This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • November 2019: 4.0.3 release

  • September 6th 2019: 4.0.2 release

  • July 9th 2019: 4.0.1 release

  • June 26th, 2019: 4.0.0 release

About SUSE Manager 4

Now based on SUSE Linux Enterprise 15 Service Pack 1 and the Uyuni project, SUSE Manager 4 further delivers a best-in-class open source infrastructure management solution that lowers costs, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4 allows our customers to:

Lower costs and simplify management

  • Simplify management and reduce operational expenditure with enhanced package staging through a new Content Lifecycle Management user interface and improved APIs for managing packages, patches, and configurations. Moving packages across multiple stages, like development, QA and production is now a simple UI-based task.

  • Ease virtual machine management with new Salt-based virtual machine management that allows near real-time management of hundreds of servers. This allows managing virtual machines not just through a UI, with start/stop buttons, but also by defining Salt states. For example, you can create a Salt state that always ensures that the same three virtual machines are created and running on all your branch servers. Advanced virtual machine management is a technology preview and will require a paid-for add-on subscription per virtualization host.

Increase availability and visibility with expanded monitoring and alerting capabilities

Gain better infrastructure insights and reduce downtime, with the ability to provision, configure, and automate a reliable and easy to use monitoring and alerting infrastructure built on the next generation Prometheus based monitoring stack. With a single tool, you can now deploy, configure and manage your Linux infrastructure, and also monitor the health of that infrastructure. Monitoring is a paid-for add-on subscription per managed system.

Reduce complexity and regain control

  • SUSE Manager now supports managing openSUSE Leap 15.1 and Ubuntu LTS 16.04 and 18.04 clients.

  • SUSE Manager 4 can be deployed from the unified SUSE Linux Enterprise 15 installer.

  • “Formulas with Forms” capabilities for SAP allow the easy set-up of SAP HANA nodes and HA cluster configuration according to best practices. Formulas are provided as a technology preview via SUSE Package Hub.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:



SUSE Manager Server 4 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 1. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place updates from previous versions of SUSE Manager Server are not supported. The supported upgrade method is to migrate the data from your SUSE Manager Server 3.2 installation to SUSE Manager Server 4.0.

If your SUSE Manager Server 3.2 uses an older version of PostgreSQL, you need to upgrade to PostgreSQL 10 before performing the migration!

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite to SUSE Manager Server 4.0 is conditionally supported. To perform this migration, we strongly recommend you get in contact with a SUSE sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand clients, when deployed according to the instructions in the Installation Guide on Scaling beyond that number needs special consideration.

For more information and instructions on large-scale deployments, see

Before you begin, you should always get advice from a SUSE partner, sales engineer, or consultant.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red Hat Enterprise Linux, come with a very large number of packages that may cause taskomatic to run out of memory. If this occurs, we recommended that you increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding this line:

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If taskomatic continues to run out of memory, you can increase the number further. However, keep in mind that this will affect the total memory required by SUSE Manager Server.

Major changes since SUSE Manager Server 4.0 GA

Features and changes

Version 4.0.3

New Content Lifecycle Management filters

In SUSE Manager 4.0.0 we introduced Content Lifecycle Management with a filter to exclude packages and patches based on their name. Feedback for this feature was very positive and many proposals for enhancement were received.

In this release, we are introducing a lot of new possibilities for Content Lifecycle Management:

  • New filters: by date, by keyword (e. g. "reboot needed" or "package manager restart required"), by type (security, recommended or optional), by synopsis and "patch contains package".

  • New ALLOW mode, which in addition to the existing DENY mode, makes possible to filter out packages, and then include them again into the resulting set.

  • New matchers: in addition to the existing greater than, lesser than, equals, etc, we have now added a regular expression matcher for package names, patch names, patch synopsis and package names in patches.

  • Better visualization of the filters attached to a CLM project, with ALLOW and DENY now shown on each side of the screen.

We have documented two typical use cases: a monthly patch cycle and live patching.

More enhancements to Content Lifecycle Management will come in future releases of SUSE Manager 4.0.

Enhanced support for Debian and Ubuntu

With each release of SUSE Manager, we continue to enhance our Debian and Ubuntu support.

