This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

Also, for up to three years from SUSE’s distribution of the SUSE product, upon request SUSE will mail a copy of the source code. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover its reasonable costs of distribution.

Version Revision History

  • August 19th 2020: 3.2.15 release

  • April 3rd 2020: 3.2.14 release

  • January 31st 2020: 3.2.13 release

  • November 22nd 2019: 3.2.12 release

  • October 2nd 2019: 3.2.11 release

  • July 24th 2019: 3.2.10 release

  • July 9th 2019: 3.2.9 release

  • June 25th 2019: 3.2.8 release

  • April 24th, 2019: 3.2.7 release

  • March 12th, 2019: 3.2.6 release

  • February 13th, 2019: 3.2.5 release

  • December 7th, 2018: 3.2.4 release

  • October 29th, 2018: 3.2.3 release

  • September 26th, 2018: 3.2.2 release

  • September 4th, 2018: 3.2.1 release

  • June 25th, 2018: 3.2.0 release

About SUSE Manager

SUSE Manager is a best-in-class open source infrastructure management solution for your software-defined infrastructure. Designed to help your enterprise DevOps and IT Operations teams to reduce complexity and regain control of IT and IoT assets, increase efficiency while meeting security policies and optimize operations with automation to reduce costs.

SUSE Manager helps your enterprise DevOps and IT operations teams to:

Optimize operations while reducing costs with automated Linux server and IoT device provisioning, patching and configuration for faster, consistent and repeatable server deployments.

  • Easily manage and optimize usage of your SUSE subscriptions helping you to ensure you aren’t buying subscriptions you don’t need

  • Improve onboarding efficiency of new HW with automated discovery (via PXE boot)

  • Optimize operations by enabling IT to quickly build container images based on their SUSE Manager repositories

  • Increase operational efficiency and support CI/CD, with a single tool (using Salt) for automated deployment of hardened OS templates (bare metal, VMs or containers) to tens of thousands of servers and IoT devices for faster, consistent & repeatable provisioning and configuration without compromising speed or security

  • Reduce costs with automated patch management enabling you to deploy patches based on software channel assigned to ensure systems are kept up to date

Reduce complexity and regain control of IT assets with a single tool to manage Linux systems across a variety of hardware architectures, hypervisors as well as container, IoT and cloud platforms

  • Reduce complexity with a single tool that lets you easily onboard and manage any Linux server connected to the network, from edge devices to your Kubernetes environment, no matter where it is located – in your data center, a 3rd party data center or in the cloud

  • Improve visibility of your infrastructure – with improved graphical visualization of your IT systems status and their relationships. Once an asset has been on-boarded, you’ll never “lose” it. So, if it goes offline or stops responding you will know. Quickly view your Linux assets and identify assets that need attention.

  • Simplify management and regain control of your IT assets with graphical visualization of your IT systems and their relationships as well as the capability to organize Linux servers into logical groupings – group them, tag them with additional details (location in the DC, Rack, etc)

    • Locate and store HW specifics for the servers and IoT devices enabling grouping/tagging by HW characteristics (vendor tags, CPU architecture, RAM)

Ensure compliance with internal security policies and external regulations with automated monitoring, tracking, auditing and reporting of your systems/devices, VMs and containers across your development, test and production environments.

  • Comprehensive monitoring solution, that enables operations to monitor your Linux environments from the HW through the OS layer up to their applications

  • Detailed compliance auditing and reporting with the ability to track all HW and SW changes made to your managed Linux infrastructure

  • Easily track system compliance with automated patch management ensures daily notifications of systems not compliant with the current patch level

  • Faster non-compliant remediation with the ability to quickly identify systems deployed in hybrid cloud and container infrastructures that are out of compliance to hardened profiles/templates based on your own internal security policies

About SUSE Manager 3.2

SUSE Manager 3.2, SUSE’s best-in-class open source infrastructure management software, comes with new enhancements focused on lowering costs, improving DevOps efficiency and easily managing large complex deployments across IoT, cloud and container infrastructures. As a key component of a software-defined infrastructure, SUSE Manager 3.2 provides three key benefits:

  • Lower costs and simplify deployment while easily scaling larger environments for Public Cloud infrastructures and Kubernetes deployments.

  • Improve DevOps efficiency and meet compliance requirements with a single tool to manage and maintain everything from your IoT edge devices to your containerized workloads.

  • Easily manage large complex deployments with new extended forms-based UI capabilities

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:



SUSE Manager 3.2 Server is an extension for SLES 12 SP3 and SP4 for x86-64, Power Systems (ppc64le), or z Systems (s390x).

Please always start with the latest available service pack.

In the following, 'SP4' stands for "latest available".

Being an 'extension' means that installation is done in two steps

  • base operating system (SLES 12 SP4)

  • SUSE Manager 3.2 Server extension

This addresses the need of enterprise deployments to standardize on the base operating system as well as specific storage setups.

It is strongly recommended to use SUSE Manager with the embedded database. PostgreSQL is only supported as a local (embedded) database.

Registration code

The SUSE Manager 3.2 Server registration code, matching your hardware architecture, can be used to register the SLES 12 SP4 base system as well.

Installing the SUSE Manager 3.2 Server extension on SLES 12 SP4

You’ll need a physical or virtual SLES 12 SP4 x86_64, ppc64le, or s390x system to install SUSE Manager 3.2 Server.

When you install and register SLES 12 SP4, SUSE Manager 3.2 Server will show up in the list of available extensions.

You’ll need a valid SUSE Manager 3.2 Server registration code to access this extension.

Update from previous versions of SUSE Manager Server

You can update from SUSE Manager 3.1 Server to SUSE Manager 3.2 Server.

Updates from older versions than 3.1 are not supported.

SUSE Manager 3.1 Server must be on the latest patch level (3.1.11), based on SLES 12 SP4, and have PostgreSQL 9.6 running.

If your SUSE Manager 3.1 Server lacks any of these requisites, please refer to the SUSE Manager 3.1 Server release notes and documentation for further advise.

See the best practices manual for detailed instructions on how to upgrade.

All connected clients will continue to run and are manageable unchanged.

Update SUSE Manager Server in an Inter-Server-Sync (ISS) environment

To update a SUSE Manager Server from a previous version in an Inter-Server-Sync environment always update the master first. Running a new slave version against an older master version is not supported.

This applies to both major version updates and for maintenance updates.

Migrating from RHN Satellite

Is conditionally supported with SUSE Manager 3.2 Server.

If you have the need to migrate from RHN Satellite to SUSE Manager 3.2 Server, please get in contact with a SUSE sales engineer or a SUSE consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager, when deployed on appropriate hardware as described in the getting started guide, will scale to a 4-digit number of clients.

Scaling beyond that number needs special consideration as described in the advanced topic guide

One size never fits all. Getting advise from a SUSE partner, sales engineer, or consultant is recommended to adapt SUSE Manager to your environment.

Channels with large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Redhat Enterprise Linux, come with an enormous number of packages.

If you have channels with a large number of packages added to SUSE Manager, taskomatic might run out of memory.

In this case it’s recommended to increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding

to this file.

A restart of taskomatic is needed after this change.

The number 4096 gives 4 GB of memory to taskomatic (up from the default 2GB) and should be raised even higher if taskomatic still runs out of memory.

Keep in mind this will affect to the total memory required by SUSE Manager Server.

Major changes since SUSE Manager Server 3.2 GA

Features and changes

Version 3.2.15

Salt 3000 for Server and Proxy

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.

SLE15 and python3-M2Crypto

If you still have SLE15 but no LTSS subscription, you will see errors when generating the bootstrap repositories, as python3-M2Crypto is missing on SLE15 and is only part of SLE15 LTTSS.

However even with the error, the bootstrap repository itself will work and will provide salt 2019.2.0 until a LTSS subscription is available.

Version 3.2.14

This is mostly a bugfix release

New products enabled
  • SUSE Linux Enterprise 15 SP2 family

  • MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)

COVID-19 extension

In an effort to help our customers deal with the consequences of COVID-19, the lifecycle of SUSE Manager 3.2 been extended by 3 months. The new end of life is scheduled for September 30th, 2020.

This is a free lifecycle extension that all SUSE Manager 3.2 customers automatically get.

This free lifecycle extension also entitles you to receive a free 3-month subscription to SUSE Linux Enterprise Server 12 SP4 LTSS, to match the end of life of the base operating system with the enf of life of SUSE Manager. You will need to request and activate the 3-month LTSS. No charges will be applied.

Salt 3000

Due to the lifecycle extension of SUSE Manager 3.2, Salt 3000 is now available in the client tools channels.

Since Salt 3000 was released after SUSE Manager 3.2.14, the bootstrap repository creation process will report an error on some operating systems, such as SLES 12 SP4 and MicroFocus Open Enterprise Server 2018 SP2. To make sure the bootstrap repository creation finalizes successfully, you will need to manually add the missing package to the list of packages:

$> mgr-create-bootstrap-repo python-singledispatch
1. SLE-12-SP4-x86_64
Enter a number of a product label: 1
Creating bootstrap repo for SLE-12-SP4-x86_64
copy ....

If you know the label upfront you can also call it directly

$> mgr-create-bootstrap-repo -c SLE-12-SP4-x86_64 python-singledispatch

This will be fixed for SUSE Manager 3.2.15

Version 3.2.13

This is mostly a bugfix release, with some highlights.

New products enabled
  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise Server 15 LTSS

  • SUSE Linux Enterprise Server 15 ESPOS

Regeneration of bootstrap scripts is required

Bootstrap scripts for salt managed clients should be re-generated, as we need to set additional options for the minion config for performance reasons.

