Release Notes for SUSE Linux Enterprise Server 11

Version 11.0.0.32, 2009-11-06

Abstract

These release notes are generic for all products that are part of our SUSE Linux Enterprise Server 11 product line. Some parts may not apply to a particular architecture or product. Where this is not obvious, the specific architectures or products are explicitly listed.

Startup and Deployment Guides can be found in the docu directory on the media. Documentation (if installed) can also be found below the /usr/share/doc/ directoy in an installed system.

This Novell product includes materials licensed to Novell under the GNU General Public License (GPL). The GPL requires that Novell makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.novell.com/linux/source/. Also, for up to three years from Novell's distribution of the Novell product, upon request Novell will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@novell.com or as otherwise instructed at http://www.novell.com/linux/source/. Novell may charge a fee to recover its reasonable costs of distribution.


1. SUSE Linux Enterprise Server
2. Installation
3. Features and Versions
3.1. Linux Kernel and Toolchain
3.2. Server
3.3. Desktop
3.4. Security
3.5. Network
3.6. Systems Management
3.7. Resource Management
3.8. Other
3.9. System z
4. Support Statement for SUSE Linux Enterprise Server
4.1. General Support Statement
4.2. Software which needs specific contracts
4.3. Technology Previews
5. Software Development Kit
6. Update-Related Notes
7. Deprecated Functionality
8. Infrastructure, Package and Architecture specific Information
8.1. Systems Management
8.2. Performance related Information
8.3. Storage
8.4. Architecture independent Information
8.4.1. Changes in packaging and delivery
8.4.2. Security
8.4.3. Networking
8.4.4. Cross architecture information
8.5. AMD64/Intel64 64-bit (x86_64) and Intel/AMD 32-bit (x86) specific Information
8.5.1. System and vendor specific information
8.5.2. Virtualization
8.6. Intel Itanium (ia64) specific Information
8.7. POWER (ppc64) specific Information
8.8. System z (s390x) specific Information
9. Technical Information
9.1. Kernel Limits
9.2. Xen Limits
9.3. Filesystems
9.4. Kernel Modules
9.5. IPv6 Implementation and Compliance
9.6. Other technical information
10. Documentation and other information

Chapter 1. SUSE Linux Enterprise Server

SUSE Linux Enterprise Server is a highly reliable, scalable, and secure server operating system, built to power mission-critical workloads in both physical and virtual environments. It is an affordable, interoperable, and manageable open source foundation. With it, enterprises can cost-effectively deliver core business services, enable secure networks, and simplify the management of their heterogeneous IT infrastructure, maximizing efficiency and value.

The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux Enterprise Server is optimized to deliver high-performance mission-critical services, as well as edge of network, and web infrastructure workloads.

Designed for interoperability, SUSE Linux Enterprise Server supports open standard CIM interfaces and can be managed by any management solution utilizing CIM.

This modular, general purpose operating system runs on five processor architectures and is available with optional extensions that provide advanced capabilities for real time computing, high availability clustering, and running .NET applications on Linux.

SUSE Linux Enterprise Server is optimized to run as a high performance guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription, making it the perfect guest operating system for virtual computing.

SUSE Linux Enterprise Server is backed by award-winning support from Novell, an established technology leader with a proven history of delivering enterprise-quality support services.

Chapter 2. Installation

  • SUSE Linux Enterprise Server can be deployed in three ways:

    • Physical Machine

    • Virtual Host

    • Virtual Machine in paravirtualized environments

  • CJK Languages Support in Text-Mode Installation

    CJK (Chinese, Japanese, and Korean) languages do not work properly during text-mode installation if framebuffer is not used (TextMode selected in boot loader).

    There are three alternatives to resolve this issue:

    1. Use English or some other non-CJK language for installation and then switch to the CJK language later on a running system using YaST -> System -> Language.

    2. Use your CJK language during installation, but do not choose TextMode in boot loader using <F3>. Select one of the other VGA modes instead. Select the CJK language of your choice using <F2>, add "textmode=1" to the boot loader command-line and start Installation.

    3. Use graphical installation (or install over SSH or VNC).

  • Installation using Persistent Device names

    The installer uses persistent device names by default. If you plan to add additional storage devices to your system after the OS installation, we strongly recommend you use persistent device names for all storage devices.

    To switch to persistent device names on a system that has already been installed, , use the YaST2 partitioner. For each partition, select "Edit" and go to the "FStab Options" dialog. Any mount option except "Device name" provides you persistent device names. In addition, rerun the boot loader module in YaST to switch the bootloader to using the persistent device name. Just start the module and select "Finish" to write the new proposed configuration to disk. This needs to be done before adding new storage devices.

    For further information please visit http://en.opensuse.org/Persistant_Storage_Device_Names.

  • Using qla3xxx and qla4xxx drivers at the same time

    QLogic iSCSI Expansion Card for IBM BladeCenter provides both Ethernet and iSCSI functions. Some parts on the card are shared by both functions. The current qla3xxx (Ethernet) and qla4xxx (iSCSI) drivers support Ethernet and iSCSI function individually. They do not support using both functions at the same time. Using both Ethernet and iSCSI functions at the same time may hang the device and cause data loss and filesystem corruptions on iSCSI devices, or network disruptions on Ethernet.

    Boot the installation with brokenmodules=qla3xxx or brokenmodules=qla4xxx to prevent one of the drivers from loading.

  • Using iSCSI Disks When Installing

    To use iSCSI disks during installation it is necessary to add the following parameter to the boot option line: withiscsi=1

    During installation an additional screen appears that provides the option to attach iSCSI disks to the system and use them in the installation process.

    Booting from an iSCSI server on i386, x86_64 and ppc64 is supported, when iSCSI enabled firmware is used.

  • Using EDD Information for Storage Device Identification

    EDD information (/sys/firmware/edd/<device>) to identify your storage devices are used by default. To disable this, change the installer default settings using an additional kernel parameter.

    EDD Requirements:

    • BIOS provides full EDD information (found in /sys/firmware/edd/<device>)

    • Disks are signed with a unique MBR signature (found in /sys/firmware/edd/<device>/mbr_signature)

    Procedure:

    • Add parameter edd=off to the kernel parameters to disable EDD.

  • Automatic installation with AutoYaST in an LPAR (System z)

    For automatic installation with AutoYaST in an LPAR,it is required that the parmfile used for such an installation has blank characters at the beginning and at the end of each line (the first line need not start with a blank). The number of characters in one line should not exceed 80 characters.

  • Adding DASD or zFCP disks during installation (System z)

    Adding of DASD or zFCP disks is not only possible during the installation workflow, but also when the installation proposal is shown. To add disks at this stage, please click on the "Expert" tab and scroll down. There the DASD and/or zFCP entry is shown. These added disks are not shown in the partitioner automatically. To make the disks visible in the partitioner, you have to click on the expert label and select "reread partition table". This may reset any previously entered information.

  • Network installation via eHEA on POWER

    If network installation via the IBM eHEA Ethernet Adapter on POWER systems is desired, no huge (16GB) pages may be assigned to the partition during installation.

For more "Infrastructure, Package and Architecture specific Information", please see the respective chapter below.

Chapter 3. Features and Versions

3.1. Linux Kernel and Toolchain

  • GCC 4.3.2

  • glibc 2.9

  • Linux kernel 2.6.27

  • perl 5.10

  • php 5.2.6

  • python 2.6.0

  • ruby 1.8.7

3.2. Server

Note: version numbers do not necessarily give the final patch- and security-status of an application, as Novell may have added additional patches to the specific version of an application.

  • Apache 2.2.10 - Webserver

  • Bind 9.5.0P2 - The Bind Domain Name Server

  • Samba 3.2.5

3.3. Desktop

  • GNOME 2.24

    GNOME was updated to the latest version and uses PulseAudio for sound.

  • KDE 4.1

    KDE was updated to the latest 4.1.3 version.

  • X.org 7.4

3.4. Security

  • PAM configuration

    The common PAM configuration files (/etc/pam.d/common-*) are now created and managed with pam-config.

