Jump to content
SUSE Linux Enterprise Server 12 SP5

Release Notes

Abstract

This document provides guidance and an overview to high-level general features and updates for SUSE Linux Enterprise Server 12 SP5. Besides architecture or product-specific information, it also describes the capabilities and limitations of SUSE Linux Enterprise Server 12 SP5.

The support period for SUSE Linux Enterprise Server 12 SP5 has ended. To keep systems secure and supported, upgrade to a current SUSE Linux Enterprise Server version. Before starting the upgrade, make sure to apply all maintenance updates.

Publication Date: 2024-12-06, Version: 12.5.20241206
1 About the release notes
2 SUSE Linux Enterprise Server
2.1 Interoperability and Hardware Support
2.2 Important Sections of This Document
2.3 Security, Standards, and Certification
2.4 Documentation and other information
2.5 Support and life cycle
2.6 Support statement for SUSE Linux Enterprise Server
2.7 Technology Previews
3 Modules, Extensions, and Related Products
3.1 Available Modules
3.2 Available Extensions
3.3 Derived and Related Products
4 Installation and Upgrade
4.1 Installation
4.2 Upgrade-Related Notes
4.3 JeOS (Just enough Operating System)
4.4 For More Information
5 Changes affecting all architectures
5.1 Authentication
5.2 Base System
5.3 Containers
5.4 Databases
5.5 Development
5.6 Desktop
5.7 File Systems
5.8 Kernel
5.9 Networking
5.10 Performance Related Information
5.11 Security
5.12 Storage
5.13 Systems Management
5.14 Virtualization
5.15 Miscellaneous
6 AMD64/Intel 64-Specific Features & Fixes (x86_64)
6.1 Running 32-bit applications
6.2 Notable Updates
6.3 Intel Optane DC Persistent Memory Operating Modes
6.4 Intel Omni-Path Architecture (OPA) Host Software
6.5 sysfs Support for Dirty Shutdown Count
6.6 Miscellaneous
7 POWER-Specific Features & Fixes (ppc64le)
7.1 Support for ibmvnic Networking Driver
7.2 Speed of ibmveth Interface Not Reported Accurately
8 IBM Z-Specific Features & Fixes (s390x)
8.1 Hardware
8.2 Network
8.3 Performance
8.4 Security
8.5 Storage
8.6 Virtualization
8.7 Miscellaneous
9 ARM 64-Bit-Specific Features & Fixes (AArch64)
9.1 cpufreq driver for Raspberry Pi
9.2 HDMI Audio support for Raspberry Pi 3
10 Known Issues & Workarounds
10.1 User Login Fails After Upgrade
10.2 Installation on RAID10 Array Composed from SSD Drives Hangs on Discard Request
10.3 Installation in Text Mode: Switching the Keyboard Layout fails
10.4 Installation in Text Mode: Russian, Korean, and Chinese EULA is not Displayed Correctly
10.5 Installation in Graphic Mode on IBM Z: Installation Fails with 1 GB RAM
10.6 Media Does Not Contain Translated Manuals in /docu
11 Removed and Deprecated Features and Packages
11.1 Removed Features and Packages
11.2 Deprecated Features and Packages
12 Obtaining source code
13 Legal notices
A Kernel parameter changes
A.1 During 12 SP5

1 About the release notes

These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.

Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.

2 SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 12 SP5 is a highly reliable, scalable, and secure server operating system, built to power mission-critical workloads in both physical and virtual environments. It is an affordable, interoperable, and manageable open source foundation. With it, enterprises can cost-effectively deliver core business services, enable secure networks, and simplify the management of their heterogeneous IT infrastructure, maximizing efficiency and value.

The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux Enterprise Server is optimized to deliver high-performance mission-critical services, as well as edge of network, and web infrastructure workloads.

2.1 Interoperability and Hardware Support

Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix and Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility.

This modular, general purpose operating system runs on four processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering.

SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription. This makes it the perfect guest operating system for virtual computing.

2.2 Important Sections of This Document

If you are upgrading from a previous SUSE Linux Enterprise Server release, you should review at least the following sections:

2.3 Security, Standards, and Certification

SUSE Linux Enterprise Server 12 SP5 has been submitted to the certification bodies for:

For more information about certification, see https://www.suse.com/security/certificates.html.

2.4 Documentation and other information

2.4.1 Available on the product media

  • Read the READMEs on the media.

  • Get the detailed change log information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm
  • Check the ChangeLog file in the top level of the installation medium for a chronological log of all changes made to the updated packages.

  • Find more information in the docu directory of the installation medium of SUSE Linux Enterprise Server 12 SP5. This directory includes PDF versions of the SUSE Linux Enterprise Server 12 SP5 Installation Quick Start Guide.

  • Get list of manual pages with usage information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --docfiles -qp FILENAME.rpm | grep man

2.4.2 Online documentation

2.5 Support and life cycle

SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.

SUSE Linux Enterprise Server 12 has a 13-year life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (SP5) will be fully maintained and supported until 6 months after the end of the SUSE Linux Enterprise Server lifecycle. See https://www.suse.com/lifecycle for details.

If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support duration. You can buy an additional 12 to 36 months in twelve month increments. This means, you receive a total of 3 to 5 years of support per Service Pack.

For more information, check our Support Policy page https://www.suse.com/support/policy.html or the Long Term Service Pack Support Page https://www.suse.com/support/programs/long-term-service-pack-support.html.