Version 3.2.12

This release continues to improve our Debian/Ubuntu support, adds new Prometheus exporters for monitoring and fixes a number of bugs.

Enhanced support for Debian and Ubuntu

With each release of SUSE Manager, we continue to enhance our Debian and Ubuntu support.

SUSE Manager 3.2.12 greatly improves our compatibility thanks to:

  • Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels.

  • Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.

New Prometheus exporters

A new set of client tool packages now includes Prometheus exporters for more clients: RHEL 6, RHEL 7, SLES ES 6, SLES ES 7, Ubuntu 18.04 and SLES 11 SP4 (only x86-64 and i586). Both the Prometheus node exporter and the PostgreSQL exporter are provided for those operating systems.

Version 3.2.11

This is mostly a bugfix release, with some highlights:

  • Ubuntu and Debian channels now come preconfigured in spacewalk-common-channels.

    The Debian CDN is used to provide the best mirror at each moment. For Ubuntu, you may want to replace the default mirror with a closer geo-mirror.

    Keep in mind SUSE does not provide support for the spacewalk-common-channels tool form the spacewalk-utils package.

  • Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it.

Version 3.2.10

This is mostly a bugfix release. In addition to that:

  • Some tuning parameters for large installations have been added to the documentation: taskomatic jobs, Salt Mine, etc.

  • SUSE Linux Enterprise Server 12 SP3 LTSS and SUSE Linux Enterprise Real Time 12 SP4 are now enabled products.

Version 3.2.9

Bugfix release.

Version 3.2.8

Salt 2019.2.0 Update

Salt has been upgraded to the final 2019.2.0 release.

For changes in your manually created Salt states, please see the Salt 2019.2 upstream release notes.

Update of traditional Client Tools and Package renames

The traditional Client Tools were updated to Uyuni version 4.0. This come along with some package renames.

Table 1. Package renames
Old Name New Name

























































Please update your bootstrap scripts, bootstrap repositories and activation keys if any of the packages are part of them.

Availability of monitoring packages: Prometheus, Grafana and various metrics exporters

For the new Monitoring Feature added in SUSE Manager 4.0 we added packages to provide Prometheus Monitoring for SLE12 and SLE15 in the Client Tools channel.

Prometheus is a monitoring tool, originally built at SoundCloud, that is used to record real-time metrics in a time-series database. Prometheus collects metrics via an HTTP pull model, and it is highly scalable. For more information, see:

Together with Prometheus, we ship AlertManager, which manages Prometheus alerts, including silencing, inhibition, aggregation and sending out notifications via email and other methods. For more information, see:

Grafana is a tool for data visualization, monitoring and analysis. It is used to create dashboards with panels representing specific metrics over a set time-frame. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL and Influx DB. For more information, see:

Prometheus, AlertManager and Grafana are provided in the following packages:

  • golang-github-prometheus-prometheus

  • golang-github-prometheus-alertmanager

  • grafana


Exporters are libraries which help in exporting existing metrics from third-party systems as Prometheus metrics. Exporters are useful whenever it is not feasible to instrument a given application or system with Prometheus metrics directly. Multiple exporters can run on a monitored host to export local metrics.

Exporters we are providing as packages:

  • golang-github-prometheus-node_exporter - Hardware and operating system metrics

  • golang-github-boynux-squid_exporter - Squid Proxy metrics

  • golang-github-lusitaniae-apache_exporter - Apache HTTP server metrics

  • golang-github-wrouesnel-postgres_exporter - PostgreSQL database metrics

You need a Monitoring Subscription together with SUSE Manager 3.2 to get support for these packages.

Salt Rate Limiting (Batching)

Any action scheduled on multiple Salt minions has now an upper limit on the number of systems that will process it simultaneously. This is referred to as batch size in Salt jargon, and defaults to 100 minions.

Please check the documentation for performance considerations in large installations (more than 1000 minions).

Product Information Loaded from SCC

In the past information about product channels were shipped via maintenance updates. Now these information will be downloaded from SUSE Customer Center (SCC) like the other product and repository information.

In case of using the fromdir configuration with SMT or RMT, please check if they support already downloading this file. You can get the file with the following command:

curl -O

Version 3.2.7

Support for Ubuntu Clients

Management of Ubuntu clients is now supported. We provide a repository with salt packages and some dependencies via

Check the official documentation about Managing Ubuntu Clients to know how to setup the required channels in SUSE Manager.

The following new features were added since 3.2.6:

  • Support Ubuntu products and Debian architectures in mgr-sync

  • Support creating bootstrap repositories for Ubuntu 18.04 and 16.04

  • Add support for Ubuntu in the bootstrap script

  • Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled

  • Trust SUSE GPG key for client tools channels on Ubuntu systems

Access to SUSE Manager Client Tools for Red Hat without Expanded Support Subscription

A new product tree was added to give access to SUSE Manager Tools Channel for Red Hat without having an Expanded Support Subscription. To access it, a SUSE Manager Server subscription is sufficient.

Package download endpoint override

It is now possible to set a custom protocol, host and path for minions to download packages at installation time. This will override the default setting of the SUSE Manager Server or SUSE Manager Proxy used at registration time.

For more information please consult the Getting Started Guide.

New products added
  • SUSE Manager Tools for Ubuntu

  • SUSE Manager Tools for Red Hat

  • CaaSP 4 Toolchain

Version 3.2.6

Technical preview Ubuntu Support

First steps to support management of Ubuntu clients were added to this release (Salt minion based only).

Ubuntu salt packages for testing are available via the following URLs:

Salt packages in official product channels will be provided at a later point in time.

The following feature should already work:

  • Bootstrapping and performing initial state runs such as setting repositories and performing profile updates

  • Assigning .deb channels to minions

  • Information displayed in System details pages

  • Package install, update, and remove

  • Package install using Package States

  • Configuration and state channels

However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python.

Setting up Channels
  1. In the SUSE Manager WebUI, navigate to Software > Manage Software Channels > Manage Repositories and click "Create Repository".

  2. In the Create Repository dialog, use these values to create a new repository:

  3. Click "Create Repository" to create the repository.

  4. Navigate to Software > Manage Software Channels > Overview and click "Create Channel".

  5. In the Create Software Channel dialog, create the channel as required for your environment. Ensure that in the Architecture field, you select AMD64 Debian.

  6. Click "Create Channel" to create the software channel.

  7. Navigate to Software > Manage Software Channels > Overview and select your new channel from the channel list.

  8. In the Repositories tab, click the Add/Remove tab, and select your new repository from the repository list.

  9. Click the "Update Repositories" button

  10. In the Repositories tab, click the Sync tab, and click the "Sync Now" button to synchronize the repository. A regular schedule can be configured on this page as well.

Change behavior on token refresh

Channel authentication tokens are valid by default for about 1 year. The renew of tokens happens automatically some time before they expire but they are not deployed automatically to the clients.

As the renew happens mostly without noticing by the administrator that behavior has changed to autodeploy renewed tokens to the clients automatically.

This old behavior can be preserved by setting

token_refresh_auto_deploy = false

in /etc/rhn/rhn.conf and restarting the services.

In case of a token renew without autodeployment enabled a log message will inform the administrator about it.

New option to force regeneration of channel metadata

A new option --force was added to spacecmd softwarechannel_regenerateyumcache to force a regeneration of the metadata files.

Retail terminal deployment is now by default done using ftp protocol

Due to performance limitations of previously used tftp protocol, retail terminal deployment now uses ftp protocol by default. This impacts only newly build OS images.

To move already built image to use ftp protocol, edit associated image pillar to use ftp:

            url: ftp://ftp/$image_path

Old behavior can be preserved by editing newly built image pillar to use tftp protocol:

            url: tftp://tftp/$image_path
New products supported

Version 3.2.5

Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is now supported.

Also building SLES 12 SP4 Retail Images is supported.

Updated backend for communicating with SCC

This update contains a new backend to communicate with the SUSE Customer Center (SCC). This requires to run a mgr-sync refresh at the end of the update procedure.

The whole update procedure:

$> spacewalk-service stop
$> zypper patch
$> spacewalk-schema-upgrade
$> spacewalk-service start
$> mgr-sync refresh

In case of Inter Server Sync (ISS) the master needs to be updated first, then the slave.

This change show products like they are setup in the SUSE Customer Center. As a consequence of this some older products show no architecture anymore and mirror all available architectures when such a product is selected for mirroring.

With this change also some invalid product combinations were removed. Please check /var/log/rhn/rhn_web_ui.log for error messages. Invalid channels can be removed using spacewalk-remove-channel command.

XMLRPC API changes

Due to the changes in the backend for communicating with SCC corresponding XMLRPC API has changed:

Deprecated calls:


New call:


For a refresh the XMLRPC API should be called in the following order:

New products added
  • SLES 15 SP1 product family

Version 3.2.4

Support for PostgreSQL 10

A new version of the PostgreSQL database is available in SLES 12 SP3 and SP4 and can be used for SUSE Manager 3.2 Server.

New installations of SUSE Manager 3.2 Server based on SLES 12 SP4 will automatically pick up this version.

PostgreSQL 10 needs a new version of smdba to initiate backups. This version is part of the SUSE Manager 3.2.4 patch.

Migrating from PostgreSQL 9.6 to PostgreSQL 10

You should have an up-to-date database backup before attempting the migration.

Recommendation: Migrate from PostgreSQL 9.6 to 10 first, then SLES 12 SP3 to SLES 12 SP4.