  • Basic SELinux enablement

    In addition to AppArmor, SELinux capabilities were added to SUSE Linux Enterprise Server. While it is not enabled by default, and not supported, this will allow customers to enable and run SELinux with SUSE Linux Enterprise Server if they want to do so.

    What does SELinux basic enablement mean?

    • The kernel will ship with SELinux support.

    • We will apply SELinux patches to all “common” userland packages.

    • The libraries required for SELinux (libselinux, libsepol, libsemanage, etc.) were added to openSUSE and SUSE Linux Enterprise.

    • However, we are not offering enterprise class support for SELinux at this time; thus we will run QA with SELinux disabled – to make sure that SELinux patches don’t break the default delivery and the majority of packages.

    • The SELinux specific tools are shipped as part of the default distribution delivery. However, packages such as checkpolicy, policycoreutils, selinux-doc are not supported.

    • We will not be shipping any SELinux policies in the distribution. (Reference and minimal policies may be available from the repositories at some future point.)

    By enabling SELinux in our codebase, we add missing pieces of code that exist in the community already, and we allow those who wish to use SELinux to do so conveniently without having to replace a big portion of the distribution.

  • Enablement for TPM/Trusted Computing

    SUSE Linux Enterprise Server 11 comes with support for Trusted Computing technology. To enable your system's TPM chip, make sure that the "security chip" option in your BIOS is selected. TPM support is entirely passive, meaning that measurements are being performed, but no action is taken based on any TPM-related activity. TPM chips manufactured by Infineon, NSC and Atmel are supported, in addition to the virtual TPM device for Xen.

    • The corresponding kernel drivers are not loaded automatically - please enter: find /lib/modules -type f -name "tpm*.ko" and load the kernel modules for your system manually or via MODULES_LOADED_ON_BOOT in /etc/sysconfig/kernel.

    • If your TPM chip with taken ownership is configured in Linux and available for use, you may read PCRs from /sys/devices/*/*/pcrs .

    • The tpm-tools package contains utilities to administer your TPM chip, and the trousers package provides "tcsd" - the daemon that allows userland programs to communicate with the TPM driver in the Linux kernel. Tcsd can be enabled as a service for the runlevels of your choice.

    • To implement a trusted ("measured") boot path, please use the package trustedgrub instead of the grub package as your bootloader. The trustedgrub bootloader does not display any graphical representation of a boot menu for informational reasons.

3.5. Network

  • IPv6 Improvements

    SUSE Linux Enterprise Server can be installed in an IPv6 environment and run IPv6 applications. When installing via network, don't forget to boot with "ipv6=1" (accept v4 and v6) or "ipv6only=1" (only v6) on the kernel command line. Please see the Deployment Guide for additional details. See also "IPv6 Implementation and Compliance" below.

  • 10G networking capabilities

  • OFED 1.4

  • traceroute 1.2

    Support for traceroute over TCP

  • Open-FCoE

    Open-FCoE is an implementation of the Fibre Channel over Ethernet working draft. Fibre Channel over Ethernet is the encapsulation of Fibre Channel frames in Ethernet packets. It allows users with a FCF (Fibre Channel over Ethernet Forwarder) to access their existing Fibre Channel storage using an Ethernet adapter. When leveraging DCB's PFC technology to provide a loss-less environment, Open-FCoE can run SAN and LAN traffic over the same link.

  • Data Center Bridging (DCB)

    Data Center Bridging (DCB) is a collection of Ethernet enhancements designed to allow network traffic with differing requirements (e.g., highly reliable, no drops vs. best effort vs. low latency) to operate and co-exist on Ethernet. Current DCB features are:

    • Enhanced Transmission Selection (aka Priority Grouping) to provide a framework for assigning bandwidth guarantees to traffic classes.

    • Priority-based Flow Control (PFC) provides a flow control mechanism which can work independently for each 802.1p priority.

    • Congestion Notification provides a mechanism for end-to-end congestion control for protocols which do not have built-in congestion management.

3.6. Systems Management

  • Improved update stack

    SUSE Linux Enterprise Server 11 comes with an improved update stack and a new command line tool - zypper - to manage the repositories and install/update packages.

  • Enhanced YaST partitioner

  • Extended built-in management infrastructure

    CIM enablement with SFCB CIMOM.

  • Support for Web Services for Management (WS-Management)

    The WS-Management protocol is supported via the openwsman project, providing client (package: openwsman-client) and server (package: openwsman-server) implementations. This allows for interoperable management with Windows winrm stack.

3.7. Resource Management

  • Kernel Resource Management

    cgroups (Control groups, replaces and enhances CKRM from SUSE Linux Enterprise Server 9), with fine-grained control of CPU, Memory and Devices.

  • Added Novell developed, open source 'cpuset' command-line tool.

3.8. Other

3.9. System z

More information can be found under http://www.ibm.com/developerworks/linux/linux390/documentation_novell_suse.html

  • Hardware

    • Improved handling dynamic subchannel mapping

    • Multipath IPL (IPL through IFCC)

    • Decimal Floating Point and z10 instructions support

    • Standby CPU activation/deactivation

    • Vertical CPU Management

    • Standby memory add via sclp

  • z/VM

    • Dynamic memory attach/detach (req. z/VM 5.4)

    • Exploitation of DCSS above 2G (req. z/VM 5.4)

    • Extra kernel parameter via VMPARM

    • Provide CMS script for initial SUSE Linux Enterprise Server 11 intallation under z/VM

  • Storage

    • FICON Hyper PAV exploitation

    • FCP Automatic port discovery

    • FCP LUN discovery tool

    • Updated FCP HBA API

  • Network

    • Installation support on 2nd Ports with OSA Express-3 (with 2 port per CHPID=4 Ports)

    • HiperSocket Layer3 support for Ipv6 (for z/OS communication)

    • CTCMPC merge into CTC driver: ctcm

  • Security

    • Exploitation of Long Random Numbers

    • New HW Crypto Cards enablement

  • RAS

    • Call Home Data support (sclp cpi sysfs interface and service)

    • Kernel Message Catalog

    • Shutdown actions interface and tools

    • Large image dump on DASD

    • FCP enhanced trace facility

    • FCP Performance Data Collection

  • Web 2.0 Open Source Stack in SUSE Linux Enterprise Software Development Kit

  • Functionality implemented in SUSE Linux Enterprise Server 11 (and SUSE Linux Enterprise Server 10 Service Pack 2.)

    • AF_IUCV Support

    • Provide Linux filesystem data into z/VM monitor stream

    • Provide Linux process data into z/VM monitor stream

    • System z support for processor degradation

    • In-Kernel crypto exploitation of new CP Assist functions

    • Linux CPU Node Affinity

    • Support for OSA 2 Ports per CHPID

    • cpuplugd to automatic adapt CPU and/or memory

    • Dynamic CHPID reconfiguration via SCLP - tools

    • skb scatter-gather support for large incoming messages - QETH Exploitation

    • Support for HiperSockets in Layer 2 mode (with IPv4 and IPv6)

Chapter 4. Support Statement for SUSE Linux Enterprise Server

To receive support, customers need an appropriate subscription with Novell; for more information, please see: http://www.novell.com/products/server/services_support.html.

4.1. General Support Statement

The following definitions apply:

  • L1: Installation and problem determination, which means technical support designed to provide compatibility information, installation configuration assistance, usage support, on-going maintenance and basic troubleshooting. Level 1 Support is not intended to correct product defect errors.

  • L2: Reproduction of problem isolation, which means technical support designed to duplicate customer problems, isolate problem area and potential issues, and provide resolution for problems not resolved by Level 1 Support.

  • L3: Code debugging and problem resolution, which means technical support designed to resolve complex problems by engaging engineering in patch provision, and resolution of product defects which have been identified by Level 2 Support.

For contracted customers and partners, SUSE Linux Enterprise Server 11 will be delivered with L3 support for all packages, except the following:

  • Technology Previews and SELinux Basic Enablement

  • Sounds, Graphics, Fonts and Artwork

  • Packages, which require an additional customer contract

  • Packages on the Software Development Kit (SDK)

Novell will only support the usage of original (e.g., unchanged or un-recompiled) packages.