2.6 Support statement for SUSE Linux Enterprise Server

To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server.

The following definitions apply:

L1

Problem determination, which means technical support designed to provide compatibility information, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation.

L2

Problem isolation, which means technical support designed to analyze data, reproduce customer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3.

L3

Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support.

For contracted customers and partners, SUSE Linux Enterprise Server is delivered with L3 support for all packages, except for the following:

  • Technology Previews, see Section 2.7, “Technology Previews”

  • Sound, graphics, fonts and artwork

  • Packages that require an additional customer contract, see Section 2.6.2, “Software requiring specific contracts”

  • Some packages shipped as part of the module Workstation Extension are L2-supported only

  • Packages with names ending in -devel (containing header files and similar developer resources) will only be supported together with their main packages.

  • Packages provided as part of the Software Development Kit (SLE Software Development Kit)

SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.

2.6.1 General support

To learn about supported features and limitations, refer to the following sections in this document:

2.6.2 Software requiring specific contracts

Certain software delivered as part of SUSE Linux Enterprise Server may require an external contract. Check the support status of individual packages using the RPM metadata that can be viewed with zypper.

Major packages and groups of packages affected by this are:

  • PostgreSQL (all versions, including all subpackages)

2.7 Technology Previews

Technology previews are packages, stacks, or features delivered by SUSE which are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are included for your convenience and give you a chance to test new technologies within an enterprise environment.

Whether a technology preview becomes a fully supported technology later depends on customer and market feedback. Technology previews can be dropped at any time and SUSE does not commit to providing a supported version of such technologies in the future.

Give your SUSE representative feedback about technology previews, including your experience and use case.

2.7.1 Technology Previews for All Architectures

2.7.1.1 schedutil

schedutil is a CPU frequency scaling governor that makes decisions based on the utilization data provided by the scheduler, as opposed to other governors that use CPU idle time, such as ondemand. It was introduced in the Linux kernel version 4.7. However, it is only viable for production use together with an optimization called util_est (short for "utilization estimation") that makes it much more responsive. This optimization is only available in Linux kernel version 4.17 and newer. For this reason it is only offered as technology preview in SLE 12 SP5.

2.7.2 Technology Previews for AMD64/Intel 64 64-Bit (x86_64)

2.7.2.1 KVM Nested Virtualization

KVM Nested Virtualization is available in SLE 12 SP5 as a technology preview. For more information, see the Linux kernel documentation.

2.7.2.2 Crystal Ridge: [HMEM] Hot Plug Device DAX Back Into the Kernel

Hotplug support for NVDIMM as a normal memory is provided as a technology preview.

2.7.3 Software under GNU AGPL

SUSE Linux Enterprise Server 12 SP5 (and the SUSE Linux Enterprise modules) includes the following software that is shipped only under a GNU AGPL software license:

  • Ghostscript (including subpackages)

SUSE Linux Enterprise Server 12 SP5 (and the SUSE Linux Enterprise modules) includes the following software that is shipped under multiple licenses that include a GNU AGPL software license:

  • MySpell dictionaries and LightProof

  • ArgyllCMS

3 Modules, Extensions, and Related Products

This section comprises information about modules and extensions for SUSE Linux Enterprise Server 12 SP5. Modules and extensions add parts or functionality to the system.

3.1 Available Modules

Warning
Warning

As of November 2024, SLES 12 SP5 is out of general support which also means that modules are no longer supported.

Modules are fully supported parts of SUSE Linux Enterprise Server with a different life cycle and update timeline. They are a set of packages, have a clearly defined scope and are delivered via an online channel only. Release notes for modules are contained in this document.

The following modules are available for SUSE Linux Enterprise 12 SP5:

NameContentLife Cycle

Advanced Systems Management Module

CFEngine, Puppet, Salt and the Machinery tool

Frequent releases

Containers Module

Docker, tools, prepackaged images

Frequent releases

HPC Module

Tools and libraries related to High Performance Computing (HPC)

Frequent releases

Legacy Module1

ksh

No updates, supported through March 2022

Public Cloud Module

Public cloud initialization code and tools

Frequent releases

Toolchain Module

GNU Compiler Collection (GCC)

Yearly delivery

Web and Scripting Module

PHP, Python, Ruby on Rails

3 years, ~18 months overlap

1 Module is not available for the AArch64 architecture.

For more information about the life cycle of packages contained in modules, see https://scc.suse.com/docs/lifecycle/sle/12/modules.

3.2 Available Extensions

Extensions add extra functionality to the system and require their own registration key, usually at additional cost. Extensions are delivered via an online channel or physical media. In many cases, extensions have their own release notes documents that are available from https://www.suse.com/releasenotes.

The following extensions are available for SUSE Linux Enterprise Server 12 SP5:

Additionally, there are the following extension which are not covered by SUSE support agreements, available at no additional cost and without an extra registration key:

4 Installation and Upgrade

SUSE Linux Enterprise Server can be deployed in several ways:

  • Physical machine

  • Virtual host

  • Virtual machine

  • System containers

  • Application containers

4.1 Installation

This section includes information related to the initial installation of SUSE Linux Enterprise Server 12 SP5.

Important
Important: Installation Documentation

The following release notes contain additional notes regarding the installation of SUSE Linux Enterprise Server. However, they do not document the installation procedure itself.

For installation documentation, see the Deployment Guide at https://documentation.suse.com/sles/12-SP5/singlehtml/book_sle_deployment/book_sle_deployment.html.