SUSE Manager 4.0.3 greatly improves our compatibility thanks to:

  • Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels.

  • Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.

New Prometheus exporters and formulas

A new set of client tool packages now includes Prometheus exporters for more clients: RHEL 6, RHEL 7, SLES ES 6, SLES ES 7, Ubuntu 18.04 and SLES 11 SP4 (only x86-64 and i586). Both the Prometheus node exporter and the PostgreSQL exporter are provided for those operating systems.

Additionally, the prometheus-exporters-formula is a new package for the Server which includes a Salt formula to deploy a Prometheus Server.

Subscription matching in Public Cloud

We’ve added new types of Virtual Host Managers in order to gather virtual instances from Public Cloud providers. Azure, AWS and Google Cloud are now supported, in addition to the existing VMware and generic (file-based, manually-maintained, useful for any cloud provider) gatherer modules.

Creating VHM to gather virtual instances from the Public Cloud will enable the subscription matcher to match "1-2 virtual machines" subscriptions for those instances that are running on the same Public Cloud zone.

Please take into account the following considerations in this version. They will be addressed in upcoming versions of SUSE Manager:

  • This functionality will only work with Salt clients.

  • Manual installation of the virtual-host-gatherer-libcloud package is required.

  • The public cloud gatherers will report and try to match all instances, no matter if they are BYOS or PAYG, leading to an incorrect calculation of the required subscriptions if you combine BYOS and PAYG.

Preventive shutdown of Server when running out of disk space

Some customers have hit in the past a database corruption problem when PostgreSQL ran out of space.

In order to prevent that from happening in the future, we have added a diskchecker to SUSE Manager Server. This feature will send a warning mail when the most common and important SUSE Manager directories are below 10% of free disk space, and will shut down the SUSE Manager Serve when those directories are below 5% of free disk space.

This new feature is only enabled by defult in new installations. For existing installations, the administrator can enable the tool manually after updating to the latest maintenance update by running:

systemctl --quiet enable spacewalk-diskcheck.timer

systemctl start spacewalk-diskcheck.timer

Full details on the parameterization of this new feature are available in the Managing disk space documentation page.

Single Page Application UI

In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.

This feature is optional in SUSE Manager 4.0 and is disabled by default. To enable it, customers can now add = true to /etc/rhn/rhn.conf, and then restart Tomcat.

Other changes
  • Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it.

  • Taskomatic now takes a maximum of 4 GB of RAM (it used to be 2 GB), which better matches the current average use case.

  • Salt clients can now be re-provisioned from SUSE Manager. This allows major version OS updates for SLES and SUSE Manager Proxy.

  • Normalize date formats for actions, notifications and CLM

  • RHEL 8, SLES ES 8 and CentOS 8 clients are not yet supported. While the changelog shows many changes to enable them on the Server and Proxy side, the client tools are not ready yet. SUSE Manager 4.0.4 will bring initial support RHEL 8 and SLES ES 8 clients as Salt minions.

Version 4.0.2

New products supported
  • SUSE Linux Enterprise Real Time 12 SP4


Grafana is a tool for data visualization, monitoring, and analysis. It is used to create dashboards with panels representing specific metrics over a set period of time. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, and Influx DB.

This version of SUSE Manager includes Grafana in the client tools channel, both for 4.0 and 3.2. A SUSE Manager Grafana dashboard is provided as an example.

The Monitoring section of the Administration Guide contains full detail on how to configure Grafana together with SUSE Manager.

Prometheus service autodiscovery

Prometheus is a monitoring tool used to record real-time metrics in a time-series database. Metrics are collected using HTTP pulls, allowing for higher performance and scalability.

We have updated the Prometheus package with a new version that include a built-in service discovery mechanism that will allow users to more easily configure monitoring on their SUSE Manager systems.

Previously, after configuring the exporters on managed clients, users had to manually configure their Prometheus servers to start scrapping metrics from those systems. With this update, it will be possible to use a "service discovery" mechanism that will automate this part of the configuration. The configuration options are simple: it is only required to provide a SUSE Manager Server URL and valid API credentials.