4.2. Software which needs specific contracts

The following packages require additional support contracts to be obtained by the customer, in order to receive full support.

  • BEA Java (Itanium only)

  • MySQL Database

  • PostGreSQL Database

  • WebSphere CE Application Server

4.3. Technology Previews

Technology Previews are not supported or only supported minimally. These features are mainly included for customer convenience. They may be functionally incomplete, instable or in other ways not suitable for production use.

  • Hot-Add of Memory

    Hot-Add-memory is currently only supported on the following hardware:

    • IBM eServer xSeries x260, single node x460, x3800, x3850, single node x3950

    • certified systems based on recent Intel Xeon Architecture

    • certified systems based on recent Intel IPF Architecture

    • all IBM System p servers with POWER5 or POWER6 processor and recent firmware

    If your specific machine is not listed, please call Novell support to confirm whether or not your machine has been successfully tested. Also, please regulary check our maintenance update information, which will explicitly mention the general availability of this feature.

    Restriction on using IBM eHCA InfiniBand adapters in conjunction with Hot-Add of Memory on IBM System p:

    The current eHCA Device Driver will prevent dynamic memory operations on a partition as long as the driver is loaded. If the driver is unloaded prior to the operation and then loaded again afterwards, adapter initialization may fail. A Partition Shutdown / Activate sequence on the HMC may be needed to recover from this situation.

  • Internet Storage Naming Service (iSNS)

    The Internet Storage Naming Service (iSNS) package is by design suitable for secure internal networks only. Novell will continue to work with the community on improving security on this.

  • Linux Filesystem Capabilities

    Our kernel is compiled with support for Linux Filesystem Capabilities. This is disabled per default and can be enabled by adding file_caps=1 as kernel boot option.

  • eCryptfs Filesystem

    The eCryptfs kernel modules and the ecryptfs-utils package shipped with SUSE Linux Enterprise Server 11 are a preview of a stacked cryptographic filesystem for Linux.

  • Ext4 Filesystem

    The Ext4 kernel modules and userland tools shipped with SUSE Linux Enterprise Server 11 are a preview of a new filesystem for Linux.

  • PerfMon2

    The PerfMon2 kernel modules and userland tools shipped with SUSE Linux Enterprise Server 11 are a preview of a performance monitoring tool for Linux. It will be replaced with a successor if accepted and integrated into the official Kernel.

  • KVM

    SUSE Linux Enterprise Server 11 contains KVM as an additional virtualization solution. It is not supported by Novell, but an area of interest for future development and deliveries.

  • puppet

    The puppet tools shipped with SUSE Linux Enterprise Server 11 are a Technology Preview.

  • biosdevname

    biosdevname in its simplest form takes a kernel name as an argument, and returns the BIOS-given name it "should" be. This is necessary on systems where the BIOS name for a given device (e.g., the label on the chassis is "Gb1") doesn't map directly and obviously to the kernel name (e.g., eth0).

  • Read-Only Root Filesystem

    It is possible to run SUSE Linux Enterprise Server 11 on a read-only root filesystem. Due to the large number of possible configurations, this is currently not a supported scenario.

    The /tmp and /var/tmp directories need to be on a separate partition and cannot be mounted read-only.

    After the installation has finished and all services are configured, login as root and do the following modifications:

    Modify /etc/fstab and add "ro" to the mount options of the root filesystem entry.

       rm /etc/mtab
       ln -s /proc/mounts /etc/mtab
       mkdir /var/lib/hwclock
       mv /etc/adjtime /var/lib/hwclock
       ln -s /var/lib/hwclock/adjtime /etc/adjtime
       # the following two steps are only necessary if you use dhcp:
       mv /etc/resolv.conf /var/lib/misc/
       ln -s /var/lib/misc/resolv.conf /etc/resolv.conf
       # Now mount root filesystem read-only and reboot
       mount -o remount,ro /
       reboot
       

Chapter 5. Software Development Kit

Novell provides a Software Development Kit (SDK) for SUSE Linux Enterprise 11. This SDK contains libraries, development-environments and tools along the following patterns:

  • C/C++ Development

  • Certification

  • Documentation Tools

  • GNOME Development

  • Java Development

  • KDE Development

  • Linux Kernel Development

  • Programming Libraries

  • .NET Development

  • Miscellaneous

  • Perl Development

  • Python Development

  • Qt 4 Development

  • Ruby on Rails Development

  • Ruby Development

  • Version Control Systems

  • Web Development

  • YaST Development

Chapter 6. Update-Related Notes

This section includes update-related information for this release:

  • Migration is supported from SUSE Linux Enterprise Server 10 SP2 via bootable media (incl. PXE boot).

  • Kernel split in different packages

    With SUSE Linux Enterprise Server 11 the kernel RPMs are split in different parts:

    • kernel-flavor-base

      Very reduced hardware support, intended to be used in virtual machine images.

    • kernel-flavor

      Extends the base package; contains all supported kernel modules.

    • kernel-flavor-extra

      All other kernel modules which may be useful, but which are not supported. This package will not be installed by default.

  • Tickless Idle

    SUSE Linux Enterprise Server uses tickless timers. This can be disabled by adding nohz=off as a boot option.

  • Development Packages

    SUSE Linux Enterprise Server will no longer contain any development packages, with the exception of some core development packages necessary to compile kernel modules. Development packages are available in the SUSE Linux Enterprise Software Development Kit.

  • Displaying manual pages with the same name

    The man command now asks which manual page the user wants to see if manual pages with the same name exist in different sections. The user is expected to type the section number to make this manual page visible.

    If you want to revert back to the previously used method, please set MAN_POSIXLY_CORRECT=1 in a shell initialization file such as ~/.bashrc.

  • YaST LDAP Server no longer using /etc/openldap/slapd.conf

    The YaST LDAP Server module no longer stores the configuration of the LDAP Server in the file /etc/openldap/slapd.conf. It uses OpenLDAP's dynamic configuration backend, which stores the configuration in an LDAP database it self. That database consists of a set of .ldif files in the directory /etc/openldap/slapd.d. You should - usually - not need to access those files directly. To access the configuration you can either use the yast2-ldap-server module or any capable LDAP client (e.g., ldapmodify, ldapsearch, etc.). For details on the dynamic configuration of OpenLDAP, please look at the OpenLDAP Administration Guide.

  • Novell AppArmor

    This release of SUSE Linux Enterprise Server ships with Novell AppArmor. The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see the documentation in /usr/share/doc/packages/apparmor-docs.

    The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users may find our profiles too restrictive for their environments.

    If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. Place all your profiles into learning mode with the following: aa-complain /etc/apparmor.d/*

    When a program generates many complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.

  • Updates with alternative Bootloader Programs (non-Linux)

    Updating from SUSE Linux Enterprise Server 10 SP2 in a system where alternative bootloaders (not grub) are installed in the MBR (Master Boot Record) might override the MBR and place grub as the primary bootloader into the system.

    We propose doing a fresh installation in this case. Don't forget to backup your data!

    Tip

    It is always a good plan to keep data separated from the system software. In other words, /home, /srv, ... and other volumes containing data should be on a separate partition, volume group or logical volume. The YaST partitioning module will propose doing this.

  • Upgrading MySQL to SUSE Linux Enterprise Server 11

    During the upgrade to SUSE Linux Enterprise Server 11 MySQL is also upgraded to the latest version. To complete this migration you may have to upgrade your data as described in the MySQL documentation.

  • Fine-Tuning Firewall Settings

    SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. This also interferes with network browsing and multicast applications, such as SLP and Samba ("Network Neighborhood"). You can fine-tune the firewall settings using YaST.

  • Upgrading from SUSE Linux Enterprise Server 10 SP2 to SUSE Linux Enterprise Server 11 with the Xen Hypervisor may have incorrect network configuration

    We have improved the network configuration from SUSE Linux Enterprise Server 10 to SUSE Linux Enterprise Server 11: If you install SUSE Linux Enterprise Server 11 and configure Xen, you get a bridged setup through YaST. However, if you upgrade from SUSE Linux Enterprise Server 10 SP2 to SUSE Linux Enterprise Server 11, the upgrade does not configure the bridged setup automatically.