4.1.1 Setting CPU Mitigations

The Linux kernel gained a boot option that controls the mitigations for recently discovered CPU vulnerabilities.

The installer now allows setting the mitigations level directly during the installation of the system, independently of whether the system is being installed manually or via AutoYaST.

The mitigations level can be set to "off", "automatic" or "automatic with disabled Simultaneous Multithreading".

4.2 Upgrade-Related Notes

This section includes upgrade-related information for SUSE Linux Enterprise Server 12 SP5.

Important
Important: Upgrade Documentation

The following release notes contain additional notes regarding the upgrade of SUSE Linux Enterprise Server. However, they do not document the upgrade procedure itself.

For upgrade documentation, see the Deployment Guide, Updating and Upgrading SUSE Linux Enterprise at https://documentation.suse.com/sles/12-SP5/html/SLES-all/part-update.html.

4.2.1 Make Sure the Current System Is Up-To-Date Before Upgrading

Upgrading the system is only supported from the most recent patch level. Make sure the latest system updates are installed by either running zypper patch or by starting the YaST module Online-Update. An upgrade on a system not fully patched may fail.

4.2.2 Skipping Service Packs Requires LTSS

Skipping service packs during an upgrade is only supported if you have a Long Term Service Pack Support contract. Otherwise you first need to upgrade to SP4 before upgrading to SP5.

4.3 JeOS (Just enough Operating System)

SUSE Linux Enterprise Server JeOS is a slimmed down form factor of SUSE Linux Enterprise Server that is ready to run in virtualization environment and cloud. With SUSE Linux Enterprise Server JeOS, you can choose the right sized SUSE Linux Enterprise Server option to fit your needs.

We are providing different virtual disk images for JeOS, using the .qcow2, .vhdx, and .vmdk file formats respectively for KVM, Xen, OpenStack, Hyper-V, and VMware environments. All JeOS images are setting up the same disk size (24 GB) for the JeOS system but due to the nature of the different file formats, the size of the JeOS images are different.

4.3.1 JeOS Images for Hyper-V and VMware Are Now Compressed

Starting with SUSE Linux Enterprise Server 12 SP5, the JeOS images for Hyper-V and VMware using the .vhdx and .vmdk file formats respectively, are now compressed with the LZMA2 compression algorithm by default. Therefore, we are now delivering these images in an .xz file format, so you need to decompress the image before using it in your Hyper-V or VMware environment by, for example, using the unxz command.

The other JeOS images will remain uncompressed because the .qcow2 format already optimizes the size of the images.

4.3.2 firewalld not Available on the OpenStack JeOS Image

Having a firewall inside an instance is unnecessary and confusing in an OpenStack environment since OpenStack provides security and network capabilities on a different level. OpenStack, for instance, uses security groups which block any incoming connection (no ICMP, no UDP, no TCP) by default. The OpenStack Administrator needs to explicitely enable ICMP and TCP via the security groups configuration, to ping and ssh into an instance.

The official OpenStack recommendation for Linux-based images is to disable any firewalls inside the image (see https://docs.openstack.org/image-guide/openstack-images.html ), so we decided to remove the package firewalld from our OpenStack JeOS images.

4.3.3 kiwi-templates-SLES12-JeOS Package is Added to the SDK 12 SP5

The package kiwi-templates-SLES12-JeOS contains the necessary files to create and customize your own JeOS image. In previous Service Pack this package was only provided in the download area of JeOS on https://download.suse.com/.

With SUSE Linux Enterprise Server 12 SP5, we are providing the kiwi-templates-SLES12-JeOS package directly with the Software Development Kit 12 Service Pack 5 Media and its online channel.

4.4 For More Information

For more information, see Section 5, “Changes affecting all architectures” and the sections relating to your respective hardware architecture.

5 Changes affecting all architectures

Information in this section applies to all architectures supported by SUSE Linux Enterprise Server 12 SP5.

5.1 Authentication

5.1.1 Notable Updates

  • freeradius-server: Updated to version 3.0.19.

  • warnquota: now supports LDAP as default

  • OpenID is now supported. This feature is provided by apache2-mod_auth_openidc.

5.2 Base System

5.2.1 Xorg Server Has Been Updated to Version 1.19.6-4.3.1

SUSE Linux Enterprise Server 12 SP5 now includes version 1.19.6-4.3.1 of these two packages:

  • xorg-x11-server

  • xorg-x11-server-extra

The previous version was 7.6_1.15.2-36.21.

5.2.2 Better NVDIMM support

Updated the NVDIMM support and configuration utilities including ndctl and others.

5.2.3 Default Size for Core Files Has Changed to unlimited

With systemd-coredump as the default coredump handler, the coredumping logic on SUSE Linux Enterprise Server has been enabled for all services by default. systemd-coredump allows to store and manage the coredump in a more comprehensive and clean way.

Therefore the default size for core files has changed to unlimited. In previous versions of SUSE Linux Enterprise Server, the default size for core files was set to 0. To restore the previous behaviour, set

DefaultLimitCORE=0

in /etc/systemd/system.conf.

5.2.4 General Changes

  • Replaced init script of ebtables with systemd service file

  • sar: Better logging information on system shutdown

  • Improved NoCOW settings, specifically in /var/log. It affects only new installations, the upgrade process does not touch storage settings.