Under the hood, what this mechanism does is letting Prometheus poll the SUSE Manager API, asking for a list of systems that have monitoring enabled, and automatically configuring Prometheus to collect metrics from those systems.

In this version, the autodiscovery functionality is provided as a Technology Preview.

More information about configuring Prometheus can be found in the Monitoring section of the Administration Guide.

CPU mitigation formula

CPU mitigations have been introduced to improve security on CPUs affected by vulnerabilities such as Meltdown and Spectre. The mitigations are available in SUSE Linux Enterprise 12 SP3 and later in the cpu-mitigations-formula package, which is not installed by default.

The new CPU Mitigation formula allows you to control which mitigations are enabled.

Updated documentation

The SUSE Manager documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, retail images and formulas, etc

Of particular interest for customers with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we strongly recommend that you contact SUSE Consulting for assistance with tuning for your specific case.

Additionally, the search functionality in the documentation now works offline.

Enhanced support for Ubuntu and Debian clients

The Multi-Arch and Pre-depends headers are now supported for .deb repositories, hence avoiding installation problems that could arise in some cases when deploying packages from the UI.

Also, Ubuntu and Debian channels now come preconfigured in spacewalk-common-channels. The Debian CDN is used to provide the best mirror at each moment. For Ubuntu, you may want to replace the default mirror with a closer geo-mirror.

Keep in mind SUSE does not provide support for the spacewalk-common-channels tool form the spacewalk-utils package.

UEFI boot (Retail)

SUSE Manager for Retail can now create the required partitions and image machines with an EFI boot, using the Saltboot formula.

Version 4.0.1

New products supported

  • openSUSE Leap 15.1


The SUSE Patch Finder is a simple online service to view released patches.

Version 4.0.3


  • Fix for install loop caused autoinstallation profiles (bsc#1151875)

  • Update module config description to match new parameters

  • Add config migration script and runs it in post-install script

  • Fix for config backups in post install script (bsc#1149075)

  • Move apache config file cobbler.conf to conf.d directory and remove the VirtualHost container as it overwrite rules already set in conf.d

  • Realignment with Cobbler 3.0.0 release candidate.

  • Fix for typo in settings for scm_track module.

  • Optimization for settings loading in scm_track module.


  • Fix grub entry changed for sle12* so it matches sle15* (bsc#1145873)


  • Obsolete all old python2-osa* packages to avoid conflicts (bsc#1152290)


  • Add recommends for cpu-mitigations-formula



  • Allow to configure arbitrary arguments when running exporters

  • Add support for Debian/Ubuntu and Red Hat systems (RHEL/CentOS)

  • Install the LICENSE together with the package


  • Get tornado dependency from the system on SLE12 (bsc#1149409)


  • Update to version 0.1.1568808472.be9f236

  • Parse parition type 82 as swap in SLEPOS migration (bsc#1136959)

  • Allow kernel command line for branches to be set as an option to retail_branch_init CLI

  • Automatically calculate dhcp dynamic range from branch ip if not set


  • Allow non-integer values for URLGRABBER_DEBUG env variable (bsc#1152514)

  • Fixes usage of log level lookup for Python3 (bsc#1146683)


  • Java api expects content as encoded string instead of encode bytes like before (bsc#1153277)

  • Fix building and installing on CentOS8/RES8/RHEL8

  • Check that a channel doesn’t have clones before deleting it (bsc#1138454)


  • Avoid a "Permission denied" salt error when publisher_acl is set (bsc#1150154)


  • Fix re-registration with re-activation key (bsc#1154275)

  • Change the default value of taskomatic maxmemory to 4GB

  • Add basic support for importing modular repositories

  • Import additional fields for Deb packages

  • Add script to update additional fields in the DB for existing Deb packages

  • Use active values for diskchecker mails

  • Parse restart_suggested flag from patches and set it as keywords (bsc#1151467)

  • Improve error message when deleting channel that’s in a content lifecycle project (bsc#1145769)

  • Prevent "reposync" crash when handling metadata on RPM repos (bsc#1138358)

  • Do not show expected WARNING messages from "c_rehash"

  • Fix misspelling in spacewalk-repo-sync (bsc#1149633)

  • Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419)

  • Do not crash 'rhn-satellite-exporter' with ModuleNotFound error (bsc#1146869)

  • Spacewalk-remove-channel check that channel doesn’t have cloned channels before deleting it (bsc#1138454)

  • Fix broken spacewalk-data-fsck utility

  • Add '--latest' support for reposync on DEB based repositories

  • Do not try to download RPMs from the unresolved mirrorlist URL

  • Fix encoding issues with DB bytes values (bsc#1144300)

  • Fix import of rhnAuthPAM to avoid issues when using rhnpush.