Existing installations of SUSE Manager 3.2 Server will need to run


to migrate from PostgreSQL 9.6 to PostgreSQL 10

Your SUSE Manager Server installation will not be accessible during the migration.

Note The migration will create a copy of the database under /var/lib/pgsql and thus needs sufficient disk space to hold two copies (9.6 and 10) of the database.

Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage.

If your system is scarce on disk space you can do an fast, in-place migration by running

/usr/lib/susemanager/bin/ fast

The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup.

This wiki page contains additional information about the database migration.

Migration to SLES 12 SP4

SUSE Manager 3.2 is now based on SLES 12 SP4. You can switch as soon as SLES 12 SP4 is available.

If you already have a SUSE Manager 3.2 Server or Proxy deployed, you can now initiate a service pack migration as outlined in the SLES documentation

Recommendation: Migrate from PostgreSQL 9.6 to 10 first, then SLES 12 SP3 to SLES 12 SP4.

If you deploy a SUSE Manager 3.2 Server or Proxy anew, please start with SLES 12 SP4 as the base operating system.

spacecmd: Support state channels

spacecmd, the command line access to the SUSE Manager API, has been adapted to support state channels (aka Salt Minion config channels) with the following changes

  • system_scheduleapplyconfigchannels

    • new call to schedule application of the assigned config channels to the system (minion only)

  • configchannel_updateinitsls

    • new call to update the init.sls file

  • configchannel_create

    • adapted call, now has a -t option to specify the channel type (normal or state)

  • configchannel_import

    • adapted call, honors channel type

Please use the help functionality of spacecmd for detailed option descriptions for each mentioned call.

Migration of SLEPOS configuration to SUSE Manager for Retail

This update provides the import of exported configuration of branch servers and terminals from SUSE Linux Enterprise Point of Service (SLEPOS) 11 or the SLEPOS components of SUSE Manager for Retail 3.1.

Importing this information allows customers to migrate their environment based on SLEPOS components to SUSE Manager 3.2.

This feature is a tech-preview and will be enhanced in future releases of SUSE Manager 3.2.

The migration guide is available at

Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is not yet possible with SUSE Manager 3.2.4.

This deficiency will be removed with the next SUSE Manager update in early 2019.

New products added
  • SLES 12 SP4 product family

  • SUSE OpenStack Cloud 9

Version 3.2.3

Enablement for Retail scenarios

This update provides enablement for SUSE Manager in Retail (formerly: SLEPOS) scenarios.

New and updated formulas
  • branch-network-formula

  • pxe-formula

  • image-sync-formula

  • saltboot-formula

  • dhcpd-formula

  • bind-formula

  • vsftpd-formula

  • tftpd-formula

terminal deployment using saltboot event-based boot process

Ability to deploy and boot PXE/saltboot based OS images.

Templates for OS images are published in repository.

commandline tools and Python API for mass configuration
  • retail_branch_init for branch server configuration

  • retail_yaml for mass configuration from YAML source files

Version 3.2.2

Prevent sudoers corruption

This update includes a fix to prevent a corrupted /etc/sudoers.d/spacewalk file (see bsc#1099517).

Any custom modifications to this file will be saved in /root/

This should not happen as users should NOT modify /etc/sudoers.d/spacewalk

changed XMLRPC API calls

The following renames were done to ensure API consistency

  • populateSystemFormulaData to setSystemFormulaData

  • populateGroupFormulaData to setGroupFormulaData

The API calls

  • getSystemFormulaData

  • getGroupFormulaData

have changed parameters for the same reason.

OS Image building with Kiwi

The Kiwi build feature of SUSE Manager was extended to build installable Linux OS images and virtual machines.

Configuration channel label restriction

The dot (.) character is now forbidden in configuration channel labels, as it does not work with salt clients.

Dot (.) characters in existing configuration channels need to be manually replaced by another character, like underline (_)

Check for Dynamic CA-Trust Updates while bootstrapping on RES

When bootstrapping an ES6.x system the SUSE Manager CA certificate will be imported by the client.

When dynamic CA-Trust Updates are disabled ( as per default ), the registration and bootstrapping of the client will fail, giving a lot of output and making it difficult to find the real cause.

This update adds a short check at the start of the bootstrap script to advise the sysadmin to enable ca trust updates.

Set DNS name in createSystemRecord

The system.createSystemRecord() call now sets a dnsname in the generated cobbler configuration.

New products added
  • CaaSP 3.0 (deployment only)

  • Product class for Live Patching on PPC

Version 3.2.1

Repository metadata signing

It is now possible to optionally sign repository metadata in SUSE Manager.

While not strictly needed (packages are signed and all traffic is secure), it adds another layer of trust to the package distribution.

Please see 'Signing Repository Metadata' in the securiy chapter of the advanced topics guide for full details.

Test mode for highstate UI

In the Highstate UI we have added a toggle-button next to the "Apply Highstate" button to enable Salt test mode.

If enabled, salt apply.highstate is executed with test=True.

It cannot be guaranteed that this does not change anything due to bugs in Salt modules. That’s why it’s not called "dry-run".

In case you encounter a badly written Salt module not fully honoring test mode, please open a support request.

Ordered and formated output of state apply results

The event history of a state apply is now similar to the output salt produces on the command line.

The result is ordered in the execution order and failed states are marked red.

In test mode, red marked states are states which would change something.

Ignore inactive containers in Kubernetes clusters

Non-running containers are now ignored when querying a kubernetes cluster.


The SUSE Patch Finder is a simple online service to view released patches.

Version 3.2.15


  • Remove wrong default for bind options preventing correct upload of bind options using XMLRPC (bsc#1150657)


  • Make branch formula to assign home directory to ftp and tftp users (bsc#1162391)


  • Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs)

  • Backport saltutil state module to 2016.11 codebase (bsc#1167556)

  • Add new custom SUSE capability for saltutil state module


  • Allow bind options to be stored to and edited by retail_yaml (bsc#1150657)


  • Fix issues importing RPM packages with long RPM headers (bsc#1174965)

  • Do not make mgr-inter-sync to crash if there are non-ASCII characters on an exception message (bsc#1170331)

  • Validate cached package entries on ISS slave (bsc#1159184)


  • Do not crash 'mgr-update-status' because 'long' type is not defined in Python 3


  • Skip upgrades when the target has not the same amount of products as the installed set (bsc#1168227)

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Prevent deadlock on suseusernotification (bsc#1173073)

  • Avoid multiple base channels when onboarding minions (bsc#1167871)

  • Hide message about changed Update Tag change (bsc#1169109)

  • Refresh pillar after channel change

  • Use 'changes' field if 'pchanges' field doesn’t exist (bsc#1159202)

  • Skip migration targets when they do not have the same amount of products as the installed set (bsc#1168227)


  • Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)

  • Fixes SSL hostname matching (bsc#1141663)



  • Use python2-uyuni-common-libs and python3-uyuni-common-libs for bootstrap repositories (bsc#1173946)

  • Add 'python-singledispatch' to SLE12 (all SPs) and RES7 bootstrap repos. (bsc#1174700)

  • Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167)

  • Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865)

  • Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1 bootstrap repositories

  • Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud SLE12SP5 clients (they do not have it by defaul anymore)


  • Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)


  • Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)


  • Avoid traceback error due lazy loading which_bin (bsc#1155794)

  • Using new module path for which_bin to get rid of DeprecationWarning

Version 3.2.14


  • Replace pycrypto with M2Crypto as dependency for SLE15+ (bsc#1165425)


  • Disable external entity parsing (1790381, bsc#1164120, CVE-2020-1693)

  • Do not download external entities (1555429, bsc#1085414, CVE-2018-1077)


  • Bugfix: attempt to purge SSM when it is empty (bsc#1155372)


  • Spell correctly "successful" and "successfully"


  • When downloading repo metadata, don’t add "/" to the repo url if it already ends with one (bsc#1158899)

  • Enhance suseProducts via ISS to fix SP migration on slave server (bsc#1159184)


  • Add minion option in config file to disable salt mine when generated by bootstrap script (bsc#1163001)


  • Do not crash 'mgr-update-status' because 'long' type is not defined in Python 3

  • Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921)

  • Spell correctly "successful" and "successfully"


  • Fix error when adding systems to ssm with 'add to ssm' button (bsc#1160246)

  • Validate the suseproductchannel table and update missing date when running mgr-sync refresh (bsc#1163538)

  • Read the subscriptions from the output instead of input (bsc#1140332)

  • Show additional headers and dependencies for deb packages

  • Use channel name from product tree instead of constructing it (bsc#1157317)


  • Spell correctly "successful" and "successfully"


  • Check for delimiter as well when detecting current phase (bsc#1164771)


  • Report merge_subscriptions message in a readable way (bsc#1140332)


  • Add missing library for SLE15 SP2 (slf4j-log4j12)

  • Make the code usable with Math3 on SLES

  • Use log4j12 package on newer SLE versions

  • Aggregate stackable subscriptions with same parameters

  • Implement new "swap move" used in optaplanner (bsc#1140332)

  • Enable aarch64 builds, except for SLE < 15


  • Fix salt bootstrapping on SLE15 (require python3-pycrypto or python3-M2Crypto to support all variants) (bsc#1164563)

  • Add bootstrap-repo data for OES 2018 SP2 (bsc#1161862)

  • Add bootstrap-repo data for SLE15 SP2 Family


  • Adapt 'mgractionchains' module to work with Salt 3000

  • Do not workaround util.syncmodules for SSH minions (bsc#1162609)

  • Force to run util.synccustomall when triggering action chains on SSH minions (bsc#1162683).