  • systemd: enabled GDPR compliant stack backtraces

5.2.5 Notable Updates

  • Augeas was updated to version 1.10.1

  • autofs was updated to version 5.1.3

  • Intel VROC support was updated to latest version

5.3 Containers

5.3.1 Packaged Docker Images Are No Longer Supported

The packaged base container images like sles11sp4-docker-image and suse-sles12sp3-image that ship with the SLE 12 Containers module will not receive further updates. We recommend using the SUSE Linux Enterprise Server 12 SP3 and newer images that can be obtained through the Docker registry at https://registry.suse.com.

5.3.2 New package: container-diff

The new package provides the command line tool container-diff. It allows to analyze and compare certain criteria of container images including:

  • Docker Image History

  • Image file system

  • Image size

  • various software packages (RPM, apt, pip, npm)

These analyses can be performed on a single image, or a diff can be performed on two images to compare. The tool helps to better understand what is changing inside their images, and provides an overview of an image contains.

5.4 Databases

5.4.1 unixODBC package drivers not for production

Drivers in the unixODBC package are not suitable for production use. The drivers are provided for test purposes only. We have added a reference to the package’s README file with information about third-party unixODBC drivers that are suitable for production use (http://www.unixodbc.org/drivers.html).

5.4.2 psqlODBC Has Been Added

The psqlODBC package version 12.01.0000 has been added.

5.4.3 PostgreSQL 12 Has Been Added

PostgreSQL 12 has been added to SUSE Linux Enterprise Server. PostgreSQL 10 remains available in SUSE Linux Enterprise Server 12 SP5.

For information about changes between PostgreSQL 10 and 12, see the upstream release notes:

With PostgreSQL 12, there are the following packaging changes:

  • Functionality that was available in the package postgresql10-devel is now split into postgresql12-devel (for building database clients) and postgresql12-server-devel (for building server extensions).

  • There is a new optional package called postgresql12-llvmjit.

All new packages have an accompanying noarch package without a version number in its name, such as postgresql-server-devel and postgresql-llvmjit.

5.5 Development

5.5.1 nodejs16 has been added

The nodejs16 package has been added to the Web and Scripting Module.

5.5.2 tcl has been updated

The tcl package has been updated to version 8.6.12. See the full changelog for more information.

5.5.3 Supported Java Versions

The following table lists Java implementations available in SUSE Linux Enterprise Server 12 SP5:

Name (Package Name)VersionPart of SUSE Linux Enterprise ServerSupport

OpenJDK (java-11-openjdk)

11

SLES

SUSE, L3, until 2024-10-31[a]

OpenJDK (java-1_8_0-openjdk)

1.8.0

SLES

SUSE, L3, until 2027-10-31

OpenJDK (java-1_7_0-openjdk)

1.7.0

SLES

SUSE, L3, until 2022-09-30

IBM Java (java-1_8_0-ibm)

1.8.0

SLES

External only, until 2025-04-30

IBM Java (java-1_7_1-ibm)

1.7.1

SLES

External only, until 2022-09-30

IBM Java (java-1_6_0-ibm)

1.6.0

Legacy Module

External only, until 2017-09-30

[a] OpenJDK 11 is guaranteed to work on SLES 12 SP5 and we provide quarterly security fixes. However, software intended for this version may not work and is not supported by SUSE.

5.5.5 PHP Has Been Updated to Version 7.4

We upgraded PHP to version 7.4 to provide you with the latest release. To learn more about PHP version 7.4, we recommend reading the PHP release announcement and the 7.3.x to 7.4.x migration guide.

As of January 2021, PHP 7.2 is no longer supported. For more information, see https://scc.suse.com/docs/lifecycle/sle/12/modules.

5.5.6 Python

5.5.6.1 Added Basic Support for Python 3.6

In SUSE Linux Enterprise Server 12 SP5, we are enabling the latest Python 3.6 development which also enables machine-learning applications. The Python 3.6 interpreter is shipped in the python36-base package.

For more information, see the upstream release notes at https://docs.python.org/3/whatsnew/3.6.html.

5.5.6.2 Added tkinter with python-3.4

Python module allowing to use tensorflow with python 3.4

5.6 Desktop

5.6.1 LibreOffice Has Been Updated to Version 7.3

LibreOffice has been updated to version 7.3. For information about major changes, see the LibreOffice 7.3 release notes at https://wiki.documentfoundation.org/ReleaseNotes/7.3.

5.6.2 Reduce Information on Logged Users During Logout

When trying to restart or poweroff a system from GNOME or GDM, a list of other users currently logged in could be viewed by any non-privileged user.

This is no longer the case with SUSE Linux Enterprise 12 SP5.

5.6.3 Flatpak Available as Technology Preview

Flatpak (1.4.x) is now available on SUSE Linux Enterprise 12 SP5, as Technology Preview.

Only command-line tools to install and run flatpaks are available.

5.6.4 Proper Unmount Notification in Nautilus

When unmounting devices from the Nautilus file viewer, a notification confirming success was not properly displayed.

This issue is fixed in SUSE Linux Enterprise Server 12 SP5.

5.6.5 Mesa Update

Mesa was updated to version 18.3.2, providing many bug fixes and support for Comet Lake U and Amber Lake Y chipsets.

5.6.6 Intel Graphics Memory Management Libray

The Intel® Graphics Memory Management Library (gmmlib) provides device specific and buffer management for the Intel® Graphics Compute Runtime for OpenCL™ and the Intel® Media Driver for VAAPI.

gmmlib is available in SUSE Linux Enterprise Server 12 SP5 and the SDK.