    Please start the "YaST Control Center", choose "Virtualization" and then "Install Hypervisor and Tools" to start the bridge proposal for networking. Alternatively you can call

    yast2 xen

    on the commandline.

  • Upgrading from SUSE Linux Enterprise Server 10 SP2 to SUSE Linux Enterprise Server 11 with the Xen Hypervisor does not preserve xen configuration options

    Due to changes in default settings, the Xen Management Daemon (xend) configuration file is replaced during upgrade. Customizations are saved to /etc/xen/xend-config.sxp.rpmsave for merging with the new configuration file.

  • SGI REACT

    SGI Altix and SGI Altix XE systems using SGI REACT for Linux and SUSE Linux Enterprise Server 10 cannot upgrade to SUSE Linux Enterprise Server 11 at this time. For more information, please contact SGI Technical Support at support@sgi.com or http://www.sgi.com/support/supportcenters.html.

  • LILO configuration via YaST/AutoYaST

    he configuration of the LILO bootloader via YaST/AutoYaST is still possible, but not supported on the x86/x86_64 architecture any more. For further information please consult Novell TID 7003226 http://www.novell.com/support/documentLink.do?externalID=7003226.

Chapter 7. Deprecated Functionality

The following list item were removed with this major release of SUSE Linux Enterprise Server.

  • dante

  • JFS

    The JFS filesystem is no longer supported and the utilities were removed from the distribution.

  • EVMS

    For the future strategy and development with respect to volume- and storage-management on SUSE Linux Enterprise, please see: http://www.novell.com/linux/volumemanagement/strategy.html

  • ippl

  • powertweak

  • SUN Java

  • uw-imapd

  • The mapped-base functionality, which is used by 32-Bit applications that need a larger dynamic data space (such as database management systems), was replaced with flexmap.

  • zmd

The following list of current functionality is deprecated and will be removed with the next Service Pack or major release of SUSE Linux Enterprise Server.

  • The reiserfs filesystem is fully supported for the lifetime of SUSE Linux Enterprise Server 11 specifically for migration purposes. We will however remove support for creating new reiserfs filesystems starting with SUSE Linux Enterprise Server 12.

  • The sendmail package is deprecated and might be removed with SUSE Linux Enterprise Server 12.

  • The lprng package is deprecated and will be removed with SUSE Linux Enterprise Server 12.

  • The dhcp-client package is deprecated and will be removed with SUSE Linux Enterprise Server 12.

  • The qt3 package is deprecated and will be removed with SUSE Linux Enterprise Server 12.

  • openswan and strongswan packages will be consolidated.

  • syslog-ng will be replaced with rsyslog

  • The smpppd package is deprecated and will be removed with one of the next Service Packs or SUSE Linux Enterprise Server 12.

  • The RAW devices are deprecated and will be removed with one of the next Service Packs or SUSE Linux Enterprise Server 12.

  • IBM Java 1.4.2 is supported with SUSE Linux Enterprise Server 11 specifically for migration purposes. We will however remove support for this specific Java version with SUSE Linux Enterprise Server 12 latest.

  • The use of a 32-bit hypervisor as a virtualization host is deprecated but provided for migration purposes. Novell may remove this functionality with a future service pack. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.

Chapter 8. Infrastructure, Package and Architecture specific Information

8.1. Systems Management

  • Modified operation against Novell Customer Center

    Effective on 2009-01-13, provisional registrations will be disabled in the Novell Customer Center. Registering an instance of SUSE Linux Enterprise Server or Open Enterprise Server (OES) products now requires a valid, entitled activation code. Evaluation codes for reviews or proofs of concept can be obtained from the product pages and from the download pages on novell.com. If a device is registered without a code at setup time, a provisional code is assigned by Novell Customer Center (NCC) to the device, and an entry for it is made in your NCC list of devices. No update repositories are assigned to the device at this time. Once you are ready to assign a code to the device, starting the YaST Novell Customer Center registration module and putting in the appropriate code (replacing the un-entitled provisional code that NCC generated) will fully entitle the device and activate the appropriate update repositories.

  • Operation against Subscription management Tool

    Operation under the Subscription Management Tool (SMT) package and registration proxy is not affected. Registration against SMT will assign codes automatically from your default pool in NCC until all entitlements have been assigned. Registering additional devices once the pool is depleted will result in the new device being assigned a provisional code (with local access to updates), and the SMT server will provide appropriate notification to the administrator that these new devices need to be entitled.

  • Minimal Pattern

    The minimal pattern provided in YaST's Software Selection Dialog targets experienced customers and should be used as a base for your own specific software selections.

    Please do not expect that an unchanged / not-extended minimal pattern provides a useful basis for your business needs.

    This pattern does not include any dump- or logging-tools. To fully support your configuration, Novell Technical Services (NTS) will request the installation of all the tools which are needed for further analysis, in case of a support request.

  • SPident

    SPident is a tool to identify the Service Pack level of the current installation. This tool is not delivered with SUSE Linux Enterprise Server 11 GA, but is replaced by the new SAM tool (package "suse-sam").

8.2. Performance related Information

  • Linux Completely Fair Scheduler affects Java performance

    Problem (Abstract)

    Java applications that use synchronization extensively might perform poorly on Linux systems that include the Completely Fair Scheduler. If you encounter this problem, there are two possible workarounds.

    Symptom

    You may observe extremely high CPU usage by your Java application, and very slow progress through synchronized blocks. The application may appear to hang due to the slow progress.

    Cause

    The Completely Fair Scheduler (CFS) is a scheduler that was adopted into the mainline Linux kernel as of release 2.6.23. The CFS algorithm is different from previous Linux releases. It might change the performance properties of some applications. In particular, CFS implements sched_yield() differently, making it more likely that a thread that yields will be given CPU time regardless. More information on CFS can be found here: "Multiprocessing with the Completely Fair Scheduler", http://www.ibm.com/developerworks/linux/library/l-cfs/?ca=dgrlnxw06CFC4Linux

    The new behavior of sched_yield() might adversely affect the performance of synchronization in the IBM JVM.

    Environment

    This problem may affect IBM JDK 5.0 and 6.0 (all versions) running on Linux kernels that include the Completely Fair Scheduler, including Linux kernel 2.6.27 in SUSE Linux Enterprise Server 11.

    Resolving the problem

    If you observe poor performance of your Java application, there are two possible workarounds:

    • Either invoke the JVM with the additional argument "-Xthr:minimizeUserCPU"

    • Or configure the Linux kernel to use the more backward-compatible heuristic for sched_yield(), by setting the sched_compat_yield tunable kernel property to 1. For example:

      echo "1" > /proc/sys/kernel/sched_compat_yield
      

    You should not use these workarounds unless you are experiencing poor performance.

  • Tuning performance of simple database engines

    Simple database engines like Berkeley DB use memory mappings (mmap(2)) to manipulate database files. When the mapped memory is modified, those changes need to be written back to disk. In SUSE Linux Enterprise 11, the kernel includes modified mapped memory in its calculations for deciding when to start background writeback, and when to throttle processes which modify additional memory. (In previous versions, mapped dirty pages were not accounted for, and the amount of modified memory could exceed the overall limit defined.) This can lead to a decrease in performance; the fix is to increase the overall limit.

    The maximum amount of dirty memory is 40% in SUSE Linux Enterprise 11 by default. This value is chosen for average workloads, so that enough memory remains available for other uses. The following settings may be relevant when tuning for database workloads:

    • vm.dirty_ratio

      Maximum percentage of dirty system memory (default 40).

    • vm.dirty_background_ratio

      Percentage of dirty system memory at which background writeback will start (default 10).

    • vm.dirty_expire_centisecs

      Duration after which dirty system memory is considered old enough to be eligible for background writeback (in centiseconds).

    These limits can be observed or modified with the sysctl utility (see sysctl(1), sysctl.conf(5)).

  • Memory controller (cgroup) is disabled by default

    Memory cgroup is runtime-disabled by default in SUSE Linux Enterprise Server 11 due to speed regressions introduced by this facility. Please pass "cgroup_enable=memory" to the kernel commandline to have this enabled.