  • Avoid traceback on mgr-inter-sync when there are problems with cache of packages (bsc#1143016)


  • Improve menu scrollbar style for firefox

  • Add UI message when salt-formulas system folders are unreachable (bsc#1142309)


  • Require mgr-daemon (new name of spacewalksd) so systems with spacewalksd get always the new package installed (bsc#1149353)


  • Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)

  • Enable spacewalk-update-service on package installation (bsc#1143789)

  • Invalidate cache 5 minutes before actual expiration(bsc#1143562)


  • Change the default value of taskomatic maxmemory to 4GB

  • Resolve modules.yaml file for modular repositories


  • Change the default value of taskomatic maxmemory to 4GB

  • Silence cache strategy Hibernate warning

  • Return result in compatible type to what defined in database procedure (bsc#1150729)

  • Allow channels names to start with numbers

  • Fix: handle special deb package names (bsc#1150113)

  • Fix: regression with Ubuntu version compare (bsc#1150113)

  • Remove extra spaces in dependencies fields in Debian repo Packages file (bsc#1145551)

  • Allow monitoring for managed systems running Ubuntu 18.04 and RedHat 6/7

  • Improve performance for 'Manage Software Channels' view (bsc#1151399)

  • Import additional fields for Deb packages

  • Use value from systemd unit file if not set in /etc/rhn/rhn.conf

  • Implement "keyword" filter for Content Lifecycle Management

  • Add support for Azure, Amazon EC2, and Google Compute Engine as Virtual Host Manager.

  • Allow ssl connections from Tomcat to Postgres (bsc#1149210)

  • Use default in case is unset

  • Fix parsing of /etc/rhn/rhn.conf for (bsc#1151097)

  • Change form order and change project creation message (bsc#1145744)

  • Use 'SCC organization credentials' instead of 'SCC credentials' in error message (bsc#1149425)

  • Implement "regular expression" Filter for Content Lifecycle Management matching package names, patch name, patch synopsis and package names in patches

  • Implement provisioning for salt clients

  • Explicitly mention in API docs that to preserve LF/CR, user needs to encode the data(bsc#1135442)

  • New Single Page Application engine for the UI. It can be enabled with the config '' set to true

  • Check that a channel doesn’t have clones before deleting it (bsc#1138454)

  • Fix documentation of contentmanagement handler (bsc#1145753)

  • Add new API endpoint to list available Filter Criteria

  • Improve API documentation of Filter Criteria

  • Implement "patch contains package" Filter for Content Lifecycle Management

  • Implement Filter Patch "by type" Content Lifecycle Management

  • Improve websocket authentication to prevent errors in logs (bsc#1138454)

  • Implement filtering errata by synopsis in Content Lifecycle Management

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Implement ALLOW filters in Content Lifecycle Management

  • Implement "by date" Filter for Content Lifecycle Management

  • UI render without error if salt-formulas system folders are unreachable (bsc#1142309)

  • Cloning Errata from a specific channel should not take packages from other channels (bsc#1142764)

  • Add susemanager as prerequired for spacewalk-java


  • Fix cobbler authentication module configuration required for new cobbler package

  • Configure 150 Tomcat workers by default, matching httpds MaxClients


  • Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)

  • Common-channels: Fix repo type assignment for type YUM


  • Redirect to project when canceling creating a filter (bsc#1145750)

  • Better visualization of the filters attached to a CLM Project. Allow/deny are now split

  • Fix ui issues with content lifecycle project list page (bsc#1145587)

