IBM Support

IBM Workload Scheduler Version 10.2.0 Release Notes

Release Notes


Abstract

IBM Workload Scheduler Version 10.2.0 Release Notes

Content

The Release Notes for IBM Workload Scheduler, version 10.2.0 contain the following topics:

To download the appropriate package for your operating system, see the IBM® Workload Scheduler download page.

For detailed system requirements for all supported operating systems, see the Detailed System Requirements page.

To download AI Data Advisor (AIDA), see AI Data Advisor download page.

For detailed system requirements for AI Data Advisor (AIDA), see AI Data Advisor Detailed System Requirements page.

To access the IBM Workload Scheduler documentation, see the online IBM Documentation.

A complete list of new or changed functions in this release are documented in the Summary of enhancements. More information about new features can be found on the IBM Workload Automation What's New page. See also the V10.2.0 dedicated playlist on the Workload Automation YouTube channel.

Integration plug-in expansion in the Automation Hub
Version 10.2 includes more than 100 plug-ins that are available in the Automation Hub.
The plug-ins are developed continuously to help ensure quarterly delivery, which provides agility to the IT organization.
To enable an easier installation and provide a smaller footprint for the Workload Automation components, the number of available integration plug-ins must increase constantly.
With version 10.2, most of the existing plug-ins are removed from the default installation and are available for download only on the Automation Hub.
Important information for upcoming version 10.2.3
Red Hat Enterprise Linux (RHEL) 7.9 is going out of support in June 2024. As a result, it will no longer be supported in IBM® Workload Scheduler version 10.2.3.
In version 10.2.3, master domain manager and Dynamic Workload Console will no longer be supported on AIX operating systems.

Interoperability tables

The level of support provided for the products and components listed in the interoperability tables covers all the shown versions.

In the tables in this section the following acronyms are used:

AIDA AI Data Advisor
DA IBM Workload Scheduler dynamic agent
DDM IBM Workload Scheduler dynamic domain manager or backup dynamic domain manager
DM IBM Workload Scheduler domain manager
DWC Dynamic Workload Console
FTA IBM Workload Scheduler fault-tolerant agent
MDM IBM Workload Scheduler master domain manager or backup master domain manager
ZWS Agent  IBM Z Workload Scheduler Agent

IBM Workload Scheduler: compatibility

Compatibility is supported on the latest available fix pack for each IBM Workload Scheduler release listed in the table:

MDM

DDM

DM

FTA

DA

ZWS Agent
MDM 10.2
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
9.4
DM 10.2
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
FTA 10.2
10.2, 10.1, 9.5, 9.4*
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
DA 10.2
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
DDM 10.2
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4
10.2, 10.1, 9.5, 9.4

IBM Workload Scheduler no longer supports TLS V1.0 and TLS V1.1. Only TLS V1.2 and TLS V1.3 are supported, by default  TLS V1.2 is enabled. This enhancement ensures a higher security level for SSL communication. Ensure that all agents connecting to a master domain manager version 10.2 or later use TLS 1.2 or TLS 1.3.

*Note: The composer command line of the agent at version 10.2 works correctly with master domain managers at version 9.5 and later.

If you are upgrading to version 10.2.0 from versions earlier than or equal to 9.5FP3, you have to upgrade first to 10.2 GA.
If you are upgrading to version 10.2.0 from versions later than or equal to 9.5FP4, you can perform the upgrade as usual.
 

Dynamic Workload Console: compatibility

Compatibility is supported on the latest available fix pack for each release listed in the table:

MDM
DDM
DWC 10.2
10.2, 10.1, 9.5 FP2 and later, 9.4
 10.2, 10.1, 9.5 FP2 and later

AI Data Advisor (AIDA): compatibility

Compatibility is supported on the latest available fix pack for each release listed in the table:

MDM
DDM DWC
AIDA 10.2
10.2, 10.1
 10.2, 10.1 10.2, 10.1

Compatibility scenarios and limitations

You are strongly recommended to maintain all IBM Workload Scheduler components at the latest fix pack level as regular maintenance activity. Keeping your environment consistent also ensures you can implement the new features available with each new release.