  • Add OES 2018 SP2 (bsc#1161862)

  • Rename RHEL 8 Base product

  • Change channel family name according to SCC data

Version 3.2.13


  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)


  • Release Notes have the old name of SUSE (bsc#1152765)


  • Replace iteritems with items for python2/3 compat (bsc#1129243)


  • Do not break communication between 3.2 and 4.0 client tools (bsc#1158799)

  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)


  • Add additional minion options to configfile when generated by bootstrap script (bsc#1159492)

  • Fix bootstrap script generator to work with Expanded Support 8 product (bsc#1158002)


  • Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)


  • Fix container image import (bsc#1154246)

  • Generate metadata with empty vendor (bsc#1158480)

  • Prevent Package List Refresh actions to stay pending forever (bsc#1157034)

  • Fqdns are coming from salt network module instead of fqdns grain (bsc#1134860)

  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)


  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)



  • Show help message when missing sub-command in mgr-sync call (bsc#1134708)

  • Fix product id of SLES12 SP5 x86_64 and remove never released SLED product (bsc#1158963)

  • Add bootstrap-repo data for SLE12 SP5 Family (bsc#1158963)

  • Add bootstrap repo for RHEL 8 and ES 8


  • Generate metadata with empty vendor (bsc#1158480)

  • Prevent SELECT INSTR error in Postgres logs every minute (bsc#1157034)


  • Split remove_traditional_stack into two parts. One for all systems and another for clients not being a Uyuni Server or Proxy (bsc#1121640)

  • Configure GPG keys and SSL Certificates for RHEL8 and ES8

Version 3.2.12

  • Add -n option to spacecmd softwarechannel_adderrata to allow adding errata to non-cloned channel (bsc#1124307)

  • Avoid a "Permission denied" salt error when publisher_acl is set (bsc#1150154)

  • Add script to update additional fields in the DB for existing Deb packages

  • Import additional fields for Deb packages

  • Make traditional bootstrap more robust for unknown hostname (bsc#1152298)

  • Fix WebUI invalidation time by using the package build time instead of the WebUI version (bsc#1154868)

  • fix metadata generation with oracle DB for deb repositories

  • Create a single action when adding erratas to an action chain via the API (bsc#1148457)

  • Fix: regression with Ubuntu version compare (bsc#1150113)

  • Consider timeout value in salt remote script (bsc#1153181)

  • Check if metadata refresh is needed before adding new channels (bsc#1153613)

  • Handle refreshing hardware of VM with changed UUID (bsc#1135380)

  • Fix combinatorial explosion when generating migrations (bsc#1151888)

  • Remove extra spaces in dependencies fields in Debian repo Packages file (bsc#1145551)

  • Import additional fields for Deb packages

  • Fix: handle special deb package names (bsc#1150113)

  • Add -n option to spacecmd softwarechannel_adderrata to allow adding errata to non-cloned channel (bsc#1124307)

  • Allow ssl connections from Tomcat to Postgres (bsc#1149210)

  • Fix WebUI invalidation time by using the package build time instead of the WebUI version (bsc#1154868)

  • Trim strings when creating/updating image stores/profiles (bsc#1133429)

  • Show loading spin while loading salt keys data (bsc#1150180)

  • Allow bootstraping of Expanded Support 6, CentOS6 and Red Hat 6 salt-ssh minions when using the "Minimal" software set (bsc#1155295)

  • Require dmidecode only for SLE12 aarch64 and x86_64 (bsc#1152170)

  • Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)

  • In the installation routine, move the country code tip to country code item.

  • Add PostgreSQL 10 to the migration option and reference it where appropriate.

  • Fix: regression with Ubuntu version compare (bsc#1150113)

  • Add tables rhnPackageExtraTag and rhnPackageExtraTagKey

  • Fix performance issue with Inter-Server Synchronization (bsc#1143954)

  • Fix: handle special deb package names (bsc#1150113)

  • Consider timeout value in salt remote script (bsc#1153181)

  • Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)

  • Introduce dnf-susemanager-plugin for RHEL8 minions

  • Ubuntu repositories released

Version 3.2.11

  • Get tornado dependency from the system on SLE12 (bsc#1149409)

  • Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 (bsc#1147126)

  • Check that a channel doesn’t have clones before deleting it (bsc#1138454)

  • Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419)

  • Do not make 'rhn-satellite-exporter' to crash with "AttributeError" (bsc#1146869)

  • Spacewalk-remove-channel check that channel doesn’t have cloned channels before deleting it (bsc#1138454)

  • Avoid traceback on mgr-inter-sync when the exception message contains UTF8 characters or there are problems with the package cache (bsc#1143016)

  • Virtual guest systems registered as traditional clients are shown as foreign when the virtualization host is registered as foreign (bsc#1093381)

  • Add missing strings for task status page

  • Invalidate cache 5 minutes before actual expiration(bsc#1143562)

  • Add UI message when salt-formulas system folders are unreachable (bsc#1142309)

  • Don’t convert localhost repositories URL in mirror case (bsc#1135957)

  • Check that a channel doesn’t have clones before deleting it (bsc#1138454)

  • Improve websocket authentication to prevent errors in logs (bsc#1138454)

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Cloning Errata from a specific channel should not take packages from other channels (bsc#1142764)

  • Add susemanager as prerequired for spacewalk-java

  • Improve performance for retrieving the user permissions on channels (bsc#1140644)

  • Prerequire salt package to avoid not existing user issues

  • Support partly patched CVEs in CVE audit (bsc#1137229)

  • Configure 150 Tomcat workers by default, matching httpds MaxClients

  • Common-channels: Fix repo type assignment for type YUM

  • Adds support for Ubuntu and Debian channels to spacewalk-common-channels.

  • Fix the 'include recommended' button on channels selection in SSM (bsc#1145086)

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Add unsupported browser warning when using Internet Explorer

  • Add link to the creation of the bootstrap script (bsc#1146895).

  • Improve adoc tagging.

  • LimitNOFILE back-port.

  • Fix command-line error (bsc#1096426).

  • Improve performance for retrieving the user permissions on channels (bsc#1140644)

  • Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message. (bsc#1147126)

  • Dmidecode does not exist on ppc64le and s390x (bsc#1145119)

  • Update susemanager.conf to use adler32 for computing the server_id for new minions

  • New upstream version 1.2.2. Fixes:

    • OOM from a crafted Zip File in Apache Tika’s RecursiveParserWrapper (CVE-2019-10088) (bsc#1144500).

    • Denial of Service in Apache Tika’s 2003ml and 2006ml Parsers (CVE-2019-10093) (bsc#1144510).

    • StackOverflow from Crafted Package/Compressed Files in Apache Tika’s RecursiveParserWrapper (CVE-2019-10094) (bsc#1144515).


Version 3.2.10

  • Do not break repo files with multiple line values on yumpkg (bsc#1135360)

  • Don’t skip Deb package tags on package import (bsc#1130040)

  • Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940)

  • Add journalctl output to spacewalk-debug tarballs

  • Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715)

  • Run completely unattended on Ubuntu (bsc#1137881)

  • Fix URL rewrites for proxy cobbler api endpoint (bsc#1133800)

  • API Documentation: mention the shebang in the system.scheduleScriptRun doc strings (bsc#1138655)

  • For orphan contentsources, look also in susesccrepositoryauth to make sure they are not being referenced(bsc#1138275)

  • Hide the 'View All' guests link for foreign systems (bsc#1116869)

  • Fallback to logged-in-user org and then vendor errata when looking up erratum on cloning (bsc#1137308)

  • Fix profiles package scheduling when epoch is null (bsc#1137144)

  • Keep querystring on ListTag parent_url for actions that have the cid param (bsc#1134677)

  • Improve performance of 'Systems requiring reboot' page (fate#327780)

  • Fix parsing of deb package version string on download (bsc#1130040, bsc#1136093)

  • Enable product detection for plain rhel systems (bsc#1136301)

  • Explicitly mention in API docs that to preserve LF/CR, user needs to encode the data(bsc#1135442)

  • Fix channel sync status logic in products page (bsc#1131721)

  • Fix SSM package upgrade list item selection (bsc#1133421)

  • Let softwarechannel_errata_sync fallback on vendor errata (bsc#1132914)

  • Hide disabled activation keys in form drop-downs (bsc#1101706)

  • Display warning if product catalog refresh is already in progress (bsc#1132234)

  • Fix apidoc issues

  • Prevent CherryPy timeouts (bsc#1118175)

  • Fix check for empty lines in rhn.conf for spacewalk-setup (bsc#1133560)

  • Add checks for empty required entries on formula forms (bsc#1109639)

  • Make dmidecode part of the bootstrap repositiories (bsc#1137952)

  • Update text and image files; general tidying up.

  • On systemd-based systems rhnsd.timer replaces the rhnsd daemon.

  • Disabling the Salt Mine (bsc#1135075).

  • Update Quick Start Guide (Salt getting started).

  • Update Salt rate limiting.

  • Update pressence ping and batching.

  • Tuning of large installations (taskomatic jobs) and other optimization issues (bsc#1135075 and bsc#1135025).

  • Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780)

  • Use default 'master' branch in OSImage profile URL (bsc#1108218)

  • Check for result of image rsync transfer to catch failures early (bsc#1104949)

  • Make sure dmidecode is installed during bootstrap to ensure that hardware refresh works for all operating systems (bsc#1137952)

  • Fix formula name encoding on Python 3 (bsc#1137533)

  • Migrate Python code to be Python 2/3 compatible (bsc#1135959)

  • Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381)

  • Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693)

  • Enable product detection for plain rhel systems (bsc#1136301)

Version 3.2.9

  • Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)

  • Change WebUI string version to 3.2.9

Version 3.2.8

  • Removes string replace for textmode fix (bsc#1134195)

  • Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs

  • Fix usermod options for SLE11 (bsc#1117017)

  • Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061)

  • Do not include "ordereddict" and "singledispatch" on the thin for Python 2.6 systems.