8.3. Storage

  • Multipathing - SCSI Hardware Handler

    Some storage devices, e.g. IBM DS4K, require special handling for path failover and failback. In SUSE Linux Enterprise Server 10 SP2, this was handled at the dm layer as hardware handler.

    One drawback of this implementation was that the underlying SCSI layer didn't know about the existence of the Hardware Handler. Hence, during device probing, SCSI would send I/O on the passive path, which would fail after a timeout and also print extraneous error messages in the console.

    In SUSE Linux Enterprise Server 11, this problem is resolved by moving the hardware handler to the SCSI layer, hence the term SCSI Hardware Handler. These handlers are modules created under the SCSI directory in the Linux Kernel.

    In SUSE Linux Enterprise Server 11, there are four SCSI Hardware Handlers: scsi_dh_alua, scsi_dh_rdac, scsi_dh_hp_sw, scsi_dh_emc.

    These modules need to be included in the initrd image so that SCSI knows about the special handling during probe time itself.

    This can be done by following these steps:

    • Add the device handler modules to the INITRD_MODULES variable in /etc/sysconfig/kernel

    • Create a new initrd using

      mkinitrd -k /boot/vmlinux-<flavour> -i /boot/initrd-<flavour>-scsi_dh -M /boot/System.map-<flavour>
    • Update the grub.conf/lilo.conf/yaboot.conf file with the newly built initrd

    • Reboot

  • Multipathing: failed paths do not return after a path failure

    To work in a fully certified environment with all storage backend systems and fully supported by Novell and your storage vendor, please make sure that you have installed at least multipath-tools-0.4.8-40.2 or a later version. Appropriate packages are available as a maintenance update for SUSE Linux Enterprise 11.

  • Local Mounts of iSCSI Shares

    An iSCSI shared device should never be mounted directly on the local machine. In an OCFS2 environment, doing so causes all hardware to hard hang.

8.4. Architecture independent Information

8.4.1. Changes in packaging and delivery

  • With the SUSE Linux Enterprise High Availability Extension 11, Novell offers the most modern open source High Availability Stack for Mission Critical environments.

  • The tomcat6 Servlet/JSP engine is delivered as part of the SUSE Linux Enterprise Software Development Kit 11.

8.4.2. Security

  • Removable media

    To allow a specific user to mount removable media, always run the following command as root

    polkit-auth --user joe --grant org.freedesktop.hal.storage.mount-removable

    To allow all locally logged in users on the active console to mount removable media, run the following commands as root:

    echo 'org.freedesktop.hal.storage.mount-removable no:no:yes' >> /etc/polkit-default-privs.local
    /sbin/set_polkit_default_privs
    
  • Verbose audit records for system user management tools

    Install the package "pwdutils-plugin-audit". To enable this plugin, please add "audit" to /etc/pwdutils/logging . Please see the Security Guide for more information.

8.4.3. Networking

  • Using the system as a router

    As long as the firewall is active, the option ip_forwarding will be reset by the firewall module. To activate the system as a router, the variable FW_ROUTE has to be set too. This can be done through yast2-firewall or manually.

8.4.4. Cross architecture information

  • Myricom 10GigE (x86, x86_64 and IA64)

    With SUSE Linux Enterprise Server 11, we have switched to the mainline myri10ge driver. This driver needs a firmware for correct operation. In order to operate correctly, customers need to install the firmware separately as SUSE Linux Enterprise Server 11 does not include this.

  • Firefox may fail to start

    If you encounter issues to start Firefox in a 64-bit environment with 32-bit compatibility pattern installed, please make sure that the package "mozilla-xulrunner190-32-bit" is not installed.

    This is addressed with high priority. We will issue a maintenance update via http://support.novell.com/ once this has been resolved.

8.5. AMD64/Intel64 64-bit (x86_64) and Intel/AMD 32-bit (x86) specific Information

8.5.1. System and vendor specific information

  • i586 and i686 Machine with more than 16 GB of Memory

    Depending on the workload, i586 and i686 machines with 16GB-48GB of memory can run into instabilities. Machines with more than 48GB of memory are not supported at all. To run on such a machine, lower the memory with the mem= kernel boot option.

    In such memory scenarios we strongly recommend using a x86-64 system with 64-bit SUSE Linux Enterprise Server, and run the (32-bit) x86 applications on it.

  • NetXen 10G Ethernet Expansion Card on IBM BladeCenter HS12 system

    When installing SUSE Linux Enterprise Server 11 on a HS12 system with a "NextXen Incorporated BladeCenter-H 10 Gigabit Ethernet High Speed Daughter Card", the boot parameter pcie_aspm=off should be added.

  • NIC Enumeration

    Ethernet interfaces on some hardware do not get enumerated in a way that matches the marking on the chassis.

  • HP Linux ProLiant Support Pack for SUSE Linux Enterprise Server 11

    The HP Channel Interface Device Driver (hpilo) device driver has been submitted to the open source community as part of the upstream Linux kernel. This device driver replaces the two versions of channel interface drivers (hp_ilo, hpqci) previously shipped by HP in the hp-ilo RPM package. Due to changes in the API between driver versions, various utilities in the Linux ProLiant Support Pack require updates to properly communicate with hpilo. These utilities have been updated in Linux ProLiant Support Pack release 8.25.

    The hpilo driver is included in SUSE Linux Enterprise Server 11. Therefore, no hp-ilo package will be provided in the Linux ProLiant Support Pack for SUSE Linux Enterprise Server 11.

    For more details, please consult Novell TID 700273

  • HP High Performance Mouse for iLO Remote Console.

    The desktop in SUSE Linux Enterprise Server 11 now recognizes the HP High Performance Mouse for iLO Remote Console and is configured to accept and process events from it. For the desktop mouse and the HP High Performance Mouse to stay synchronized, it is necessary to turn off mouse acceleration. As a result, the HP iLO2 High-Performance mouse (hpmouse) package is no longer needed with SUSE Linux Enterprise Server 11 once one of the three following options are implemented.

    1. In a terminal run "xset m 1" -- this setting will not survive a reset of the desktop.

    2. (Gnome) In a terminal run "gconf-editor" and go to desktop->gnome->peripherals->mouse. Edit the "motion acceleration" field to be 1.

      (KDE) Open "Personal Settings (Configure Desktop)" in the menu and go to "Computer Administration"->Keyboard&Mouse->Mouse->Advanced and change "Pointer Acceleration" to become 1.

    3. (Gnome) In a terminal run "gnome-mouse-properties" and adjust the "Pointer Speed" slide scale until the HP High Performance Mouse and the desktop mouse run at the same speed across the screen. The recommended adjustment is close to the middle just to the "Slow" side.

    After acceleration is turned off, sync the desktop mouse and the ILO mouse by moving to the edges and top of the desktop to line them up in the vertical and horizontal directions. Also if the HP High Performance Mouse is disabled, pressing the <Ctrl> key will stop the desktop mouse and allow easier synching of the two pointers.

    For more details please consult Novell TID 7002735

  • Missing 32-bit compatibility libraries for libstdc++ and libg++ on 64-bit systems (x86_64)

    32-bit (x86) compatibility libraries like "libstdc++-libc6.2-2.so.3" have been available on x86_64 in the package "compat-32-bit" with SUSE Linux Enterprise Server 9, SUSE Linux Enterprise Server 10, and are also available on the SUSE Linux Enterprise Desktop 11 medium (compat-32-bit-2009.1.19), but not included in SUSE Linux Enterprise Server 11.

    Background

    The respective libraries had been deprecated back in 2001, and have been shipped in the compatibility package already with the release of SUSE Linux Enterprise Server 9 in 2004. The package was shipped with SUSE Linux Enterprise Server 10 to provide a longer transition period for applications requiring the package.

    With the release of SUSE Linux Enterprise Server 11 the compatibility package is no longer supported.