5.6.7 intel-vaapi Driver Update

The Intel® VAAPI driver (providing video acceleration for VA-API) was updated to version 2.2.0, providing support on Gemini Lake, Coffee Lake, Cannon Lake for many codecs (encoding and decoding).

5.6.8 Intel Media Driver for VAAPI

The Intel® Media Driver for VAAPI is a new VA-API (Video Acceleration API) user mode driver supporting hardware accelerated decoding, encoding, and video post processing for GEN based graphics hardware.

The intel-media-driver is available in SUSE Linux Enterprise Server 12 SP5.

5.6.9 Intel Media SDK

The Intel® Media SDK provides a plain C API to access hardware-accelerated video decoding, encoding and filtering on Intel® Gen graphics hardware platforms. the implementation is written in C++ 11 with parts in C-for-Media (CM).

  • Supported video encoders: HEVC, AVC, MPEG-2, JPEG, VP9

  • Supported video decoders: HEVC, AVC, VP8, VP9, MPEG-2, VC1, JPEG

  • Supported video pre-processing filters: Color Conversion, Deinterlace, Denoise, Resize, Rotate, Composition

The Intel Media SDK is available in SUSE Linux Enterprise Server 12 SP5 and SDK.

5.7 File Systems

5.7.1 Comparison of Supported File Systems

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.

y supported

n unsupported

FeatureBtrfsXFSExt4OCFS 21ReiserFS2

Supported in product

SLE

SLE

SLE

SLE HA

SLE

Data/metadata journaling

N/A3

n / y

y / y

n / y

n / y

Journal internal/external

N/A3

y / y

y / y

y / n

y / y

Journal checksumming

N/A3

y

y

y

n

Subvolumes

y

n

n

n

n

Offline extend/shrink

y / y

n / n

y / y

y / n4

y / n

Inode allocation map

B-tree

B+-tree

Table

B-tree

u. B*-tree

Sparse files

y

y

y

y

y

Tail packing

n

n

n

n

y

Small files stored inline

y (in metadata)

n

y (in inode)

y (in inode)

y (in metadata)

Defragmentation

y

y

y

n

n

Extended file attributes/ACLs

y / y

y / y

y / y

y / y

y / y

User/group quotas

n / n

y / y

y / y

y / y

y / y

Project quotas

n

y

y

n

n

Subvolume quotas

y5

N/A

N/A

N/A

N/A

Data dump/restore

n

y

n

n

n

Block size default

4 KiB6

Maximum file system size

16 EiB

8 EiB

1 EiB

4 PiB

16 TiB

Maximum file size

16 EiB

8 EiB

1 EiB

4 PiB

1 EiB

1 OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.

2 ReiserFS is supported for existing file systems. The creation of new ReiserFS file systems is discouraged.

3 Btrfs is a copy-on-write file system. Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in. Until the last write, the changes are not "committed". Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups).

4 To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted.

5 Btrfs quota groups can incur degraded performance on SUSE Linux Enterprise Server 12.

6 The block size default varies with different host architectures. 64 KiB is used on POWER, 4 KiB on other systems. The actual size used can be checked with the command getconf PAGE_SIZE.

Additional Notes

Maximum file size above can be larger than the file system’s actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 263 bytes in theory.

The numbers in the table above assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different.

In this document:

  • 1024 Bytes = 1 KiB

  • 1024 KiB = 1 MiB;

  • 1024 MiB = 1 GiB

  • 1024 GiB = 1 TiB

  • 1024 TiB = 1 PiB

  • 1024 PiB = 1 EiB.

See also http://physics.nist.gov/cuu/Units/binary.html.

Some file system features are available in SUSE Linux Enterprise Server 12 SP5 but are not supported by SUSE. By default, the file system drivers in SUSE Linux Enterprise Server 12 SP5 will refuse mounting file systems that use unsupported features (in particular, in read-write mode). To enable unsupported features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported. However, note that setting this option will render your kernel and thus your system unsupported.

5.7.2 Supported Btrfs Features

The following table lists supported and unsupported Btrfs features across multiple SLES versions.

y supported

n unsupported

FeatureSLES 11 SP4SLES 12 SP3SLES 12 SP4SLES 12 SP5SLES 15 GASLES 15 SP1

Copy on Write

y

y

y

y

y

y

Free Space Tree (Free Space Cache v2)

n

n

n

n

n

y

Snapshots/Subvolumes

y

y

y

y

y

y

Swap Files

n

n

n

n

n

y

Metadata Integrity

y

y

y

y

y

y

Data Integrity

y

y

y

y

y

y

Online Metadata Scrubbing

y

y

y

y

y

y

Automatic Defragmentation

n

n

n

n

n

n

Manual Defragmentation

y

y

y

y

y

y

In-band Deduplication

n

n

n

n

n

n

Out-of-band Deduplication

y

y

y

y

y

y

Quota Groups

y1

y1

y1

y1

y

y

Metadata Duplication

y

y

y

y

y

y

Changing Metadata UUID

n

n

n

n

n

y

Multiple Devices

n

y

y

y

y

y

RAID 0

n

y

y

y

y

y

RAID 1

n

y

y

y

y

y

RAID 5

n

n

n

n

n

n

RAID 6

n

n

n

n

n

n

RAID 10

n

y

y

y

y

y

Hot Add/Remove

n

y

y

y

y

y

Device Replace

n

n

n

n

n

n

Seeding Devices

n

n

n

n

n

n

Compression

n

y

y

y

y

y

Big Metadata Blocks

n

y

y

y

y

y

Skinny Metadata

n

y

y

y

y

y

Send Without File Data

n

y

y

y

y

y

Send/Receive

n

y

y

y

y

y

Inode Cache

n

n

n

n

n

n

Fallocate with Hole Punch

n

y

y

y

y

y

1 Btrfs quota groups can incur degraded performance on SUSE Linux Enterprise Server 12.

5.7.3 Notable Updates

  • multipath-tools: Now includes a new prioritizer based on a latency algorithm

  • quota-tools: Added support for HPE XFS.