  • Implement "keyword" filter for Content Lifecycle Management

  • Enable Azure, Amazon EC2 and Google Compute Engine as available Virtual host Managers

  • Trim strings when creating/updating image stores/profiles (bsc#1133429)

  • Show loading spin while loading salt keys data (bsc#1150180)

  • CLM - Disable clones by default of the shown CLM Project sources

  • Change form order and change project creation message (bsc#1145744)

  • Add UI message when salt-formulas system folders are unreachable (bsc#1142309)

  • Implement "regular expression" Filter for Content Lifecycle Management matching package names, patch name, patch synopsis and package names in patches

  • New Single Page Application engine for the UI. It can be enabled with the config '' set to true

  • Add environment label when deleting environment (bsc#1145758)

  • Change color of disabled build button on clp page (bsc#1145626)

  • Fix the 'include recommended' button on channels selection in SSM (bsc#1145086)

  • Implement "patch contains package" Filter for Content Lifecycle Management

  • Implement Filter Patch "by type" Content Lifecycle Management

  • Implement filtering errata by synopsis in Content Lifecycle Management

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Implement ALLOW filters in Content Lifecycle Management

  • Implement "by date" Filter for Content Lifecycle Management


  • Require dmidecode only for SLE12 aarch64 and x86_64 (bsc#1152170)

  • Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)

  • Fix test for btrfs subvolume for new btrfs version (bsc#1151666)

  • Ensure working directory is /root during setup (bsc#1148169)

  • Dmidecode does not exist on s390x (bsc#1145119)


  • Update text and images (mu-4.0.3); many changes caused by Technical and Content Reviews.

  • Added partition permissions to Install Guide (bsc#1152735)

  • Move Disconnected Setup from Client Config to Admin Guide

  • Updated references to (was:

  • Increase default value for taskomatic to 4GB

  • Registering to proxy information in Install Guide

  • Edits to Prometheus section in Admin Guide

  • Update database migration section in Upgrade Guide

  • Update server update, upgrade, and migration chapters in Upgrade Guide

  • Update server installation and setup chapters

  • Update proxy installation and setup chapters

  • Add section about maintenance window in Admin Guide

  • Update Kubernetes chapter

  • Admin Guide: ISS: Adapt the CA path to correspond to SLES 15.1

  • Update image management

  • Update channel management screenshot in Reference

  • Update CLM

  • Provide basic documentation on foreign clients

  • Update info on mgr-sync

  • New images added to Retail Guide

  • Minor edits in Salt Guide

  • Improvements to Troubleshooting section in Admin Guide

  • Removed reference to SLP in Install Guide

  • Minor edits to SSM in Client Config Guide


  • Fix in schema migration script when recreating the 'suseUserRoleView' (bsc#1151280)

  • Fix: handle special deb package names (bsc#1150113)

  • Refactor in suseChannelUserRoleView for retrieving the parent_channel_id (bsc#1151399)

  • Add tables rhnPackageExtraTag and rhnPackageExtraTagKey

  • Allow monitoring for Ubuntu systems

  • Add new types needed for Azure, Amazon EC2 and Google CE

  • Enable provisioning for salt clients

  • Allow package changelog entries with more than 3000 characters (bsc#1144889)


  • Require pmtools only for SLE11 i586 and x86_64 (bsc#1150314)

  • Introduce dnf-susemanager-plugin for RHEL8 minions

  • Provide custom grain to report "instance id" when running on Public Cloud instances

  • Disable legacy startup events for new minions

  • Implement provisioning for salt clients

  • Dmidecode does not exist on ppc64le and s390x (bsc#1145119)

  • Update susemanager.conf to use adler32 for computing the server_id for new minions

  • SLE15SP1 client created in AWS is not matched with its profile in VHM with AmazonEC2 module (bsc#1155656)

  • Do not show errors when polling internal metadata API (bsc#1155794)


  • Ubuntu repositories released


  • New upstream version 1.2.2. Fixes:

    • OOM from a crafted Zip File in Apache Tika’s RecursiveParserWrapper (CVE-2019-10088) (bsc#1144500).

    • Denial of Service in Apache Tika’s 2003ml and 2006ml Parsers (CVE-2019-10093) (bsc#1144510).