    Solution

    In an effort to enable a longer transition period for applications still requiring this package, it has been moved to the unsupported "Extras" channel. This channel is visible on every SUSE Linux Enterprise Server 11 system, which has been registered with the Novell Customer Center, and it is also mirrored via SMT alongside the supported and maintained SUSE Linux Enterprise Server 11 channels.

    Packages in the "Extras" channel are not supported or maintained.

    The compatibility package is part of SUSE Linux Enterprise Desktop 11 due to a policy difference with respect to deprecation and deprecated packages as compared to SUSE Linux Enterprise Server 11.

    We encourage customers to work with Novell and Novell's partners to resolve dependencies on those old libraries.

  • 32-bit devel-packages missing from the Software Development Kit (x86_64)

    Example: libpcap0-devel-32-bit package was available in Software Development Kit 10, but is missing from Software Development Kit 11

    Background

    Novell supports running 32-bit applications on 64-bit architectures; respective runtime libraries are provided with SUSE Linux Enterprise Server 11 and fully supported. With SUSE Linux Enterprise 10 we also provided 32-bit devel packages on the 64-bit Software Development Kit. Having 32-bit devel packages and 64-bit devel packages installed in parallel may lead to side-effects during the build process. Thus with SUSE Linux Enterprise 11 we startet to remove some of (but not yet all) the 32-bit devel packages from the 64-bit Software Development Kit.

    Solution

    With the development tools provided in the Software Development Kit 11, customers and partners have two options to build 32-bit packages in a 64-bit environment (see below). Beyond that, Novell's appliance offerings provide powerful environments for software building, packaging and delivery.

    • Use the "build" tool, which creates a chroot environment for building packages.

    • The Software Development Kit contains the software used for the openSUSE buildservice. Here the abstraction is provided by virtualization.

8.5.2. Virtualization

  • VMI Kernel (x86, 32-bit only)

    With the delivery of the VMI enabled kernel as part of SUSE Linux Enterprise Server 11 (x86 32-bit) Novell is proud to continue the direction we started with SUSE Linux Enterprise Server 10 SP2. With this kernel we support the benefits of the VMI as used by VMware infrastructure. The delivery of a dedicated VMI kernel flavor gives our customers the choice to use the right kernel depending on their infrastructure, requirements, and system architecture.

  • CPU overcommit and fully virtualized guest

    Novell and our partners are currently evaluating reports that with CPU overcommitment in place and under heavy load fully virtualized guests may become unresponsive or hang.

    Paravirtualized guests work flawlessy with CPU overcommitment also under heavy load.

    This is addressed with high priority. We will issue a maintenance update via http://support.novell.com/ once this has been resolved.

  • Xen on systems with 250 GiB (or more) physical memory

    If you want to boot Xen on a system with more than about 192GiB, you will have to pass "dom0_mem=192G" on the Xen command line. The value of 192GiB is an upper limit. It is generally recommended to pass an even smaller value, unless you have a strong need of your Domain0 really having this much memory.

  • IBM System X x3850/x3950 with ATI Radeo 7000/VE video cards and Xen Hypervisor

    When installing SUSE Linux Enterprise Server 11 on IBM System X x3850/x3950 with ATI Radeo 7000/VE video cards, the boot parameter 'vga=0x317' needs to be added to avoid video corruption during the installation process.

    Graphical environment (X11) in XEN is not supported on IBM System X x3850/x3950 with ATI Radeo 7000/VE video cards.

  • Video mode selection for Xen kernels

    In a few cases, following the installation of Xen, the hypervisor does not boot into the GUI. To work around this issue, modify /boot/grub/menu.lst and replace vga=<number> with vga=mode-<number>. For example, if the setting for your native kernel is vga=0x317, then for Xen you will need to use vga=mode-0x317.

  • Time synchronization in Paravirtualized Domains with NTP.

    Paravirtualized (PV) DomUs usually get the time from the hypervisor. If you want to run "ntp" in PV DomUs, the DomU must be decoupled from the Dom0's time. At runtime this is done with:

    echo 1 > /proc/sys/xen/independent_wallclock

    To set this at boot time:

    1. Either append "independent_wallclock=1" to kernel cmd line in DomU's grub configuration file

    2. Or append "xen.independent_wallclock = 1" to /etc/sysctl.conf in the DomU.

  • If you encounter time synchronization issues with Paravirtualized Domains, we encourage you to use NTP.

8.6. Intel Itanium (ia64) specific Information

  • Installation on systems with many LUNs (storage)

    While the number of LUNs for a running system is virtually unlimited, we suggest not having more than 64 LUNs online while installing the system, to reduce the time to initialize and scan the devices and thus reduce the time to install the system in general.

  • Reiserfs and HP Storage (on Itanium only)

    HP and Novell are currently evaluating a report that Reiserfs filesystems show unexpected behaviour under heavy load.

    Other filesystems (xfs and ext3) are not affected by those findings, and we encourage you to use one of those two according to your needs and preference.

    This is addressed with high priority. We will issue a maintenance update via http://support.novell.com/ once this has been resolved.

8.7. POWER (ppc64) specific Information

  • Supported Hardware / Systems

    All POWER3, POWER4, PPC970 and RS64–based models that were supported by SUSE Linux Enterprise Server 9 are no longer supported.

  • Loading the installation kernel via network on POWER

    With SUSE Linux Enterprise Server 11 the bootfile DVD1/suseboot/inst64 can not be booted directly via network anymore, because its size is larger than 12MB. To load the installation kernel via network, copy the files yaboot.ibm, yaboot.cnf and inst64 from the DVD1/suseboot directory to the TFTP server. Rename the yaboot.cnf file to yaboot.conf. yaboot can also load config files for specific ethernet MAC addresses. Use a name like yaboot.conf-01-23-45-ab-cd-ef match a MAC address. An example yaboot.conf for TFTP booting looks like this:

      default=sles11
      timeout=100
      image[64-bit]=inst64
        label=sles11
        append="quiet install=nfs://hostname/exported/sles11dir"
       

    Please note that this will not work on POWER4 systems. Their firmware can only load files up to 12MB via TFTP.

  • Huge Page Memory support on POWER

    Huge Page Memory (16GB pages, enabled via HMC) is supported by the Linux Kernel, but special kernel parameters must be used to enable this support. Boot with the parameters "hugepagesz=16G hugepages=N" in order to use the 16GB huge pages, where N is the number of 16GB pages assigned to the partition via the HMC. The number of 16GB huge pages available can not be changed once the partition is booted. Also, there are some restrictions if huge pages are assigned to a partition in combination with eHEA / eHCA adapters:

    IBM eHEA Ethernet Adapter:

    The eHEA module will fail to initialize any eHEA ports if huge pages are assigned to the partition and Huge Page kernel parameters are missing. Thus, no huge pages should be assigned to the partition during a network installation. To support huge pages after installation, the huge page kernel parameters need to be added to the boot loader configuration before huge pages are assigned to the partition.

    IBM eHCA InfiniBand Adapter:

    The current eHCA device driver is not compatible with huge pages. If huge pages are assigned to a partition, the device driver will fail to initialize any eHCA adapters assigned to the partition.

  • Installation on POWER onto IBM vscsi target

    The installation on a vscsi client will fail with old versions of the AIX VIO server. Please upgrade the AIX VIO server to version 1.5.2.1-FP-11.1 or later.

  • IBM Linux VSCSI server support in SUSE Linux Enterprise Server 11

    At this point, there is no support for the VSCSI server functionality in SUSE Linux Enterprise Server 11. Customers who serve disks or partitions from Linux should not upgrade. Please continue to use the ibmvscsis driver in either SUSE Linux Enterprise Server 9 or 10.

  • Virtual Fibre Channel devices

    When using IBM Power Virtual Fibre Channel devices utilizing N-Port ID Virtualization, the Virtual I/O Server may need to be updated in order to function correctly. Linux requires VIOS 2.1, Fixpack 20.1, and the LinuxNPIV I-Fix in order for this feature to function properly. These updates can be downloaded from the following URL: http://www14.software.ibm.com/webapp/set2/sas/f/vios/home.html

  • Virtual Tape Devices

    When using a virtual tape served by an AIX VIO server and running

    mt -f <Virtual Tape Device> setblk <Size>

    the command will fail. To use the tape device again, VIOS has to be rebooted or the tape has to be reloaded.

