SUSE Linux Enterprise Micro 5.3
Release Notes #
Abstract#
SUSE Linux Enterprise Micro is a modern operating system primarily targeted for edge computing. This document provides a high-level overview of features, capabilities, and limitations of SUSE Linux Enterprise Micro 5.3.
This product will be released in TBD. The latest version of these release notes is always available at https://www.suse.com/releasenotes. Drafts of the general documentation can be found at https://susedoc.github.io/doc-sle/main.
- 1 SUSE Linux Enterprise Micro
- 2 About the release notes
- 3 Changes affecting all architectures
- 4 General features and fixes
- 4.1 Installation media
- 4.2 NetworkManager
- 4.3 Cockpit web-based node management system
- 4.4 Managing SUSE Linux Enterprise Micro with SUSE Manager
- 4.5 Enabling SELinux Enforcing Mode
- 4.6 Change of the internal identifier of the product
- 4.7
toolbox
container - 4.8 Kernel Live Patching
- 4.9 User Space Live Patching
- 4.10 Intel Secure Device Onboard (SDO)
- 4.11 System V init scripts
- 4.12 Rename of the
microos-sssd_ldap
pattern
- 5 Installing SUSE Linux Enterprise Micro
- 6 Known issues
- 7 Obtaining source code
- 8 Legal notices
1 SUSE Linux Enterprise Micro #
SUSE Linux Enterprise Micro 5.3 is a modern operating system primarily targeted for edge computing.
1.1 Documentation and other information #
1.1.1 Available on the product media #
Read the READMEs on the media.
Get the detailed change log information about a particular package from the RPM (where
FILENAME.rpm
is the name of the RPM):rpm --changelog -qp FILENAME.rpm
Check the
ChangeLog
file in the top level of the installation medium for a chronological log of all changes made to the updated packages.Find more information in the
docu
directory of the installation medium of SUSE Linux Enterprise Micro 5.3. This directory includes PDF versions of the SUSE Linux Enterprise Micro 5.3 Installation Quick Start Guide.
1.1.2 Online documentation #
For the most up-to-date version of the documentation for SUSE Linux Enterprise Micro 5.3, see https://susedoc.github.io/doc-sle/main (draft version).
Find a collection of White Papers in the SUSE Linux Enterprise Micro Resource Library at https://www.suse.com/products/server#resources.
1.2 Support and life cycle #
SUSE Linux Enterprise Micro is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.
SUSE Linux Enterprise Micro 5.3 has a 4-year life cycle. For more information, see https://www.suse.com/lifecycle and the Support Policy page at https://www.suse.com/support/policy.html.
1.3 Product Certifications #
SUSE Linux Enterprise Micro is built upon the SUSE Linux Enterprise Server 15 SP4 code base. As such, it inherits the hardware certification from SUSE Linux Enterprise Server 15 SP4.
2 About the release notes #
These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.
Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.
Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.
However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.
3 Changes affecting all architectures #
Information in this section applies to all architectures supported by SUSE Linux Enterprise Micro 5.3.
4 General features and fixes #
Information in this section applies to all architectures supported by SUSE Linux Enterprise Micro 5.3.
4.1 Installation media #
There are two types of installation media of SUSE Linux Enterprise Micro.
The installer ISO allows to install via YaST or AutoYaST, with the possibility to fully customize the installation.
The pre-built images contain a system image already pre-configured.
Neither of the media is intended to be used for upgrades from the previous version of SUSE Linux Enterprise Micro.
To upgrade from the previous version, use the transactional-update
command.
There are the following differences between these two types:
the software selection for the default installation from the ISO contains fewer packages than the pre-built image
firewalld
is only installed from the ISO if the firewall is enabled during installation
In both types of the installation media firewalld
is disabled by default.
4.2 NetworkManager #
With SUSE Linux Enterprise Micro 5.3, the default network management stack has changed from Wicked to NetworkManager. The raw images are configured to use NetworkManager. The YaST installer defaults to NetworkManager but allows users to choose the network management stack. After upgrading from previous versions, Wicked remains in use. Wicked is still fully supported but will be deprecated and removed in a future version.
4.3 Cockpit web-based node management system #
For web-based management of a single node, Cockpit is included. For details, refer to https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-cockpit.
There have been new Cockpit modules added to the product. Due to the amount of dependencies, not all of the Cockpit modules are part of the raw images and some have to be installed additionally.
When enabling firewall via the Cockpit user interface, be aware that your connection to the host may be interrupted unless the Cockpit port is configured to be open in advance.
The new SELinux module for Cockpit provides basic functionality for users to troubleshoot their configuration.
Functionality will be extended with the introduction of the setroubleshoot-server
package in a future SUSE Linux Enterprise Micro release.
4.4 Managing SUSE Linux Enterprise Micro with SUSE Manager #
SUSE Manager can be used to manage SUSE Linux Enterprise Micro hosts. There are certain limitations:
SUSE Linux Enterprise Micro host cannot be monitored with SUSE Manager
SUSE Manager does not provide integrated container management yet. As a workaround, you can use Salt via
cmd.run podman
.SUSE Manager can manage the SUSE Linux Enterprise Micro hosts ony with the Salt stack; the traditional stack is not supported
Ansible control node cannot be instaled on SUSE Linux Enterprise Micro
We intend to resolve these issues in the future maintenance updates of SUSE Linux Enterprise Micro on SUSE Manager.
4.5 Enabling SELinux Enforcing Mode #
SUSE Linux Enterprise Micro includes SELinux with base system policies. By default, SELinux is enabled in the permissive mode in both the ISO installer and the pre-built images. The permissive mode does not enforce any restrictions but rather enables additional logging options.