  • Fix paths for py26-compat dependencies on SLE15 and newer

  • Port optimization_order config parameter (bsc#1131423)

  • Use special tornado and msgpack-python compat packages on sles15sp1 and greater in py26-compat-salt.conf (bsc#1131423)

  • Add missing py26 thin dependencies

  • Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079)

  • Use new names in code for client tool packages which were renamed (bsc#1134876)

  • Fix HTTP headers handling to avoid duplicated entries (bsc#1125090)

  • Use suseLib.get_proxy to get the HTTP proxy configuration properly on DEB repos (bsc#1133424)

  • Add new packages names to instructions for adding remote configuration support for traditional clients

  • Print error message instead of stacktrace for

  • Remove the 'Returning' clause from the query as oracle doesn’t support it (bsc#1135166)

  • Use new names in code for client tool packages which were renamed (bsc#1134876)

  • Handle the different retcodes that are being returned when salt module is not available (bsc#1131704)

  • Do not implicitly set parent channel when cloning (bsc#1130492)

  • Prevent Actions that were actually completed to be displayed as "in progress" forever (bsc#1131780)

  • Enable batching mode for salt synchronous calls

  • Show minion id in System Details GUI and API

  • Do not report Provisioning installed product to subscription matcher (bsc#1128838)

  • Fix product package conflicts with SLES for SAP systems (bsc#1130551)

  • Add support for Salt batch execution mode

  • Fix NPE on remote commands when no targets match (bsc#1123375)

  • Fix apidoc return order on mergePackages

  • Take into account only synced products when scheduling SP migration from the API (bsc#1131929)

  • Change WebUI string version to 3.2.8

  • Make swap files readable only by root (bsc#1131954, CVE-2019-3684)

  • Do not show false errors when configuring swapfile during setup

  • Create bootstrap repo for new Red Hat channels (bsc#1133587)

  • Managing Systems Completely via SSH now fully supported (bsc#1131867).

  • Copy 3.1 schema migrations to 3.2 to be able to migrate from an older schema version to 3.2

  • Add support for Salt batch execution mode

  • Add support for Salt batch execution mode

  • Add SLES11 SP4 LTSS channels for SLES for SAP (bsc#1133629)

  • Add SLES11 SP4 LTSS channels for ppc64 (bsc#1132103)

  • Fix async-batch to fire a single done event

  • Do not make Salt CLI to crash when there are IPv6 established connections (bsc#1130784)

  • Include aliases in FQDNS grain (bsc#1121439)

  • Fix issue preventing syndic to start

  • Update to 2019.2.0 release (fate#327138, bsc#1133523) See

  • Update year on spec copyright notice

  • Use ThreadPool from multiprocessing.pool to avoid leakings when calculating FQDNs

  • Do not report patches as installed on RHEL systems when not all the related packages are installed (bsc#1128061)

  • Incorporate virt.volume_info fixes (PR#131)

  • Fix for -t parameter in mount module

  • No longer limiting Python3 version to <3.7

  • Add virt.volume_infos and virt.volume_delete functions

  • Bugfix: properly refresh pillars (bsc#1125015)

  • Removes version from python3 requirement completely

  • Adds missing version update to %setup

  • Add virt.all_capabilities to return all host and domain capabilities at once

  • Switch to better correct version nomenclature Background: The special character tilde (~) will be available for use in version representing a negative version token.

  • Fix setup to use the right version tag

  • Add "id_" and "force" to the whitelist of API check

  • Add metadata to accepted keyword arguments (bsc#1122680)

  • Add salt-support script to package

  • Early feature: Salt support-config (salt-support)

  • More fixes on the spec file

  • Fix spaces and indentation

  • Use Adler32 algorithm to compute string checksums (bsc#1102819)

  • Update spec file patch ordering after MSI patch removal

  • Calculate the "FQDNs" grains in parallel to avoid long blocking (bsc#1129079)

  • Fix batch/batch-async related issues

Version 3.2.7

  • Run fdupes on javadoc

  • Specify java target and source level 1.6 to make package compatible with JDK >= 1.8

  • Conditional java/java-devel requires based on os version

  • Update dependency version for commons-lang3 to 3.4

  • Fix building javadoc

  • Update Optaplanner to 7.17.0

  • Make 'smdba space-overview' postgresql version agnostic (bsc#1129956)

  • Fix version mismatch

  • Fix encoding bug in salt event processing (bsc#1129851)

  • Fix linking of packages in reposync (bsc#1131677)

  • Fix: handle non-standard filenames for comps.xml (bsc#1120242)

  • Mgr-sign-metadata can optionally clear-sign metadata files

  • Introduce a description label for the new 'minion-checkin' Taskomatic job (bsc#1122837)

  • Add support for Ubuntu to bootstrap script

  • Clean up downloaded gpg keys after bootstrap (bsc#1126075)

  • Fix retrieval of build time for .deb repositories (bsc#1131721)

  • Allow access to susemanager tools channels without res subscription (bsc#1127542)

  • Add support for SLES 15 live patches in CVE audit

  • Add a Taskomatic job to perform minion check-in regularly, drop use of Salt’s Mine (bsc#1122837)

  • Fix errata_details to return details correctly (bsc#1128228)

  • Support ubuntu products and debian architectures in mgr-sync

  • Adapt check for available repositories to debian style repositories

  • Add support for custom username when bootstrapping with Salt-SSH

  • Read and update running kernel release value at each startup of minion (bsc#1122381)

  • Add error message on sync refresh when there are no scc credentials

  • Fix apidoc issues

  • Fix deleting server when minion_formulas.json is empty (bsc#1122230)

  • Minion-action-cleanup Taskomatic task: do not clean actions younger than one hour

  • Schedule full package refresh only once per action chain if needed (bsc#1126518)

  • Check and schedule package refresh in response to events independently of what originates them (bsc#1126099)

  • Add configuration option to limit the number of changelog entries added to the repository metadata (fate#325676)

  • Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled

  • Show undetected subscription-matching message object as a string anyway (bsc#1125600)

  • Fix action scheduler time picker prefill when the server is on "UTC/GMT" timezone (bsc#1121195)

  • Allow username input on bootstrap page when using Salt-SSH

  • Add cache buster for static files (js/css) to fix caching issues after upgrading.

  • Update dependencies (Drools, Optaplanner, Guava, Xstream)

  • Make the java and java-devel requirements variable

  • Relax the requirement condition on apache-commons-lang3

  • Support creating bootstrap repos for Ubuntu 18.04 and 16.04.

  • Allow alternative names for bootstrap packages, to allow using old client tools after package renames

  • Feat: create Ubuntu empty repository

  • Fix creation of bootstrap repositories for SLE12 (no SP) by requiring python-setuptools only for SLE12 >= SP1 (bsc#1129765)

  • Add bootstrap repo definition for SLE15 SP1

  • Update text and image files.

  • Enhance documentation on Ubuntu clients (bsc#1131991)

  • Fix bad link.

  • Update Manual Backup and smdba sections.

  • Troubleshooting Salt clients.

  • Fix package endpoint in salt pillar content.

  • Ubuntu Clients supported.

  • Change License to GFL 1.2, as it is the real license for the doc since 3.2.0

  • Add a Taskomatic job to perform minion check-in regularly, drop use of Salt’s Mine (bsc#1122837)

  • Fix performance regression in inter-server-sync (bsc#1128781)

  • Set minion-action-cleanup run frequency from hourly to daily at midnight

  • Update get_kernel_live_version module to support older Salt versions (bsc#1131490)

  • Update get_kernel_live_version module to support SLES 15 live patches

  • Do not configure Salt Mine in newly registered minions (bsc#1122837)

  • Fix Salt error related to remove_traditional_stack when bootstrapping an Ubuntu minion (bsc#1128724)

  • Automatically trust SUSE GPG key for client tools channels on Ubuntu systems

  • Util.systeminfo sls has been added to perform different actions at minion startup(bsc#1122381)

  • Allow access to susemanager tools channels without res subscription (bsc#1127542)

  • Add Ubuntu product definitions

  • Adapt to SCC changes

  • Add CaaSP 4 Toolchain

  • Update xstream to 1.4.10

  • Major changes:

  • New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package).

  • Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework.

  • Improve performance by minimizing call stack of mapper chain.

  • XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).

  • JavaBeanConverter does not respect ignored unknown elements.

  • Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x.

  • Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.