    Please check for updates on the IBM Virtual I/O Server support page for fixes to this problem.

  • ITrace

    Using the ITrace instrumentation library, libperfutil, to start and stop tracing on your application may result in a system hang. A workaround for this problem is to insert a call to ITraceDisable() prior to calling ITrace_off() in your instrumented application.

  • Chelsio cxgb3 iSCSI offload engine

    The Chelsio hardware supports ~16K packet size (the exact value depends on the system configuration). It is recommended that you set the parameter MaxRecvDataSegmentLength in /etc/iscsid.conf to 8192.

    For the cxgb3i driver to work properly, this parameter needs to be set to 8192.

    In order to use the cxgb3i offload engine, the cxgb3i module needs to be loaded manually after open-scsi has been started.

    For additional information, please refer to /usr/src/linux/Documentation/scsi/cxgb3i.txt in the kernel source tree.

  • Known TFTP issues with yaboot

    When attempting to netboot yaboot users may see the following error message: "Can't claim memory for TFTP download (01800000 @ 01800000-04200000)" and the netboot will stop and immediately display the yaboot "boot:" prompt. Use the following steps to work around the problem.

    • Reboot the system and at the IBM splash screen select '8' to get to an Open Firmware prompt "0>"

    • At the Open Firmware prompt type the following commands

      		'setenv real-base c00000'
      		'dev /packages/gui obe'
      	

    • The second command will take the system back to the IBM splash screen and the netboot can be attempted again.

8.8. System z (s390x) specific Information

  • IBM System z Architecture Level Set (ALS) preparation

    To exploit new IBM System z architecture capabilities during lifecycle of SUSE Linux Enterprise Server 11 support for machines of type z900, z990, z800, z890 is deprecated this release. Novell plans to introduce an ALS earliest with SUSE Linux Enterprise Server 11 Service Pack 1 (SP1), latest with SP2. After ALS SUSE Linux Enterprise Server 11 only executes on z9 or newer processors.

    With SUSE Linux Enterprise Server 11 GA only machines of type z9 or newer are supported.

    When developing software, we recommend to switch gcc to z9/z10 optimization:

    • install gcc

    • install gcc-z9 package (change gcc options to -march=z9-109 -mtune=z10)

  • The minimum required machine loader level for IPL of SUSE Linux Enterprise Server 11 from a SCSI disk is v1.4 which is included in the follow MCLs:

    • z9, driver 67L, MCL G40943.001

    • z10, driver 75J, no MCL required on top of GA-level

    For older levels of the machine loader, the ramdisk load address of the installed SUSE Linux Enterprise Server 11 system needs to be manually changed from 0x2000000 to 0x1000000. To do this, open the /etc/zipl.conf file and change lines containing ramdisk = <initrd filename>,0x2000000 into ramdisk = <initrd filename>,0x1000000and run the zipl command afterwards. Note that this workaround may not work on systems with large amount of memory.

  • For LUN Scanning to work properly, the minimum Storage firmware level should be:

    • DS8000 Code Bundle Level 64.0.175.0

    • DS6000 Code Bundle Level 6.2.2.108

  • Large Page support in IBM System z

    Possibility for processes to allocate process memory in chunks of 1 MByte instead of 4 KByte. This works through the hugetlbfs.

  • Installation onto an unformatted ECKD DASD (System z)

    An unformatted DASD has to be formatted before its first usage. The procedure is as follows:

    • In the DASD Disk Management panel select the DASD, then press "Perform Action" and "Activate".

    • Ignore the error ("device is not a DASD") by pressing "OK". Then select "Perform Action" and "Format". Confirm with "OK" and "Yes".

    • When the formatting of the device has finished, you have to deactivate ("Perform Action" and "Deactivate") and re-activate ("Perform Action" and "Activate") the DASD again to re-read the device information properly.

    • After that press "Next" and proceed with the installation.

    For more information please consult the SUSE Linux Enterprise Server Deployment Guide.

  • Autoyast installation on System z.

    When installation via autoyast is done, an error message may pop up after the hardware detection, saying: "No hard disks were found for the installation." This is because the disk configuration will happen after automatic hardware detection. Just click "OK" or let the message timeout. The installation will continue as expected.

  • IBM zfcp and multipathing / MPIO

    The IBM zfcp SCSI driver is currently not taking full advantage of the new multipath/failover functionality in the SCSI midlayer in SUSE Linux Enterprise Server 11.

    Packages containing this improved functionality will be provided via maintenance updates. Customers will be informed via the usual communication paths.

  • OSA Layer2 Installation on LPAR: MAC address mandatory

    When installing with a OSA network device in Layer 2 mode in LPAR, it is mandatory to enter a unique MAC address in the format 01:23:45:67:89:AB when asked for. Leaving this field blank doesn't work in LPAR.

  • Collaborative memory management Stage II (CMM2) currently not available

    IBM and Novell are working to integrate this technology into the Linux Kernel and move it to a supported solution in SUSE Linux Enterprise Server as soon as available upstream.

  • Issue with SLES 11 and NSS under z/VM

    Starting SLES 11 under z/VM with NSS sometimes makes guest to logoff by itself.

    Solution: IBM addresses this issue with APAR VM64578.

Chapter 9. Technical Information

This section contains information about system limits, a number of technical changes and enhancements for the experienced user.

When talking about CPUs we are following this terminology:

  • CPU Socket

    The visible physical entity, as it is typically mounted to a motherboard or an equivalent.

  • CPU Core

    The (usually not visible) physical entity as reported by the CPU vendor.

    On System z this is equivalent to an IFL.

  • Logical CPU

    This is what the Linux Kernel recognizes as a "CPU".

    We avoid the word "Thread" (which is sometimes used), as the word "thread" would also become ambiguous subsequently.

  • Virtual CPU

    A logical CPU as seen from within a Virtual Machine.

9.1. Kernel Limits

http://www.novell.com/products/server/techspecs.html

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 11.

CODE 11 (2.6.27)x86ia64x86_64s390xppc64

CPU bits

32

64

64

64

64

max. # Logical CPUs

32

up to 4096

512

64

up to 1024

max. RAM (theoretical / certified)

64/16 GiB

1 PiB/4 TiB

64 TiB/512 GiB

4 TiB/256 GiB

1 PiB/512 GiB

max. user-/kernelspace

3/1 GiB

2 EiB/φ

128 TiB/128 TiB

φ/φ

2 TiB/2 EiB

max. swap space

up to 32 * 64 GB

max. #processes

1048576

max. #threads per process

tested with more than 120000; maximum limit depends on memory and other parameters

max. size per block device

up to 16 TiB

and up to 8 EiB on all 64-bit architectures

9.2. Xen Limits

CODE 11x86x86_64

CPU bits

32

64

Logical CPUs (Xen Hypervisor)

32

255

Virtual CPUs per VM

1-32

Maximum supported memory (Xen Hypervisor)

16 GiB

1 TiB

Maximum supported memory (Dom0)

16 GiB

192 GiB

Virtual memory per VM

128 MiB-15 GiB

128 MiB-192 GiB

Total virtual devices per host

256

2048

Maximum number of NICs per host

8

Maximum number of vNICs per guest

8

Maximum number of guests per host

64

In Xen 3.3, the hypervisor bundled with SUSE Linux Enterprise Server 11, dom0 is able to see and handle a maximum of 32 logical CPU. The hypervisor itself however, can access up to logical 255 logical CPUs (the maximum theoretical limit on x86_64) and schedule those for the VMs (up to 32 per VM).

The use of a 32-bit hypervisor as a virtualization host is deprecated but provided for migration purposes. Novell may remove this functionality with a future service pack. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.

9.3. Filesystems

http://www.novell.com/linux/filesystems/features.html

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling filesystems and logical volume managers back in 2000. Today, we have customers running XFS and ReiserFS with more than 8TiB in one filesystem, and our own SUSE Linux Enterprise engineering team is using all 3 major Linux journaling filesystems for all its servers.