To protect the system with SELinux, you need to enable the SELinux enforcing mode. Before doing so, make sure to install the necessary policies for your workload. For detailed information on SELinux modes and policies, refer to the Security Guide at https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/article-selinux.html.
If you are running SUSE Linux Enterprise Micro as KVM virtualization host, the use of SELinux in enforcing mode is strongly discouraged and not supported.
4.6 Change of the internal identifier of the product #
The internal identifier of the product has changed from SUSE-MicroOS
to SLE-Micro
in order to have the internal identifier name consistent with the user-visible name of the product.
Your AutoYaST profile may need updating.
4.7 toolbox
container #
SUSE Linux Enterprise Micro provides the toolbox
container.
However, it is not part of the media and needs to be downloaded from https://registry.suse.com.
To download from the registry, the system needs network access.
For details refer to https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-toolbox.
The toolbox
container does not include or inherit a software repository setup from the underlying system.
If the underlying system is registered properly, zypper
will enable a basic set of repositories (Basesystem
and Server Applications
modules of SUSE Linux Enterprise Server 15 SP3) when you execute zypper
inside the toolbox container.
Then you can install additional software into the container.
4.8 Kernel Live Patching #
SUSE Linux Enterprise Micro supports Kernel Live Patching, for details refer to https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/cha-images-procedure.html#sec-slemicro-live-patching.
Note that kernel live patching is only available for the x86-64 and s390x architectures. It is also not available for the real-time kernel.
4.9 User Space Live Patching #
The User Space Live Patching is available for SUSE Linux Enterprise Micro as a technology preview.
When applying user space live patches on the system, running process will get live patched. Due to the immutable nature of SUSE Linux Enterprise Micro, the underlying filesystem cannot be changed during runtime. Processes started after the live patch is applied to the system will still be vulnerable. Full application of the patches to SUSE Linux Enterprise Micro requires a reboot of the system.
4.10 Intel Secure Device Onboard (SDO) #
SUSE Linux Enterprise Micro includes needed packages for Intel Secure Device Onboard. Intel Secure Device Onboard helps onboard any device to any device management system. With this release, the SDO client has been replaced with FDO client, which is a portable implementation of the FIDO Device Onboard Spec. The packages are only provided as a technology preview and do not offer full support. Using Intel Secure Device Onboard needs proper integration into your target environment and only works on supported hardware.
4.11 System V init scripts #
SUSE Linux Enterprise Micro does not support init script of system services, which are usually located in /etc/init.d
directory.
Even if this directory still exists, it is empty on purpose.
systemd unit files should be used instead of initscripts.
To start system services or to configure their status on boot, use the systemctl
command instead.
4.12 Rename of the microos-sssd_ldap
pattern #
Compared to version 5.1, the microos_sssd_ldap
pattern has been renamed to microos-sssd_ldap
(the first underscore has been replaced with a dash).
This new name is consistent with other pattern names.
Note that your AutoYaST profile may need updating.
5 Installing SUSE Linux Enterprise Micro #
SUSE Linux Enterprise Micro 5.3 can be installed in the following ways:
5.1 Manually installing with YaST #
The installation workflow for manual installation is described in https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/part-manual-installation.html.
5.2 Unattended installation with AutoYaST #
Installing SUSE Linux Enterprise Micro with AutoYaST is described in https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/book-autoyast.html.
5.3 Unattended installation with Yomi (technology preview) #
To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi. Installation with Yomi is a technology preview.
5.4 Deploying pre-built images #
SUSE Linux Enterprise Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. SUSE Linux Enterprise Micro is also provided as images for specific hardware device with a customized software selection.
For a procedure of deploying an image refer to https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/part-raw-image.html
5.5 Upgrade from previous version #
Upgrade from SLE Micro 5.2 is only possible via the transactional-update
tool.
For the upgrade procedure, refer to https://documentation.suse.com/sle-micro/5.2/html/SLE-Micro-all/book-upgrade.html.
6 Known issues #
6.1 Error on console while booting with SELinux enabled #
When booting the system with SELinux enabled, the console reports:
Failed to transition into init label 'system_u:system_r:init_t:s0'
This message is harmless.
6.2 Podman and firewalld
#
When reloading firewalld
via firewall-cmd --reload
, all Podman-related rules go missing.
For this reason, firewalld
is not enabled by default during installation.
For more information, see https://github.com/containers/podman/issues/5431.
6.3 Pre-built images report two IP addresses on first boot #
When booting the pre-built images the first time, two IP addresses may be reported by the ip a
command or other tools.
This issue only happens on the first boot of the image, on the following boots only a single IP address is assigned to the network interface.
6.4 VNC package cannot be installed during installation #
The YaST installer offers installation via VNC. The installer also tries to make it possible to use the final system the same way that the system was initially installed. Therefore, the installer will attempt to install appropriate software and open appropriate firewall ports for later access to the system. However, the VNC server package is only available during the installation, but not for the installed system.
As the VNC server package cannot be installed, the installer will issue a warning. You can safely ignore this warning.
6.5 AppArmor error messages in log after upgrade #
SLE Micro supports SELinux as the security framework, however, some AppArmor packages are still included because of package dependencies.
Since they have been reduced since SLE Micro 5.1, it may happen that there are error messages showing in the system journal after upgrade.
If this happens, make sure that the apparmor.service
service is not enabled in your system.
7 Obtaining source code #
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/download/sle-micro/ on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.
8 Legal notices #
SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Refer to https://www.suse.com/company/legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2021-2022 SUSE LLC.
This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see the SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.