  • Depending on the WebSphere Application Server Liberty version you are using, you might encounter the problems described in the following technotes:
    Versions equal to or higher than 24.0.0.8
    See Possible IWS compatibility issues with Liberty 24.0.0.8 or higher
    Versions ranging from 24.0.0.3 to 24.0.0.8
    See Dynamic Workload Console is not able to open "Monitor Event Rules" nor "Manage workload security" with OpenID authentication
  • If you use WebSphere Application Server Liberty version 24.0.0.7 or above, add the verifyHostname="false" parameter to the ssl_config.xml file, in the twaSSLSettings section. See the following example: 

    <ssl id="twaSSLSettings" keyStoreRef="twaKeyStore" trustStoreRef="twaTrustStore" sslProtocol="TLSv1.2" clientAuthenticationSupported="true" verifyHostname="false"/>
    The file is located in<installation_directory>/usr/servers/engineServer/configDropins/overrides. This problem is solved in IBM Workload Scheduler version 10.2.3 and later.
  • Support for WebSphere Application Server Liberty Base version 25.0.0.3 will be available starting with the upcoming release of IBM Workload Scheduler version 10.2.4.

If you are upgrading from version 9.5 to version 10.2.0, you can perform both a parallel and a direct upgrade. If you are upgrading from version 9.4 to version 10.2.0, you can perform a parallel upgrade. For more information, see Upgrading from the CLI.

Note: IBM Workload Automation and IBM Workload Scheduler is deprecating its support for HP/UX agents.  HP/UX support is considered deprecated and can be removed in upcoming releases.

 Environment with agents at version 10.2 

If you are using the composer command line of the agent, the following limitation applies:
•    The composer command at version 10.2 works correctly with master domain managers at version 9.5 and later.

Environment with agents at version 9.4 and master domain managers at version 10.2

The following consideration applies:

•    After renaming resources or prompts from a master domain manager at version 10.2, you cannot reference nor use them on agents at version 9.4.

Fix packs released for this version of the product

To find the fix packs released for IBM Workload Scheduler, and the Dynamic Workload Console including links to the related readmes files, see Fix Central.


Software limitations and problems, and their workarounds

The following are software limitations and problems that might affect IBM Workload Scheduler, and their workarounds (when available):

 
Centralized update fails on FTA-only due to incorrect SSL cert folder
This issue occurs when the centralized update is performed on a FTA target with no DA installed. It happens during the download phase of the agent image that will be used for the update from MDM to FTA. The transport of the image from MDM to FTA fails due to the incorrect folder (/opt/IBM/IWS/TWSDATA/ITA/cpa/ita/cert) is being referenced on the download command. 
Solution
As a workaround, copy the TWSClientKeyStore files from /opt/IBM/IWS/TWSDATA/ssl/GSKit to 
/opt/IBM/IWS/TWSDATA/ITA/cpa/ita/cert. Then, re-run the centralized update and it will be successful.
See also table Performing the centralized agent update for more information about Centralized Agent Update support.
Mixed-version environment with a master domain manager at a version earlier than 9.5 FP4
Before you install a component at version 10.2 in an environment with a master domain manager at a version earlier than 9.5 FP4, install the fix for IJ47731 on the back-level master domain manager. To obtain the fix for your product version, contact Software Support.
Variable passing defect
During variable passing the keyword "Name" as a property key cannot be used for Jira plugin.
Reply Yes/NO not working
The actions REPLY_YES_PROMPT and REPLY_NO_PROMPT are not present for job or jobstream in objects info.
Trivy scan vulnerability 
The scan vulnerability allows an attacker to perform a DoS attack on an arbitrary server, but it is a false positive. The command line will be updated as soon as Kubernetes will release a fix.
Multiple dependencies are not added when a job stream is submitted
If you add multiple dependencies separated by a comma when submitting a job stream, dependencies are not added.
Workaround: Add each dependency separately with the follows keyword and use the semicolumn as a separator. For example:
Ocli plan submit sbs <jobstream> ; follows= <dep1> ; follows=<dep2> ; follows=<dep3>
REST API: time zone in UTC format only
When using REST API, if you run a query defining a time zone for the job in plan, the results are displayed in UTC format even if the defined value is different.
Broker resource fails
The CLI commands of broker resources do not work.
Orchestration Monitor filter on available and unavailable workstations does not work
When you perform a query of unavailable or available workstations using the "old" monitoring and the new Orchestration Monitor, the query results does not show the correct value.
IBM Workload Scheduler metrics not available
IBM Workload Scheduler metrics are not currently available. This limitation will be fixed with version 10.2.1.

You cannot install the Dynamic Workload Console using a shell in which you previously ran the twa_env command.

 This limitation is due to the twa_env command, which sets the data_dir variable to the data dir of the master domain manager.

If you need to install the master domain manager and Dynamic Workload Console on the same workstation, you can work around this limitation in one of the following ways:

- use the tws_env command instead of the twa_env command.

- specify the --data_dir parameter when running both serverinst and dwcinst commands, so that you can specify a different value for the data dir.

 If you need to install the Dynamic Workload Console with the default values (without specifying the --data_dir parameter), using a shell from which you previously installed the master domain manager, ensure that the DATA_DIR variable is not set in the shell. To verify this, run the echo $DATA_DIR command.