We are excited to add the OCFS2 cluster filesystem to the range of supported filesystems in SUSE Linux Enterprise.

We propose to use XFS for large-scale filesystems, on systems with heavy load and multiple parallel read- and write-operations (e.g for file serving with Samba, NFS, etc.). XFS has been developed to be used under those conditions, while typical desktop use (single write or read) will not necessarily benefit from it's capabilities.

FeatureExt 3Reiserfs 3.6XFSOCFS 2*

Data/Metadata Journaling

•/•

○/•

○/•

○/•

Journal internal/external

•/•

•/•

•/•

•/○

Offline extend/shrink

•/•

•/•

○/○

•/○

Online extend/shrink

•/○

•/○

•/○

•/○

Sparse Files

Tail Packing

Defrag

Extended Attributes/ Access Control Lists

•/•

•/•

•/•

•/•

Quotas

Dump/Restore

Blocksize default

4KiB

max. Filesystemsize

16 TiB

16 TiB

8 EiB

16 TiB

max. Filesize

2 TiB

1 EiB

8 EiB

1 EiB

*OCFS2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.

The maximum file size above can be larger than the filesystem's actual size due to usage of sparse blocks. It should also be noted that unless a filesystem comes with large file support (LFS), the maximum file size on a 32-bit system is 2 GB (2^31 bytes). Currently all of our standard filesystems (including ext3 and ReiserFS) have LFS, which gives a maximum file size of 2^63 bytes in theory. The numbers in the above tables assume that the filesystems are using 4 KiB block size. When using different block sizes, the results are different, but 4 KiB reflects the most common standard.

In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024 GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also http://physics.nist.gov/cuu/Units/binary.html

9.4. Kernel Modules

An important requirement for every Enterprise operating system is the level of support a customer can get for his environment. Kernel modules are the most relevant connector between hardware ("controllers") and the operating system. Every kernel module in SUSE Linux Enterprise Server 11 has a flag 'supported' with three possible values: "yes", "external", "" (empty, not set, "unsupported").

The following rules apply:

  • All modules of a self-recompiled kernel are by default marked as unsupported.

  • Kernel Modules supported by Novell partners and delivered using Novell's Partner Linux Driver process are marked "external".

  • If the "supported" flag is not set, loading a module will taint the kernel. Kernels which are tainted are not supported. To avoid this, not supported Kernel modules are included in an extra RPM (kernel-<flavor>-extra) and will not be loaded by default ("flavor"=default|smp|xen|...). In addition, those unsupported modules are not available in the installer, and the package kernel-$flavor-extra is not on the SUSE Linux Enterprise Server media.

  • Kernel Modules not provided under a license compatible to the License of the Linux Kernel will also taint the Kernel; see /usr/src/linux/Documentation/sysctl/kernel.txt and cf. the state of "/proc/sys/kernel/tainted".

Technical Background

  • Linux Kernel

    The value of /proc/sys/kernel/unsupported defaults to 2 on SUSE Linux Enterprise Server 11 ("do not warn in syslog when loading unsupported modules"). This is the default used in the installer as well as in the installed system. See /usr/src/linux/Documentation/sysctl/kernel.txt for more information.

  • modprobe

    The "modprobe" utility for checking module dependencies and loading modules appropriately checks for the value of the "supported" flag. If the value is "yes" or "external" the module will be loaded, otherwise it will not. See below, for information on how to override this.

    Note: Novell does not generally support removing of storage modules via modprobe -r.

Working with unsupported modules

While the general supportability requirement is important, there might occur situations, where loading an unsupported module seems appropriate or is required (e.g., for testing or debugging purposes, or if your hardware vendor provides a hotfix):

  • You can override the default by changing the variable allow_unsupported_modules in /etc/modprobe.d/unsupported-modules and set the value to "1".

    If you only want to try loading a module once, the --allow-unsupported-modules command-line switch can be used with modprobe. (see: man modprobe).

  • During installation, unsupported modules may be added through driver update disks, and they will be loaded.

    To enforce loading of unsupported modules during boot and afterwards, please use the kernel command line option oem-modules.

    While installing and initializing the module-init-tools package, the kernel flag "TAINT_NO_SUPPORT" ("/proc/sys/kernel/tainted") will be evaluated. If the kernel is already tainted, allow_unsupported_modules will be enabled. This will prevent unsupported modules from failing in the system being installed. (If no unsupported modules are present during installation and the other special kernel command line option is not used, the default will still be to disallow unsupported modules.)

  • If you install unsupported modules after the initial installation and want to enable those modules to be loaded during system boot, please don't forget to run depmod and mkinitrd.

Please remember that loading and running unsupported modules will make the kernel and the whole system unsupported by Novell.

9.5. IPv6 Implementation and Compliance

SUSE Linux Enterprise Server 11 is compliant to IPv6 Logo Phase 2. However, when running the respective tests, you may see some tests failing. For various reasons, we cannot enable all the configuration options by default, which are necessary to pass all the tests. Please find details below.

  • Section 3: RFC 4862 - IPv6 Stateless Address Autoconfiguration

    Some tests fail because of the default DAD handling in Linux; disabling the complete interface is possible, but not the default behavior (because security-wise, this might open a DoS attack vector, a malicious node on a network could shutdown the complete segment) this is still conforming to RFC 4862: the shutdown of the interface is a "should", not a mandatory ("must") rule.

    The Linux kernel allows you to change the default behavior with a sysctl parameter. To do this on SUSE Linux Enterprise Server 11, you need to make the following changes in configuration:

    • Add ipv6 to the modules load early on boot

      Edit /etc/sysconfig/kernel and add ipv6 to MODULES_LOADED_ON_BOOT e.g. MODULES_LOADED_ON_BOOT="ipv6" This is needed for the second change to work, if ipv6 is not loaded early enough, setting the sysctl fails.

    • Add the following lines to /etc/sysctl.conf

      ## shutdown IPV6 on MAC based duplicate address detection
      net.ipv6.conf.default.accept_dad = 2
      net.ipv6.conf.all.accept_dad = 2
      net.ipv6.conf.eth0.accept_dad = 2
      net.ipv6.conf.eth1.accept_dad = 2
      				

      Note: if you use other interfaces (e.g. eth2), please modify the lines. With these changes, all tests for RFC 4862 should pass.

  • Section 4: RFC 1981 - Path MTU Discovery for IPv6

    • Test v6LC.4.1.10: Multicast Destination - One Router

    • Test v6LC.4.1.11: Multicast Destination - Two Routers

    On these two tests ping6 needs to be told to allow defragmentation of multicast packets. Newer ping6 versions have this disabled by default. Use: ping6 -M want <other parameters>. see man ping6 for more information

  • Enable IPv6 in Yast for SCTP support

    SCTP is dependent on IPv6, so in order to successfully insert the SCTP module, IPv6 must be enabled in YaST. This allows for the IPv6 module to be automatically inserted when `modprobe sctp` is called.

9.6. Other technical information

  • Changes to network setup

    The script modify_resolvconf is removed in favor of a more versatile script called netconfig. This new script handles specific network settings from multiple sources more flexibly and transparently. Please review the documentation and man-page of netconfig for more details.

  • Locale Settings in ~/.i18n

    If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes; for example, use LANG instead of RC_LANG. For more information about locales in general, see "Language and Country-Specific Settings" in the Reference Manual.

  • Configuration of kdump

    The kernel is crashing or otherwise misbehaving and a kernel core dump needs to be captured for analysis.

    Please use YaST (System->Kernel Kdump) to configure your environment.

  • JPackage Standard for Java Packages

    Java packages are changed to follow the JPackage Standard (http://www.jpackage.org/). Please read the documentation in /usr/share/doc/packages/jpackage-utils/ for more information.

  • Pulseaudio

    For better sound functionality on SUSE Linux Enterprise systems we strongly recommend that pulseaudio 0.9.14 or higher is installed. This version is available via maintenance channels for SUSE Linux Enterprise systems registered with Novell.

Chapter 10. Documentation and other information

Colophon

Thanks for using SUSE Linux Enterprise Server in your business.

The SUSE Linux Enterprise Server 11 Team.