  • Feat: modify patch to be compatible with JDK 11 building

  • Fixes for SLE 15 compatibility

Version 3.2.6

  • Fix for SUSE distribution detection in ISO building (bsc#1123991)

  • Fix javadoc building for JDK11 and later

  • Make salt-netapi-client compatible with JDK 1.8 and JDK 11

  • Add '--force', '-f' option to regenerateYumCache (bsc#1127389)

  • fix typo in syncing product extensions (bsc#1118492)

  • Make reposync use and append token correctly to the URL

  • Added 'mgr-sign-metadata-ctl' for repository metadata signing

  • Update jquery.timepicker dependency to 1.11.14 to allow parsing the time format without depending on the language. (bsc#1119081)

  • Add rewrite rules for .deb repository metadata paths

  • Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492)

  • Change default image download protocol from tftp to ftp

  • Fix a problem when cloning public child channels with a private base channel (bsc#1124639)

  • Prevent crash of mgr-sync refresh when channel label could not be found (bsc#1125451)

  • Keep assigned channels on traditional to minion migration (bsc#1122836)

  • Add support for Ubuntu minions (fate#324534, fate#326848, fate#326811) as technical preview

  • Fix/enhance Debian/Ubuntu repository generation

  • Implement HTTP token authentication for Ubuntu clients

  • Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213)

  • Fix "Add Selected to SSM" on System Groups -> systems page (bsc#1121856)

  • Add configurable option to auto deploy new tokens (bsc#1123019)

  • Show beta products if a beta subscription is available (bsc#1123189)

  • Merge unlimited virtualization lifecycle products with the single variant (bsc#1114059)

  • Improve performance for granting and revoking permissions to user for groups (bsc#1111810)

  • Fix for duplicate key violation when cloning erratas that have no packages associated (bsc#1111686)

  • Update spec file to no longer install tomcat context file in cache directory (bsc#1111308)

  • Fix initializing of the datetime picker (bsc#1126862)

  • Sort activation key list on create image profile page (bsc#1122770)

  • Sort channel lists on the product page of the setup wizard

  • Sort activation key list on bootstrap page (bsc#1122770)

  • Remove RH-specific warning message (bsc#1118100)

  • Add python-setuptools package dependency to SLES12 bootstrap repo (bsc#1119964)

  • Add configurable option to auto deploy new tokens (bsc#1123019)

  • Fix broken shebang in postgresql migration scripts

  • Ensure POSTGRES_LANG is correctly set (bsc#1121787)

  • Update text and image files.

  • Clarification about syncing support (bsc#1124013).

  • Replace SCC screen shot.

  • Improve Salt configuration channel description.

  • Add "spacewalk-report" documentation (from 2.1).

  • Fix image build host version numbers.

  • Set max length for xccdf rule identifier to 255 to prevent internal server error (bsc#1125492)

  • Removing invalid suse-openstack-cloud-6 and suse-packagehub-12-sp4 channel_labels (bsc#1125451)

  • Clean the susesccrepository table before modify it (bsc#1125456)

  • Archive orphan actions when a system is deleted and make them visible in the UI (bsc#1118213)

  • Remove wrong channel_family labels (bsc#1123189)

  • Remove unused 'remove_servergroup_perm' stored procedure (bsc#1111810)

  • Fix mgr_events to use current ioloop (bsc#1126280)

  • Added option to read 'pkg_download_point_…​' pillar values and use it in repo url

  • Add support for Ubuntu minions

  • Prevent the pkgset beacon from firing during onboarding (bsc#1122896)

  • Fix channel label for suse-openstack-cloud-6 and packagehub-12-sp4-* (bsc#1125451)

  • Add SLES11 SP4 LTSS channels (bsc#1123989)

Version 3.2.5

  • Netconfig update requires bind directory to exists for bind forward, ensure it (bsc#1116365)

  • Rework network update in branch-network formula (bsc#1116365)

  • Remove arch from name when pkg.list_pkgs is called with 'attr' (bsc#1114029)

  • Force one python version for SLE12 (python2) and SLE15 (python3)

  • Add disklabel: none to migrated RAID

  • Use FTP active mode for image download

  • Always deploy image when image is specified in partitioning pillar (bsc#1119807)

  • Call blockdev.formatted with force=True

  • Allow RAID images to be defined by saltboot formula

  • image information can be provided directly for disk

  • allow "none" disk label in formula and in that case hide partitioning information

  • Fix importing state channels using configchannel_import

  • Fix getting file info for latest revision (via configchannel_filedetails)

  • Add functions to merge errata (softwarechannel_errata_merge) and packages (softwarechannel_mergepackages) through spacecmd (bsc#987798)

  • Use a Salt engine to process return results (bsc#1099988)

  • Move channel update close to commit to avoid long lock (bsc#1121424)

  • Adapt Inter Server Sync code to new SCC sync backend

  • Fix issue raising exceptions 'with_traceback' on Python 2

  • Hide Python traceback and show only error message (bsc#1110427)

  • Honor renamed postgresql10 log directory for supportconfig

  • Better label visualization when the input is disabled. (bsc#1110772)

  • Avoid a NullPointerException error in Taskomatic (bsc#1119271)

  • Reset channel assignments when base channel changes on registration (bsc#1118917)

  • Allow bootstrapping minions with a pending minion key being present (bsc#1119727)

  • Hide 'unknown virtual host manager' when virtual host manager of all hosts is known (bsc#1119320)

  • Disable notification types with 'java.notifications_type_disabled' in rhn.conf (bsc#1111910)

  • Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies (bsc#1089121)

  • Read OEM Orderitems from DB instead of create always new items (bsc#1098826)

  • Fix mgr-sync refresh when subscription was removed (bsc#1105720)

  • XMLRPC API: Include init.sls in channel file list (bsc#1111191)

  • Fix the config channels assignment via SSM (bsc#1117759)

  • Install product packages during bootstrapping minions (bsc#1104680)

  • Fix cloning channels when managing the same errata for both vendor and private orgs (bsc#1111686)

  • Introduce Loggerhead-module.js to store logs from the frontend

  • Removed 'Manage Channels' shortcut for vendor channels (bsc#1115978)

  • Hide already applied errata and channel entries from the output list in audit.listSystemsByPatchStatus (bsc#1111963)

  • Prevent failing KickstartCommand when customPosition is null (bsc#1112121)

  • Automatically schedule an Action to refresh minion repos after deletion of an assigned channel (bsc#1115029)

  • Performance improvements in channel management functionalities (bsc#1114877)

  • Handle with an error message if state file fails to render (bsc#1110757)

  • When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)

  • Add check for yast autoinstall profiles when setting kickstartTree (bsc#1114115)

  • Use a Salt engine to process return results (bsc#1099988)

  • Fix handling of CVEs including multiple patches in CVE audit (bsc#1111963)

  • fix synchronizing Expanded Support Channel with missing architecture (bsc#1122565)

  • Use a Salt engine to process return results (bsc#1099988)

  • Exit with an error if spacewalk-common-channels does not match any channel

  • Show feedback messages after using the retry option on the notification messages page

  • Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies

  • Fix wording for taskotop (cosmetical only)(bsc#1118112)

  • When changing basechannel the compatible old childchannels are now selected by default. (bsc#1110772)

  • Add bootstrap repo definition for OES 2018 SP1 (bsc#1116826)

  • Rhnlib was renamed to python2-rhnlib. Change bootstrap data accordingly.

  • Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies

  • Adapt mgr-create-bootstrap-repo for Uyuni and let it create bootstrap repos for openSUSE and CentOS

  • Fetch packages from correct channel when creating a bootstrap repository

  • Fix not found package on mgr-create-bootstrap-repo for SLE-15-s390x (bsc#1116566)

  • Add python3-six to bootstrap repo for SLES15 (bsc#1118478)

  • Update text and image files.

  • Enhance forms documentation (more attributes).

  • Proxy: for example, migration from traditional to Salt not supported.

  • RAM requirements for host running kiwi OS images.

  • Notification properties.

  • Update scalability documentation.

  • Change SCC sync backend to adapt quicker to SCC changes and improve speed of syncing metadata and checking for channel dependencies

  • Performance improvements in channel management functionalities (bsc#1114877)

  • Use a Salt engine to process return results (bsc#1099988)

  • Allow bootstrapping minions with a pending minion key being present (bsc#1119727)

  • Use a Salt engine to process return results (bsc#1099988)

  • Add sle-module-web-scripting for OES2018 (bsc#1119233)

  • Add new set of data for the new SCC sync backend

  • Enable SLE15 SP1 family (bsc#1114268)

  • Enable OES2018 SP1 (bsc#1116826)

  • New upstream version (1.20). Fixes infinite loop in SQLite3Parser (CVE-2018-17197) (bsc#1121038)

Version 3.2.4

  • Fix service restart after logrotate for cobblerd (bsc#1113747)

  • Rotate cobbler logs at higher frequency to prevent disk fillup (bsc#1113747)

  • Install missing LICENSE.txt file (bsc#1114814)

  • Add conditional requirement for java 1.8

  • Use java >= 1.8 - required by tika 0.19.1 to /var/log/nutch (bsc#1107869)

  • Add new tarball file for v1.0.1

  • Bump up version to 1.0.1 and fix paths

  • Adjustments after upgrade of tika-core to v1.19

  • Improve error reporting on duplicate systems

  • Output partition size as int (bsc#1116517)

  • Start partition numbers from 1

  • Warn on long group names

  • Improved logging support

  • Add retail_yaml --only-new option

  • Print import summary (bsc#1112754)

  • Add retail_migration tool

  • Check for duplicate addresses in yaml (bsc#1111497)

  • Send pxe_update by external command to make sure it is finished (bsc#1111387)

  • Better error message on missing partitioning pillar (bsc#1110625)

  • Show group id on group_details (bsc#1111542)

  • State channels handling: Existing commands configchannel_create and configchannel_import were updated while system_scheduleapplyconfigchannels and configchannel_updateinitsls were added.

