comps information, enabling yum group operations
- User Interface and usability improvements
- PostgreSQL improvements
- Cobbler 2.0 now packaged in Spacewalk repos
- Archived actions now can be deleted
- New reports added to spacewalk-reports:
- custom-info
- inactive-systems
- inventory (modified)
- packages-updates-all
- packages-updates-newest
- system-currency
- system-groups
- system-groups-keys
- system-groups-systems
- system-groups-users
- system-packages-installed
- Modified API calls:
- activationkey.addChildChannels
- activationkey.setDetails
- channel.software.clone
- channel.software.getGetails - key “yumrepo_last_sync” is now optional
- configchannel.createOrUpdatePath - now accepts also binary attribute and has fixed handling of binary files
- configchannel.lookupFileInfo - now returns base64 encoded content for binary files
- errata.findByCve
- errata.setDetails
- kickstart.createProfile
- kickstart.profile.addScript
- kickstart.profile.setAdvancedOptions
- org.delete
- proxy.listAvailableProxyChannels
- system.crash.getCrashOverview
- system.crash.listSystemCrashFiles
- system.getScriptResults - now returns base64 encoded content for binary files
- system.listSystemEvents
- system.provisionVirtualGuest - accepts MAC address parameter
- system.scap.scheduleXccdfScan - can be scheduled for multiple servers and with timestamp to fire the scan
- system.scheduleApplyErrata
- system.schedulePackageInstall
- system.scheduleHardwareRefresh
- system.scheduleReboot
- system.scheduleScriptRun
- system.scheduleSyncPackagesWithSystem
- systemgroup.scheduleApplyErrataToActive
- New API calls:
- actionchain.addConfigurationDeployment
- actionchain.addPackageInstall
- actionchain.addPackageRemoval
- actionchain.addPackageUpgrade
- actionchain.addPackageVerify
- actionchain.addScriptRun
- actionchain.addSystemReboot
- actionchain.createChain
- actionchain.deleteChain
- actionchain.listChainActions
- actionchain.listChains
- actionchain.removeAction
- actionchain.renameChain
- actionchain.scheduleChain
- channel.software.addRepoFilter
- channel.software.setRepoFilters
- channel.software.clearRepoFilters
- channel.software.removeRepoFilter
- channel.software.listRepoFilters
- distchannel.listMapsForOrg
- distchannel.setMapForOrg
- errata.cloneAsOriginalAsync, errata.cloneAsync
- kickstart.importFile (variant)
- kickstart.createProfile (variant)
- kickstart.createProfileWithCustomUrl (variant)
- kickstart.importRawFile (variant)
- kickstart.profile.getCfgPreservation
- kickstart.profile.setCfgPreservation
- kickstart.profile.getUpdateType
- kickstart.profile.setUpdateType
- org.getCrashFileSizeLimit
- org.setCrashFileSizeLimit
- schedule.deleteActions
- sync.master.addToMaster
- sync.master.create
- sync.master.delete
- sync.master.getDefaultMaster
- sync.master.getMaster
- sync.master.getMasterByLabel
- sync.master.getMasterOrgs
- sync.master.getMasters
- sync.master.makeDefault
- sync.master.mapToLocal
- sync.master.setCaCert
- sync.master.setMasterOrgs
- sync.master.unsetDefaultMaster
- sync.master.update
- sync.slave.create
- sync.slave.delete
- sync.slave.getAllowedOrgs
- sync.slave.getSlave
- sync.slave.getSlaveByName
- sync.slave.getSlaves
- sync.slave.setAllowedOrgs
- sync.slave.update
- Everything under system.crash, including:
- system.crash.createCrashNote
- system.crash.deleteCrash
- system.crash.deleteCrashNote
- system.crash. getCrashCountInfo
- system.crash.getCrashNotesForCrash
- system.crash.getCrashOverview
- system.crash.getCrashesByUuid
- system.crash.getCrashFile
- system.crash.getCrashFileUrl
- system.crash.getLastReportDate
- system.crash.getTotalCrashCount
- system.crash.getUniqueCrashCount
- system.crash.listSystemCrashFiles
- system.crash.listSystemCrashes
- system.deleteSystem (variant)
- system.listAllInstallablePackages
- system.listSystemsWithExtraPackages
- system.listExtraPackages
- system.listActiveSystemsDetails
- system.setPrimaryInterface
- system.scap.listXccdfScans
- system.scap.getXccdfScanDetails
- system.scap.getXccdfScanRuleResults
- We parted with API call:
- distchannel.setDefaultMap
Providing feedback to our products
In case of encountering a bug please report it through your support contact.
Documentation and other information
http://www.suse.com/products/suse-manager/technical-information/contains additional or updated documentation for SUSE Manager Server 2.1.
These Release Notes are available online at http://www.suse.com/documentation/releasenotes.
Further information about SUSE Manager is available at http://wiki.novell.com/index.php/SUSE_Manager
Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.
Legal Notices
SUSE Linux GmbH
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Jeff Hawn, Jennifer Guild, Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg
SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to http://www.novell.com/company/policies/trade_services/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2012 SUSE. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see SUSE Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html). All third-party trademarks are the property of their respective owners.
Colophon
Thank you for using SUSE Manager Server in your business.
Your SUSE Manager Server Team.