Upgrading to 10.1 FP1 can break the JWT functionality if custom certificates were in use

In 10.1 FP1 version, the JWT feature has been introduced. Performing an upgrade of the master domain manager to 10.1 FP1 from any previous version, can potentially cause problems with JWT functionality if the master domain manager is using custom certificates with a custom label.
When upgrading to V10.1 Fix Pack 1 or later, a number of changes are performed in the server.xml file, by introducing new multiple <jwtBuilder> and <mpJwt> elements. These elements are used by IBM Workload Scheduler for the JWT functionality, and are identified by the following comments within the server.xml file:
<!-- Starting JWT Token configuration -->
<!-- JWT configuration for DA -->
The new elements listed above identify the certificate using the server label, instead of the custom label defined in the keyName properties. This prevents WebSphere Application Server Liberty Base from signing new JWTs.

To work around this problem, perform the following steps:

  1. Update the <jwtBuilder> elements by modifying the keyAlias property to the correct value.
  2. To verify the signature of a JWT received in a connection from another entity, WebSphere Application Server Liberty Base retrieves the public information associated to the certificate from the <WA_DATA>/usr/servers/engineServer/resources/security/TWSServerTrustFile.jks file. You can find the public information in the keyName=”${mp.jwt.trust.key}” property within the <mpJwt> elements. These elements uses a variable which is declared within the new jwt_variables.xml file that appears in the overrides folder after the upgrade:

    <server description=”jwt_variables”>

         <variable name=”mp.jwt.trust.key” value=”twstrustkey”/>

    </server

  3. Here the default twstrustkey value is specified. It is required to also add the public information only of the custom certificate in the TWSServerTrustFile.jks file, under that alias (overwriting the already existing one). Alternatively, it is possible to add it as a new entry with a new label, but the jwt_variables.xml file should be updated accordingly. See https://www.ibm.com/docs/en/workload-automation/10.2.0?topic=upgrading-enabling-api-key-authentication-after for reference on this.
  4. Also the Agent must have the public information associated to the certificate used by the master when creating a new JWT. The reason for this is that also the Agent needs to verify the signature of a JWT received from the master .
    Therefore, it is required to also add the public information only of the custom certificate of the master ( the file that was added in the TWSServerTrustFile.jks file on the master ) in the TWSClientKeyStore.kdb file of the Agent.

    APARS Fixed in this release
    Table 1. APARs addressed in Version 10.2.0
    APAR ABSTRACT
    IJ31895 RESTFUL API ON POST HTTP REQUEST THE TASKSTRING AND TASKSTRINGINFO FIELDS ARE TRUNCATED
    IJ44519 ISSUE EDITING EVENT RULE
    IJ44916 IWS 9.5 FP6 APP SERVER CRASHES ON JOB STREAM SUBMIT
    IJ45502 INSTALLATION OF 10.2 WITH CUSTOM CERTIFICATES FAILS (PROVIDING INTERMEDIATE CA IN THE ADDITIONALCAS SUBFOLDER)
    IJ45889 STEPS DESCRIBED ON THE FOLLOWING TECHNOTE SHOULD BE ADDED INTO OFFICIAL DOCUMENTATION : HTTPS://WWW.IBM.COM/SUPPORT/PAGES/NODE/
    IJ46251 USERS.EXE IN IWS 10.2 FOR WINDOWS NOT BE WORKING AS EXPECTED
    IJ46607 TEST CONNECTION IS NOT WORKING FOR CYBERARK PLUGIN
    IJ46692 EVENT RULE FOR PROMPT STATUS ASKED DOES NOT TRIGGER EVENT ON AD-HOC JOB PROMPT
    IJ46850 WHEN TWS SERICES STOP ON ONE OF THE BKM'S, AND THEN ISSUE A LINK TO THAT BKM FROM THE MDM, IT UNLINKS OTHER BACKUP MASTERS AS WELL
    IJ46851 CENTRALIZED UPDATE FAILS ON FTA-ONLY DUE TO INCORRECT SSL CERT FOLDER
    IJ46960 WEBSPHERE APPLICATION SERVER LIBERTY BASE SERVICE IS NOT CREATED WHILE THE DOCUMENTATION SAYS THE OTHER WAY AROUND
    IJ46984 GARBLED COMMAND OUTPUT WHEN LANG SETTING IS JAPANESE IN TWS 10.2
    IJ47068 DOCUMENTATION ABOUT VERIFY_CN_STRING DOES NEED TO BE IMPROVED/ADJUSTED
    IJ47111 CENTRALIZED UPDATE FAILS IF WORKSTATION NAME WAS CHANGED
    IJ47146 POD LABLE IS ALWAYS REMAIN AS BACKUP MASTER
    IJ47179 WINDOWS FTA USERS IN AD/LDAP GROUPS NOT AUTHENTICATING IN SECURITY FILE