    • StackOverflow from Crafted Package/Compressed Files in Apache Tika’s RecursiveParserWrapper (CVE-2019-10094) (bsc#1144515).


  • Add new modules to deal with Amazon EC2, Azure and Google Compute

Version 4.0.2


  • Update to version 0.1.1561374979.11123db

  • Explicitelly specify zone of the internal interface (bsc#1138586)

  • Use 'onchanges' require instead of 'wait' to clearly see when state was applied or not required to

  • Firewalld 'public' zone should be used for shared NIC (bsc#1137882)


  • Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453)

  • Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)


  • fix package dependencies to prevent file conflict (bsc#1143856)


  • Add recommends for cpu-mitigations-formula


  • Do not break repo files with multiple line values on yumpkg (bsc#1135360)

  • Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 (bsc#1147126)


  • Update to version 0.1.1564399963.cf19a13

  • Initialize filename_efi in dhcpd formula (bsc#1143204)


  • Add SNI support for clients

  • fix initialize ssl connection (bsc#1144155)

  • Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)


  • Update to version 0.1.1564399963.cf19a13

  • Fix rounding errors at the end of disk (bsc#1136857)


  • Do not overwrite comps and module data with older versions

  • Fix issue with "dists" keyword in url hostname

  • Import packages from all collections of a patch not just first one

  • Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822)

  • For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125)

  • prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889)

  • Don’t skip Deb package tags on package import (bsc#1130040)


  • Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311)


  • Set Copyright year to 2019 (bsc#1141598)

  • Remove duplicate information message when changing system properties (bsc#1111371)

  • Add missing strings for task status page


  • Run completely unattended on Ubuntu (bsc#1137881)


  • The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130)


  • Improve performance for retrieving the user permissions on channels (bsc#1140644)

  • Fix permissions of cobbler owned directories

  • Prerequire salt package to avoid not existing user issues

  • Support partly patched CVEs in CVE audit (bsc#1137229)

  • Remove duplicate information message when changing system properties (bsc#1111371)

  • Align selection column in software channel managers (bsc#1122559)

  • Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965)

  • Add caret sorting for rpm versioning

  • API Documentation: mention the shebang in the system.scheduleScriptRun doc strings (bsc#1138655)

  • For orphan contentsources, look also in susesccrepositoryauth to make sure they are not being referenced(bsc#1138275)

  • Fallback to logged-in-user org and then vendor errata when looking up erratum on cloning (bsc#1137308)

  • Add new validation to avoid creating content lifecycle projects starting with a number (bsc#1139493)

  • Allow virtualization tab for foreign systems (bsc#1116869)

  • Improve performance of 'Systems requiring reboot' page (fate#327780)

  • Allow forcing off or resetting VMs

  • Keep querystring on ListTag parent_url for actions that have the cid param (bsc#1134677)

  • Add XML-RPC API calls to manage server monitoring

  • Fix profiles package scheduling when epoch is null (bsc#1137144)

  • Fix: initialize the hibernate transaction when merging errata via XMLRPC API (bsc#1145584)

  • Fix: set install time only if there is a value (bsc#1148714)


  • Fixes SSL hostname matching (bsc#1141663)

  • Hostname-rename: change hostname in cobbler db and autoinst data

  • Adds support for Ubuntu and Debian channels to spacewalk-common-channels.


  • Redirect to first step of channel assignment after change channel submit (bsc#1137244)

  • Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965)

  • Add unsupported browser warning when using Internet Explorer

  • Allow virtualization tab for foreign systems (bsc#1116869)

  • Allow forcing off or resetting VMs

  • Fix VM creation dialog with non-default pools and networks (bsc#1138268)

  • Add checks for empty required entries on formula forms (bsc#1109639)


  • Make dmidecode part of the bootstrap repositiories (bsc#1137952)



  • Interface used for branch network on branch server is not added to internal firewall zone (bsc#1132076)

  • Increasing the maximum size allowed for configuration files (bsc#1146411)

  • Documentation: unclear how to use groups with SUMA 4 remote commands (bsc#1146443)