  • Automatic cleanup of notification messages after a configurable lifetime

  • ActivationKey base and child channel in a reactjs component

  • New messages are added for XMLRPC API for state channels

  • Add permissions for tomcat & apache to check bootstrap ssh file (bsc#1114181)

  • Improve return value and errors thrown for system.createEmptyProfile XMLRPC endpoint

  • Fix scheduling jobs to prevent forever pending events (bsc#1114991)

  • Performance improvements for group listings and detail page (bsc#1111810)

  • Fix wrong counts of systems currency reports when a system belongs to more than one group (bsc#1114362)

  • Add check if ssh-file permissions are correct (bsc#1114181)

  • Increase maximum number of threads and open files for taskomatic (bsc#1111966)

  • When removing cobbler system record, lookup by mac address as well if lookup by id fails(bsc#1110361)

  • Allow listing empty system profiles via XMLRPC

  • Automatic cleanup of notification messages after a configurable lifetime

  • Different methods have been refactored in tomcat/taskomatic for better performance(bsc#1106430)

  • Do not try cleanup when deleting empty system profiles (bsc#1111247)

  • Better error handling when a websocket connection is aborted (bsc#1080474)

  • Change Requires to allow installing with both Tomcat 8 (SLE-12SP3) and 9 (SLE12-SP4)

  • ActivationKey base and child channel in a reactjs component

  • Fix typo in messages (bsc#1111249)

  • Cleanup formula data and assignment when migrating formulas or when removing system

  • Remove restrictions on SUSE Manager Channel subscriptions (bsc#1105724)

  • Added shortcut for editing Software Channel

  • Fix permissions check on formula list api call (bsc#1106626)

  • Add sp migration dry runs to the daily status report (bsc#1083094)

  • Increase maximum number of threads and open files for taskomatic (bsc#1111966)

  • Fix typo at --phases option help

  • Make datetimepicker update displayed time (bsc#1041999)

  • Show human-readable system cleanup error messages

  • ActivationKey base and child channel in a reactjs component

  • Fix typo in messages (bsc#1111249)


  • Add new option --with-parent-channel to mgr-create-bootrap-repo to specify parent channel to use if multiple options are available (bsc#1104487)

  • Update text and image files.

  • Add information about SLE12 SP4 as base OS for Server and Proxy

  • Fix package version (bsc#1115449)

  • Automatic cleanup of notification messages after a configurable lifetime

  • Add missing minion-action-chain-cleanup to db init scripts

  • Deploy SSL certificate during onboarding of openSUSE Leap 15.0 (bsc#1112163)

  • SUSE OpenStack Cloud 9 enablement (bsc#1113557)

  • Add SUSE Manager 3.1 and 3.2 to SLES12 SP4

  • Fix improper XML parsing to prevent DoS attacks (CVE-2018-11761) (bsc#1109235)

  • Install missing LICENSE.txt file (bsc#1114814)

  • New upstream version (0.19.1)

Version 3.2.3

  • Do not allow empty values in SOA pillar

  • Generate rev zones for any zone

  • Include forwarders, allow generic options in bind formula

  • Advanced features in form

  • Updated from upstream

  • Form hardware address clarification (bsc#1106243)

  • Allow hosts to be specified under specific subnet

  • Mark domain name as optional in form

  • Update form.yml to use edit-groups

  • Remove no longer needed local changes

  • Update formula from upstream:

    • Add support for several config options

    • Add domain-search option

    • Class and subnet pool minor fixes / additions

    • Add option next-server for hosts in dhcpd.conf

  • Change default hadoop.log location to /var/log/nutch

  • Disable log file rotation in the log4j configuration in order to handle rotation using logrotate and change the path of hadoop.log to /var/log/nutch (bsc#1107869)

  • Adjusted pacakges list for Retail pattern

  • Fix wrong recurse behavior on for linux_acl.present (bsc#1106164)

  • Adding backport for string arg normalization and fix for SUSE ES os

  • Add summary to softwarechannel.clone when calling older API versions (bsc#1109023)

  • New function/Update old functions to handle state channels as well

  • Fix 'image deployed' event data parsing (bsc#1110316)

  • Handle 'image deployed' salt event by executing post-deployment procedures

  • Fix NullPointerException when refreshing deleted software channel (bsc#1094992)

  • Remove special characters from HW type string

  • Fix script is deleted too early (bsc#1105807)

  • Make Kiwi OS Image building enabled by default

  • Change Saltboot grain trigger from "initrd" to "saltboot_initrd"

  • Optimize execution of actions in minions (bsc#1099857)

  • Add last_boot to listSystems() API call

  • Changed localization strings for file summaries (bsc#1090676)

  • Added menu item entries for creating/deleting file preservation lists (bsc#1034030)

  • Check valid postgresql database version

  • Fix displayed number of systems requiring reboot in Tasks pane (bsc#1106875)

  • Modify acls: hide 'System details -> Groups and Formulas' tab for non-minions with bootstrap entitlement

  • Double check if the websocket connection is still open on sendText failure (bsc#1080474)

  • Remove the reference of channel from revision before deleting it(bsc#1107850)

  • Pair a new starting minion with empty profile based on its HW address (MAC)

  • Allow creating empty minion profiles via XMLRPC, allow assigning and editing formula for them

  • Added link from virtualization tab to Scheduled > Pending Actions (bsc#1037389)

  • Fix applying default values to edit-group

  • Respect $name in dictionary edit-group

  • Filter out empty values in edit-group (bsc#1104837)

  • Add postgresql version info

  • Use ASCII quotation marks in license file (bsc#1098970)

  • Rebuilt same bsc bugs apply from former push

  • SUSE Manager documentation doesn’t contain note that third party software is not allowed on the server (bsc#1105497)

  • SUSE Manager 3.2 Proxy online doc: broken links (bsc#1102857)

  • Entities added to single file entities.adoc

  • Cleaned up adoc sources

  • Added a Dockerfile for building docs via a single command see: doc-susemanager/docker-builder instructions coming soon

  • Check valid postgresql database version

  • Add index for HW address on network interface

  • Install all available known kiwi boot descriptions

  • Fix: Cleanup Kiwi cache in highstate (bsc#1109892)

  • Removed the ssl certificate verification while checking bootstrap repo URL (bsc#1095220)

  • Removed the need for curl to be present at bootstrap phase (bsc#1095220)

  • Add SUSE Manager for Retail Branch Server (bsc#1108004)

  • Adjust tftpd defaults for standalone use

  • Adjusted default directory

  • Use boolean values in pillar

Version 3.2.2

  • Remove unneeded requires for minion proxy; traditional clients still will get those packages via bootstrap repo

  • Prepend current directory when path is just filename (bsc#1095942)

  • Suggest not to use password option for spacecmd (bsc#1103090)

  • Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool(bsc#1104120)

  • Take only text files from /srv/salt to make spacewalk-debug smaller (bsc#1103388)

  • Missing link to LDAP instructions (bsc#1102464)

  • Fix copyright for the package specfile (bsc#1103696)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Feat: check for Dynamic CA-Trust Updates while bootstrapping on RES (FATE#325588)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Feat: add OS Image building with Kiwi fate#322959 fate#323057 fate#323056

  • Fix /etc/sudoers.d/spacewalk file (related to bsc#1099517)

  • Fix mgr-sync refresh when subscription was removed (bsc#1105720)

  • Method to Unsubscribe channel from system (bsc#1104120)

  • Enable auto patch updates for salt clients

  • Fix ACLs for system details settings

  • Fix: delete old custom OS images pillar before generation (bsc#1105107)

  • Fix an error in the system software channels UI due to SUSE product channels missing a corresponding synced channel (bsc#1105886)

  • Fix 'Compare Config Files' task hanging (bsc#1103218)

  • Reschedule taskomatic jobs if task threads limit reached (bsc#1096511)

  • XMLRPC API for state channels

  • Subscribe saltbooted minion to software channels, respect activation key in final registration steps

  • Fix deletion of Taskomatic schedules via the GUI (bsc#1095569)

  • Generate OS image pillars via Java

  • Logic constraint: results must be ordered and grouped by systemId first (bsc#1101033)

  • Store activation key in the Kiwi built image

  • Do not wrap output if stderr is not present (bsc#1105074)

  • Store image size in image pillar as integer value

  • Fix retrieving salt-ssh pub key for proxy setup when key already exists (bsc#1105062)

  • Implement the 2-phase registration of saltbooted minions (SUMA for Retail)

  • Avoid an NPE on expired tokens (bsc#1104503)

  • Generate systemid certificate on suse/systemid/generate event (fate#323069)

  • Fix system group overview patch status (bsc#1102478)

  • Allow salt systems to be registered as proxies (fate#323069)

  • Add DNS name to cobbler network interface (fate#326501, bsc#1104020)

  • Fix behavior when canceling actions (bsc#1098993)

  • Speedup listing systems of a group (bsc#1102009)

  • Disallow '.' in config channel names (bsc#1100731)

  • Add python3 xmlrpc api example to docs.

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Apply State Result - use different color for applied changes

  • Fix missing acl to toggle notifications in user prefs in salt clients (bsc#1100131)

  • Clean up correct system sudoers file (bsc#1099517)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Allow relative path in visibleIf tag in formulas

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Refactor the fetching and cache the child channels and mandatory channels in System Details change channels page

  • Update partnumbers rule file (bsc#1095972)

  • Use intermediate object to store confirmed matches within a penalty group and prevent infinite reactivation of Inherited virtualization rule (bsc#1094524)

  • Bootstrap repos for SLE12 SP4 (bsc#1107117)

  • Do not fail if postgresql user has no interactive login shell

  • Fix broken stderr redirection in mgr-setup

  • Add new dependency python-setuptools to bootstrap packages (bsc#1106026)

  • Add debug mode for mgr-create-bootstrap-repo

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • OS Image building with Kiwi: SUSE Manager can now build Kiwi-based image creation for installable Linux OS images and virtual machines.