    Performing the centralized agent update

    Before performing a centralized update on fix packs or upgrade on releases on a stand-alone fault-tolerant agent to the current version, there are procedures to follow according to the version of the fault-tolerant agent from which you want to upgrade.
    Note: When upgrading a dynamic agent together with a fault-tolerant agent to the current version, if you start the upgrade from the dynamic agent there are no further steps required. The same applies when performing an upgrade of the fault-tolerant agent starting from a dynamic agent.
    The table below shows which procedure you must follow to perform the upgrade, according to the fault-tolerant agent version.
    Table 6. Steps required before performing the centralized agent update on a stand-alone fault-tolerant agent
    Stand-alone fault-tolerant agent version Required steps
    V9.4 Fix Pack 6 up to V9.5 Fix Pack 4 Apply APAR IJ33383
    V9.5 Fix Pack 4 up to V9.5 Fix Pack 6 If not already enabled, enable the use of the HTTPS protocol to connect to the event processor server. For more information about enabling enEventProcessorHttpsProtocol | eh, see Global options - detailed description
    V9.5 Fix Pack 7 No steps required.
    V10.1 up to V10.1 Fix Pack 3 If not already enabled, enable the use of the HTTPS protocol to connect to the event processor server. For more information about enabling enEventProcessorHttpsProtocol | eh, see Global options - detailed description.

    Then, from the same workstation where the fault-tolerant agent

    is installed, copy the TWSClientKeyStore files from TWA_DATA_DIR/ssl/GSKit to TWA_DATA_DIR/ITA/cpa/ita/cert.
    Note: The owner of the new TWSClientKeyStore files and the permissions granted must be the same of the existing files.
    V10.1 Fix Pack 4 If not already enabled, enable the use of the HTTPS protocol to connect to the event processor server. For more information about enabling enEventProcessorHttpsProtocol | eh, see Global options - detailed description.
    Then, search for the APAR number IJ50967 on IBM Fix Central, download the curl file and save it inside TWS/ITA/cpa/ita.
    Note: The owner of the new curl file and the permissions granted must be the same of the existing curl file.
    V10.2 If not already enabled, enable the use of the HTTPS protocol to connect to the event processor server. For more information about enabling enEventProcessorHttpsProtocol | eh, see Global options - detailed description.
    Then, search for the APAR number IJ50967 on IBM Fix Central, download the curl file and save it inside TWS/ITA/cpa/ita.
    Note: The owner of the new curl file and the permissions granted must be the same of the existing curl file.

    Documentation updates

    In the Planning and Installation manual, section Reference, add the following commands:

    uninstall
    Use this command to uninstall the File Proxy.
    fileproxystop
    Use this command to stop the File Proxy.

    The unistall command syntax is as follows:

    UNIX

    ./uninstall -inst_dir installation_directory [-lang language]

    WINDOWS

    uninstall.exe -inst_dir installation_directory [-lang language]

    where

    -inst_dir is the directory where the File Proxy is installed.

    -lang is the language in which the messages returned by the command are displayed

    The command removes all data related to the File Proxy and leaves the data_dir unchanged.

    The fileproxystop command syntax is as follows:

    UNIX

    ./fileproxystop

    WINDOWS

    fileproxystop.exe

    In the Planning and Installation manual, section Reference, File Proxy installation - fileproxyinst script topic, note that the following parameters are required, even though they are documented as optional:

    inst_dir
    acceptlicense

    All other updates to the IBM Workload Scheduler documentation that are required for version 10.2.0 are included in the editions of the publications in online IBM Documentation.

     

    Support statements about IBM Workload Scheduler containers on Amazon Elastic Container Service (ECS)

    Users are not entitled to open a case if the issue is related to the configuration and deployment of IBM Workload Scheduler containers on Amazon ECS.

    If an issue occurs on IBM Workload Scheduler at running time, users can open a case only if all these conditions are met:

    • The user has a container started
    • IBM Workload Scheduler is running
    • The user can restart the container inside Amazon ECS

    If support believes that a user issue is generated by container deployment, support can ask the customer to reproduce the issue in an officially supported environment.

    Top

    © Copyright International Business Machines Corporation 2006, 2016. All rights reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

    © Copyright HCL Technologies Limited 2016, 2023.

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m0z000000GnQ9AAK","label":"Components-\u003EMDM"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"10.1.0"}]

Document Information

Modified date:
29 April 2025

UID

ibm17002377

Page Feedback