5.8 Kernel

Also see the following:

5.8.1 Unprivileged eBPF usage has been disabled

A large amount of security issues was found and fixed in the Extended Berkeley Packet Filter (eBPF) code. To reduce the attack surface, its usage has been restricted to privileged users only.

Privileged users include root. Programs with the CAP_BPF capability in the newer versions of the Linux kernel can still use eBPF as-is.

To check the privileged state, you can check the value of the /proc/sys/kernel/unprivileged_bpf_disabled parameter. Value of 0 means "unprivileged enable", and value of 2 means "only privileged users enabled".

This setting can be changed by the root user:

  • to enable it temporarily for all users by running the command sysctl kernel.unprivileged_bpf_disabled=0

  • to enable it permanently by adding kernel.unprivileged_bpf_disabled=0 to the /etc/sysctl.conf file.

5.8.2 Support for Hygon Dhyana CPUs

SUSE Linux Enterprise Server 12 SP5 now supports the Hygon Dhyana CPUs. They are AMD-based CPUs produced in China by a joint venture between AMD and Hygon.

5.8.3 IOMMU Passthrough is now Default on all Architectures

Passthrough mode provides improved I/O performance, especially for high-speed devices, because DMA remapping is not needed for the host (bare-metal or hypervisor).

IOMMU passthrough is now enabled by default in SUSE Linux Enterprise products. Therefore, you no longer need to add iommu=pt (Intel 64/AMD64) or iommu.passthrough=on (AArch64) on the kernel command line. To disable passthrough mode, use iommu=nopt (Intel 64/AMD64) or iommu.passthrough=off (AArch64), respectively.

5.8.4 Enable NVDIMMs in Memory Mode

Due to missing auto detection by the hardware, enabling NVDIMMs in memory mode, requires the kernel boot parameter page_alloc.shuffle=1.

5.8.5 Kernel Firmware Shipped in kernel-firmware Package

In past releases, the kernel-default package contained firmware for in-kernel drivers.

Starting with SUSE Linux Enterprise Server 12 SP3, such firmware is delivered as part of the package kernel-firmware.

5.8.6 Kernel Limits

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 12 SP5.

SLES 12 SP5 (Linux 4.12)AMD64/Intel 64 (x86_64)IBM Z (s390x)POWER (ppc64le)ARMv8 (AArch64)

CPU bits

64

64

64

64

Maximum number of logical CPUs

8192

256

2048

480

Maximum amount of RAM (theoretical/certified)

> 1 PiB/64 TiB

10 TiB/256 GiB

1 PiB/64 TiB

256 TiB/n.a.

Maximum amount of user space/kernel space

128 TiB/128 TiB

n.a.

512 TiB1/2 EiB

256 TiB/256 TiB

Maximum amount of swap space

Up to 29 * 64 GB

Up to 30 * 64 GB

Maximum number of processes

1048576

Maximum number of threads per process

Upper limit depends on memory and other parameters (tested with more than 120,000)2.

Maximum size per block device

Up to 8 EiB on all 64-bit architectures

FD_SETSIZE

1024

1 By default, the user space memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 512 TiB.

2 The total number of all processes and all threads on a system may not be higher than the "maximum number of processes".

5.9 Networking

5.9.1 chrony has been updated

The chrony package has been updated to version 4.1.

Be aware especially about the following potential incompatible changes:

  • Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320[1]

  • Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3")[2]

See the full changelog for more information.

5.9.2 Samba

The version of Samba shipped with SUSE Linux Enterprise Server 12 SP5 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 12 SP5.

5.9.2.1 Samba has been updated

The samba package has been updated to version 4.15. This update will require also updating other packages depending on it, namely:

  • apparmor

  • cacertificates

  • gnutls

  • libldb

  • libnettle

  • libtalloc

  • libtdb

  • libtevent

  • p11-kit

  • sssd

After the update, the ldb and tdb files created by samba (internal databases in /var/lib/samba/**) should be managed with the tools installed in /usr/lib[64]/samba/bin/. The reason is that we are not updating these libraries because the newer versions required by samba 4.15 do not provide Python 2 bindings and we can not remove them with the update, so we built samba with the libraries bundled in. The system’s talloc, tdb, tevent, and ldb packages will not be modified by the update so the databases created using them (not by samba) must be administrated with the tools provided by the system’s ldb-tools and tdb-tools packages as before the update.

5.9.2.2 DFS share failover when remounting

Previously, when a DFS (Distributed File System) target link changed, it was necessary to manually unmount and remount the filesystem.

Now the switch is done automatically.

5.9.3 NFSv4

NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported.

5.9.3.1 gssproxy

gssproxy comes with added suppoprt for kerberos authentication on NFSv4.