  • Missing link to LDAP instructions (bsc#1102464)

  • Enable auto patch updates for Salt minions

  • Enable system preferences for Salt minions (bsc#1098388)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)

  • Fix merging of image pillars

  • Fix: delete old custom OS images pillar before generation (bsc#1105107)

  • Generate OS image pillars via Java

  • Store activation key in the Kiwi built image

  • Implement the 2-phase registration of saltbooted minions (SUSE Manager for Retail)

  • Feat: add OS Image building with Kiwi (fate#322959 fate#323057 fate#323056)


Version 3.2.1

  • Do not try to hardlink to a symlink. The result will be a dangling symlink in the general case (bsc#1097733)

  • Handle packages with multiple version properly with zypper (bsc#1096514)

  • Fix file.get_diff regression in 2018.3 (bsc#1098394)

  • Fix file.managed binary file utf8 error (bsc#1098394)

  • Add custom SUSE capabilities as Grains (bsc#1089526)

  • Bugfix: state file.line warning (bsc#1093458)

  • Enable '--with-salt-version' parameter for script

  • Add environment variable to know if yum is invoked from Salt (bsc#1057635)

  • Fix directory permissions (bsc#1101152)

  • Feature: implement optional signing repository metadata

  • Fix truncated result message of server actions (bsc#1039043)

  • Do not copy 'foreign_entitlement' from virtual host to the registered guest (bsc#1093381)

  • Disable child channel selection only if channel is actually assigned (bsc#1097697)

  • Remove not needed build dependency to cobbler (bsc#1102137)

  • Fix: errata id should be unique (bsc#1089662)

  • Fix race condition when applying patches to systems (bsc#1097250)

  • Improve cve-server-channels Taskomatic task’s performance (bsc#1094524)

  • Fix union and intersection button in grouplist (bsc#1100570)

  • Fix checking for salt pkg upgrade when generating action chain sls

  • Add queue=true to state.apply calls generated in action chain sls files

  • Feature: show ordered and formated output of state apply results

  • Fix defining a schedule for repo-sync (bsc#1100793)

  • Drop removed network interfaces on hardware profile update (bsc#1099781)

  • Feature: implement test-mode for highstate UI

  • Feature: implement optional signing repository metadata

  • Valid optional channel must be added before reposync starts (bsc#1099583)

  • Fix tabs and links in the SSM "Misc" section (bsc#1098388)

  • Handle binary files appropriately (bsc#1096264)

  • XML-RPC API call system.scheduleChangeChannels() fails when no children are given (bsc#1098815)

  • Ignore inactive containers in Kubernetes clusters

  • Explicitly require IBM java for SLES < SLE15 (bsc#1099454)

  • Do not break backward compatibility on package installation/removal (bsc#1096514)

  • Fix minion software profile to allow multiple installed versions for the same package name (bsc#1089526)

  • Fix NPE in image pages when showing containers with non-SUSE distros (bsc#1097676)

  • Do not log when received 'docker://' prefix from Kubernetes clusters

  • Fix cleaning up tasks when starting up taskomatic (bsc#1095210)

  • Mark all proceeding actions in action-chain failed after an action failed(bsc#1096510)

  • Check if directory /srv/susemanager/salt/actionchains exists before deleting minion action chain files

  • Specify old udev name as alternative when parsing hw results

  • Fix detection of a xen virtualization host (bsc#1096056)

  • Fix hardware refresh with multiple IPs on a network interface (bsc#1041134)

  • Fix truncated result message of server actions (bsc#1039043)

  • Fix: limit naming of action chain (bsc#1086335)

  • Add missing result fields for errata query (bsc#1097615)

  • Add new 'upgrade_satellite_refresh_custom_sls_files' task to refresh custom SLS files generated for minions (bsc#1094543)

  • Improve gatherer-matcher Taskomatic task’s performance (bsc#1094524)

  • Show chain of proxies correctly (bsc#1084128)

  • Fix the search when server is missing primary interface (bsc#1099638)

  • Sudoers file is now in /etc/sudoers.d/spacewalk (bsc#1099517)

  • Refactor buttons.js

  • Feature: implement test-mode for highstate UI

  • Disable child channel selection only if channel is actually assigned(bsc#1097697)

  • Fix typo in 'Installed Products' label in image overview page

  • Fix css issues on minion-state pages (bsc#1083295)

  • Show feedback on button clicked (bsc#1085464)

  • Show chain of proxies correctly (bsc#1084128)

  • Improve the gulpfile watch mode performance (bsc#1096747)

  • Fix mgr-create-bootstrap-repo with custom channels (bsc#1099934)

  • Add package python-pyudev for bootstrapping (bsc#1099311)

  • Feat: allow cleanup of bootstrap repo (bsc#1096204)

  • Update susemanager-nodejs-sdk-devel to 1.0.2 (bsc#1096747)

  • Copy missing action-chain schema migration to correct directory (bsc#1100760)

  • Fix truncated result message of server actions (bsc#1039043)

  • Fix config channels state revision inconsistency after migration (bsc#1094543)

  • Use custom Salt capabilities to prevent breaking backward compatibility (bsc#1096514)

  • Update profileupdate.sls to report all versions installed (bsc#1089526)

  • Do not install 'python-salt' on container build hosts with older Salt versions (bsc#1097699)

Major changes since SUSE Manager 3.1 Server

Salt 2018.3.0

Salt has been upgraded to the final 2018.3.0 release.

We do intend to upgrade Salt regularly to more recent versions.

For changes in your manually created Salt states, please see the Salt 2017.7 and 2018.3 upstream release notes.

Salt action chains

Action chains are enabled for Salt minions now. It works like action chains for traditional clients, see the documentation for details.

SLE 15

The SLE 15 product family is fully supported as a client operating system.

Due to its new module concept, the product selection page in SUSE Manager was redesigned. Please see the documentation about choosing SLE 15 modules.

SLES 15 and Python 3

SLES 15 utilizes Python 3 as its default system version. Due to this change any older bootstrap scripts (based on python 2) must be regenerated for SLES 15 systems.

Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.

Formulas with Forms improvements

  • Formula data can now be managed with XMLRPC API.

  • New types so almost any kind of upstream formula can be handled by SUSE Manager.

SUSE Manager Proxy versions

SUSE Manager 3.2 Server can work with version 3.1 of SUSE Manager Proxy.

When upgrading, upgrade the server first, followed by proxies. See the advanced topics manual for detailed upgrade instructions.

Upstream changes since SUSE Manager 3.1

Note: Changes from the upstream project are listed here as-is. There’s no guarantee that all of them are actually available in SUSE Manager 3.2 Server.

Spacewalk 2.8

SUSE Manager 3.2 Server is based on Spacewalk 2.8 with many new features added by SUSE.

  • Spacewalk now installable on Fedora 27 and has been tested on Fedora 28 Beta as well

  • Spacewalk supports Fedora 27 and Fedora 28 clients

  • Python 2 packages are no longer needed on systems with Python 3 as default

  • Spacewalk server is now capable of syncing and distributing of Fedora modularity (modules.yaml) files.

  • PostgreSQL 10 is now supported

  • Package dwr updated to version 3.0.2 fixing security vulnerabilities

  • It’s now possible to manage errata severities via Spacewalk server Several bugfixes

  • Updated API calls:

    • errata.create/setDetails - add possibility to manage severities

    • system.schedulePackageRemoveByNevra - support removal of packages which are not in database

Spacewalk 2.7

  • Spacewalk now supported on Fedora 25 and Fedora 26

  • Spacewalk supports Fedora 25 and Fedora 26 clients

  • Improved Debian/Ubuntu version parsing and matching

  • Spacewalk wiki now hosted on GitHub

  • Significant improvements to channel synchronization speed

  • New utility to monitor what taskomatic daemon is doing - taskotop is part of spacewalk-utils package

  • jabberd, which support OSAD, now uses sqlite database for improved reliability

  • jpackage libraries/packages replaced with standard ones

  • Improved kickstart profile support

  • New API calls:

    • channel.listManageableChannels

    • schedule.failSystemAction

  • API calls restored for backward compatibility:

    • proxy.createMonitoringScout

    • satellite.isMonitoringEnabled

    • satellite.isMonitoringEnabledBySystemId


Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from the SUSE Manager Server or clients.

The standard disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

In the SUSE Manager Server’s case, please be aware that supportconfig’s output will contain information about clients as well.

In particular, debug data for the Subscription Matching feature contain a list of the registered clients, their installed product and some minimal hardware information (CPU socket count). It also contains a copy of subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage is not supported.

Support for EOL’ed products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. See the Product Support Lifecycle page.

This support is limited to scenarios to bring production systems to a supported state. Either by migrating to a supported service pack or by upgrading to a supported product version.


spacewalk-utils, a packaged set of command line tools, continues to be L1* supported only - with some exceptions. Any of these commands needs expertise and can break your system. However, we consider these tools valuable enough to be included, but not fully supported.

  • L1 (Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.)

The following tools of spacewalk-utils are fully supported:

  • spacewalk-clone-by-date

  • spacewalk-sync-setup

  • spacewalk-manage-channel-lifecycle

Providing feedback to our products

In case of encountering a bug please report it through your support contact.

Documentation and other information

Technical Information: SUSE Manager contains additional or updated documentation for SUSE Manager Server 3.2.

These Release Notes are available online. Further information about SUSE Manager is available in the Wiki and the SUSE Best Practices.

Visit for the latest Linux product news from SUSE and for additional information on the source code of SUSE Linux Enterprise products.

Maxfeldstraße 5
90409 Nuremberg, Germany
Tel: +49 (0)911 740 53 - 0
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Mary Higgins, Sri Rasiah
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list ( All third-party trademarks are the property of their respective owners.


Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.