  • Added link to bootstrap script creation

  • Added missing zypper entity

  • Added Canonical IP safeguard

  • Update for unified proxy installer

  • lunrjs integration replaces Algolia with local search

  • Antora UI improvements

  • JeOS docs cleaned up

  • Content review and cleanup on books Administration, Installation, Salt, Retail, Client Configuration and Upgrade

  • Removed outdated command tailf

  • Added missing images

  • Improved max size for configuration files

  • Added matching salt clients by minion_id or with a wildcard

  • Clarify image store for Kiwi images

  • Public cloud doc update

  • Content lifecycle manager filter update

  • Added note about support status of IE

  • Fixed IBM Z entity render issue

  • New Salt tuning guide


  • Improve performance for retrieving the user permissions on channels (bsc#1140644)

  • Add caret sorting for rpm versioning

  • Allow repo and manifest sources with the same url

  • Drop no longer used 'allServerKeywordSinceReboot' view (fate#327780)

  • Allow forcing off or resetting VMs



  • Force VM off before deleting it (bsc#1138127)

  • Check for result of image rsync transfer to catch failures early (bsc#1104949)

  • Allow forcing off or resetting VMs

  • Make sure dmidecode is installed during bootstrap to ensure that hardware refresh works for all operating systems (bsc#1137952)

  • Fix for issue with bootstrapping RES minions (bsc#1147126)

  • Bootstrapping RES6/RHEL6/SLE11 with TLS1.2 now shows error message (bsc#1147126)

Version 4.0.1


  • Do not duplicate "https://" protocol when using proxies with "deb" repositories (bsc#1138313)

  • Fix reposync when dealing with RedHat CDN (bsc#1138358)

  • Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)


  • Change WebUI version 4.0.1


  • Updated wording for Prometheus section

  • JeOS VM update

  • Port 8050 for graphical console display

  • Content life-cycle docs are not enough for customer to understand (bsc#1137955)

  • Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857)

  • Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561)


  • Updated wording for Prometheus section

  • JeOS VM update

  • Port 8050 for graphical console display

  • Content life-cycle docs are not enough for customer to understand (bsc#1137955)

  • Salt boot formula fails for SLES11 SP3 terminal (bsc#1136857)

  • Certificate verify failed when using vmware esxi virtual host gatherer (bsc#1136561)


  • Add channel family definitions for SLES12 SP3 LTSS (bsc#1139693)

  • Add OPENSUSE to allowed channel_families to make openSUSE Leap product visible in the product list (bsc#1138364)

Major changes since SUSE Manager Server 3.2

Prometheus Monitoring

We now include packages for the latest version of Prometheus, as well as self-monitoring capabilities for SUSE Manager. The SUSE Manager Monitoring entitlement is required for all systems that have monitoring with Prometheus enabled.

Prometheus is a monitoring tool that is used to record real-time metrics in a time-series database.

For more information about Prometheus, see Prometheus in the Administration Guide.


Exporters convert existing metrics into the format Prometheus requires. We are now providing the following Prometheus Exporters as packages, for SLE12 and SLE15 as well as openSUSE Leap 15.1:

In addition we provide JMX exporter on SUSE Manager Server.

Monitoring is not yet available for other operating system platforms like Red Hat Enterprise Linux or Ubuntu.

Self-monitoring features in SUSE Manager

SUSE Manager provides metrics about its health to Prometheus. Both Server and Proxy can expose metrics. Self-monitoring can be enabled via the Web UI. For that purpose, some Prometheus exporters are pre-installed on SUSE Manager Server and Proxy.

A new formula is also included, to install and manage Node and PostgreSQL exporters on clients managed by Salt. This formula can be configured in the SUSE Manager Web UI.

Content lifecycle management

The content lifecycle management feature allows you to clone software channels through a lifecycle of several environments. You are able to create content projects, select a custom set of software channels as sources, and promote software channels through a pre-defined lifecycle of environments.

You can define filters to exclude specific packages and patches. More filters will be added in a later release.

Once you have selected your sources you can build the selected set which will populate the first environment. After the first environment is built, you can promote it through the environment lifecycle to the next environment in the loop. You can see the status of the build at any time throughout the process.