5.9.4 FTP

5.9.4.1 vsftpd

Support for virtual Users has been added to vsftp.

5.9.5 Wicked

5.9.5.1 Packaging

The wicked library (package libwicked) is no longer shipped in a separate package, but part or the package wicked.

5.9.5.2 DHCPv6 Prefix-Length

In accordance with RFC5942 Wicked no longer assumes a /64 default prefix-length for the DHCPv6 addresses.

To use DHCPv6 on networks missing IPv6 Router advertisements that provide the prefix-length of the local network, you need to configure this value. To do so, set the DHCLIENT6_ADDRESS_LENGTH ifcfg-variable in /etc/sysconfig/network/dhcp to the prefix-length, for example:

DHCLIENT6_ADDRESS_LENGTH=64

Alternatively configure the radvd daemon on a (router) machine in the network to provide the router advertisements.

If you are installing SUSE Linux Enterprise Server 12 SP5 in a network missing IPv6 router advertisements, use the ifcfg boot parameter on the kernel command line to set the prefix-length, for example:

ifcfg=*=dhcp,DHCLIENT6_MODE=managed,DHCLIENT6_ADDRESS_LENGTH=64

5.9.6 Notable Network Package Updates

  • freeradius-server-3.0.19

  • rsync 3.1.3

  • squid-4.8

  • warnquota now supports ldap

5.9.7 New GeoIP Database Sources

The GeoIP databases allow approximately geo-locating users by their IP address. In the past, the company MaxMind made such data available for free in its GeoLite Legacy databases. On January 2, 2019, MaxMind discontinued the GeoLite Legacy databases, now offering only the newer GeoLite2 databases for download. To comply with new data protection regulation, since December 30, 2019, GeoLite2 database users are required to comply with an additional usage license. This change means users now need to register for a MaxMind account and obtain a license key to download GeoLite2 databases. For more information about these changes, see the MaxMind blog.

SUSE Linux Enterprise Server includes the GeoIP package of tools that are only compatible with GeoLite Legacy databases. As an update for SUSE Linux Enterprise Server 12 SP5, we introduce the following new packages to deal with the changes to the GeoLite service:

  • geoipupdate: The official Maxmind tool for downloading GeoLite2 databases. To use this tool, set up the configuration file with your MaxMind account details. This configuration file can also be generated on the Maxmind web page. For more information, see https://dev.maxmind.com/geoip/geoip2/geolite2/.

  • geolite2legacy: A script for converting GeoLite2 CSV data to the GeoLite Legacy format.

  • geoipupdate-legacy: A convenience script that downloads GeoLite2 data, converts it to the GeoLite Legacy format, and stores it in /var/lib/GeoIP. With this script, applications developed for use with the legacy geoip-fetch tool will continue to work.

5.10 Performance Related Information

5.10.1 supportconfig SAP plugin has been added

A SAP plugin for supportconfig has been added. This plugin collects information about SAP applications to enhance support for SAP customers.

5.11 Security

5.11.1 openSSH 8.4

A parallel, installable version of the openssh package is now available. The default openssh version is kept due to incompatibility. Transition to openssh 8.4 needs to be started manually by doing:

zypper in openssh8.4-server
zypper in openssh8.4-clients

When zypper prompts you, select de-installation of the regular openssh and installation of the new openssh8.4 packages.

After doing this review if the service starts or if it needs configuration adjustments.

For more information see https://lists.suse.com/pipermail/sle-updates/2024-March/034754.html.

5.11.2 Restricting privilege listing with sudo

Previously, user with ALL commands allowed in the /etc/sudoers file could list other users' (including root’s) privileges using the -U and -l options.

This has been restricted only to users which have ALL privileges specified in the /etc/sudoers file.

5.11.3 sudo has been updated

The sudo package has been updated to the version 1.8.27. Among others, there are the following notable changes:

  • PAM account management modules and BSD authentication approval modules are now run even when no password is required.

  • The LDAP and SSS back-ends now use the same rule evaluation code as the sudoers file backend.

  • On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from PAM account management if authentication is disabled for the user.

5.11.4 Upgraded mod_nss to Enable TLS 1.3

The Network Security Services module for the Apache2 server (apache2-mod_nss) was updated to version 1.0.17. This enables the server to handle connections via the more secure TLS 1.3 protocol.

5.11.6 Added SELinux Policy Core Utilities

The Package policycoreutils contains utilities required for the basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles, and run_init to run /etc/init.d scripts in the proper context.

5.11.7 ibmtss Update Changes Path to Binaries

IBM’s TPM 2.0 TSS implementation has been updated upstream. The update now allows to install binaries in /usr/bin/ rather than having to copy them manually into a custom directory. As a consquence, the binaries had to be renamed in order to not conflict with other programs of the same name. All binaries shipped with the ibmtss package are now prefixed with tss. So /usr/lib/ibmtss/hash for example, is now available as /usr/bin/tsshash.

5.11.8 Notable Updates

  • gssproxy: Added support for Kerberos authentication on NFSv4.

5.12 Storage

5.12.1 XFS V4 format file systems have been deprecated

Customers who have created XFS file system on SLE 11 or prior will see the following message:

Deprecated V4 format (crc=0) will not be supported after September 2030

While the file system will work and be supported until the date mentioned, it is best to re-create the file system:

  1. Backup all the data to another drive or partition

  2. Create the file system on the device

  3. Restore the data from the backup

5.13 Systems Management

5.13.1 rsyslog has been updated

The rsyslog package has been updated from version 8.24 to 8.2106. There were the following notable changes:

5.13.2 Salt Has Been Updated to Version 3000

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Salt 3000 is the last version of Salt which will support the old syntax of the cmd.run module.