The result of the build, and the content of every environment, is a channel tree made of cloned software channels of the selected sources, to which systems can be assigned.

Virtualization management for Salt minions

The existing virtualization features have been enhanced for Salt-based systems. This is a technology preview and will require an additional Virtualization Management entitlement. Pricing will be announced soon.

Salt-based virtualization host systems can also create virtual machines using a pre-built disk image.

These features have been added:

  • Deleting virtual machines.

  • Editing virtual machines to add or remove network interfaces or disk, change CPU and memory allocation or the display type.

  • Quick update of the list and state of virtual machines.

  • Displaying virtual machines graphical display in a new tab.

Updated Documentation Structure

In this release, we have reorganized our documentation and updated our tooling to make it clearer where information is, and make it easier for you to find the content you need, when you need it.

Old Naming Format

  • Getting Started

  • Best Practices

  • Reference

  • Advanced Topics

New Naming Format

  • Installation Guide (Requirements, supported platforms, installation methods, etc)

  • Client Configuration Guide (Configuring and connecting clients to SUSE Manager)

  • Upgrade Guide (Migrate and update clients and SUSE Manager)

  • Reference Guide (Comprehensive guide to the Web UI)

  • Administration Guide (Maintenance and administration tasks in SUSE Manager)

  • Salt Guide (A comprehensive guide to Salt for system administrators)

  • Retail Guide (A guide to using SUSE Manager for Retail)

Improved logging for Salt Remote Command Page

The Salt Remote Command Page log now every command executed in a separate logfile (/var/log/rhn/rhn_salt_remote_commands.log). In addition to this, an entry in the System History is generated for every minion where the command was executed.

Salt 2019.2.0

Salt has been upgraded to the 2019.2.0 release.

We intend to regularly upgrade Salt to more recent versions.

For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.

Update of Traditional Client Tools and Package renames

The traditional Client Tools were updated to Uyuni version 4.0. This required some package renames.

Table 1. Package renames
Old Name New Name

























































Please update your bootstrap scripts, bootstrap repositories, and activation keys if any of the packages are part of them.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP1. As a result, all code was ported to run with Python 3 and OpenJDK 11.

Technical preview: Single Sign-On (SSO)

SUSE Manager supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. Mandatory requirement: an already existing and configured SAML Identity Service Provider (IdP). SUSE Manager must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.

For more on configuring SSO, see the Authentication Methods chapter in the Administration guide.

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.0 works with SUSE Manager Proxy 3.2. When upgrading, upgrade the Server first, followed by the Proxies.

For instructions on upgrading with Proxies, see the Upgrade Guide on

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.


Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 16.04 LTS and 18.04 LTS Clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide. .

Support for Debian and CentOS Clients

Debian and CentOS clients are only supported at L1 level support.

For Debian clients, SUSE Manager only offers a subset of its functionality, mostly aligned with Ubuntu. Manual bootstrapping is required at the moment.

For CentOS clients, SUSE Manager does not support certain features such as CVE Audit.

Please contact SUSE Consulting if you need additional support or features for these operating systems.


All commands need expertise to operate and can potentially create problems with your installation. The spacewalk-utils package is a packaged set of command line tools. We consider the spacewalk-utils tools valuable enough to be included, but are not able to fully support them.

These spacewalk-utils tools are fully supported:

  • spacewalk-clone-by-date

  • spacewalk-sync-setup

  • spacewalk-manage-channel-lifecycle

All other spacewalk-utils tools are supported at L1 level support only. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation.

Browser support

Microsoft Interent Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer is the only supported mechanism to install SUSE Manager. Namely, installating SUSE Manager 4.0 on top of an existing SUSE Linux Enterprise Server 15 SP1 is known to generate an incomplete installation.

If you require such a setup, please contact SUSE Consulting.

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact.


Latest product documentation:

Technical product information for SUSE Manager:

These release notes are available online:

Further information about SUSE Manager is available on the Wiki:

Visit for the latest Linux product news from SUSE.

Visit for additional information on the source code of SUSE Linux Enterprise products.

Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Mary Higgins, Sri Rasiah
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2019 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list ( All third-party trademarks are the property of their respective owners.


Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.