5.13.3 Snapper’s Space-Aware Snapshot Cleanup Has Been Improved

Previously, the space-aware cleanup of snapshots integrated in Snapper only looked at the disk space used by all snapshots. In certain cases, this narrow focus meant that the file system ran out of space anyway.

Starting with SUSE Linux Enterprise Server 12 SP5, the space-aware cleanup of Snapper additionally looks at the free space of the file system and keeps the file system at least 20 percent free.

5.13.4 Samba Identity Mapping Backends

The Windows Domain Membership YaST module (yast-samba-client) has been updated to handle the new Samba idmap backend mappings. Previously, the YaST module would only configure Samba to use the tdb back-end, which does not map users consistently on every Linux client. The module also configured Samba idmap with a deprecated syntax.

Now the Windows Domain Membership module configures a host by default using the rid back-end, which will provide more consistent SID to uid mappings between clients. It also uses the newer Samba idmap syntax in the smb.conf.

In addition to defaulting to a better idmap back-end, SUSE Linux Enterprise Server 12 SP5 allows you to modify which configuration is chosen from the Domain Join dialog. Advanced options include the idmap back-ends tdb, ad, rid, and autorid. Each back-end has its advantages and drawbacks. For more information, see https://www.suse.com/support/kb/doc/?id=7007006 and the man page of idmap.

5.14 Virtualization

For more information about acronyms used below, see the virtualization documentation provided at https://documentation.suse.com/sles/12-SP5/.

5.14.1 Supported Live Migration Scenarios

You can migrate a virtual machine from one physical machine to another. The following live migration scenarios are supported under both KVM and Xen:

  • SLES 12 SP4 to SLES 12 SP5

  • SLES 12 SP5 to SLES 12 SP5

  • SLES 12 SP5 to SLES 15 SP1

In addition, SUSE strives to support live migrations of VM guests from VM hosts running an LTSS-supported service pack of SLES to newer service packs of the same SLES major version. As an example, a migration of a VM guest from a SLES 12 SP2 host to a SLES 12 SP5 host is supported in this way. SUSE only performs minimal testing of these migration scenarios. We recommend thorough on-site testing before migrating critical VM guests in such scenarios.

5.14.2 Supported KVM/Xen Guests and Hosts

For information on supported KVM and Xen guests and hosts, see the SUSE Linux Enterprise Server Virtualization Guide at https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-virt-support.html.

5.14.3 KVM

5.14.3.1 KVM Limits
Maximum VMs per HostUnlimited (total number of virtual CPUs in all guests being no greater than 8 times the number of CPU cores in the host).

Maximum Virtual CPUs per VM

288

Maximum Memory per VM

4 TiB

Virtual Host Server (VHS) limits are identical to those of SUSE Linux Enterprise Server.

5.14.4 Xen

5.14.4.1 Running Xenstore in a separate Stub Domain (stubdom)

Since Xen 4.9, it is easy to configure Xenstore to run in a separate stubdom instead of dom0. stubdom is a lightweight "service" or "driver" domain. Running Xenstore as a stubdom increases safety, stability, and improves response times of Xenstore in case dom0 is under heavy load.

The memory configuration (initial size, maximum size) is done via entries in the /etc/sysconfig/xencommon file. The Xenstore stubdom will automatically increase in size according to memory needs. There are no devices for the domain and no extra action or specific maintenance required, apart from the above configuration.

Because Xenstore must be available all the time, saving, restoring, migrating, and stopping of the domain is prohibited.

5.14.4.2 Xen 4.12
  • Includes improved security mitigation support

  • Includes an update for the file xen-dom0-modules.service map. xenlinux modules that lack aliases are ignored to avoid error messages from modprobe about unknown modules (fixes bsc#1137251).

  • Starting with this release autoballooning is disable by default in xl.conf.

5.14.4.3 Xen Limits

Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as a virtualization host. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.

FeatureLimit

Maximum Physical CPUs per Host

1024

Maximum Physical Memory per Host

16 TiB

Maximum Virtual CPUs per Host

Unlimited (total number of virtual CPUs in all guests being no greater than 8 times the number of CPU cores in the host).

Maximum Physical Memory for Dom0

500 GiB

Maximum Virtual CPUs per VM1

FV: 128, PV: 512

Maximum Memory per VM

16 GiB x86_32, 2 TiB x86_64

Maximum number of block devices

12,000 SCSI logical units

Suspend and hibernate modes

Not supported

1 PV: Paravirtualization, FV: Full virtualization

5.14.5 Containers

5.14.5.1 Windows Subsystem for Linux (WSL) Image

The Windows Subsystem for Linux (WSL) Image for SUSE Linux Enterprise Server 12 SP5 can be used with both WSL and WSL 2, there is no separate image for WSL 2. The Image will receive regular updates.

5.14.6 libvirt

5.14.6.1 Important Changes
  • Includes a fix to set max_grant_frames for domUs via libvirt (fixes bsc#1126325)

  • Xen PVH has been temporarily disabled until the feature is better usable (fixes bsc#1125889)

  • virsh now supports setting the precopy bandwidth for migrations (fixes bsc#1145586)

  • libvirt now supports the Cascadelake-Server CPU model

  • qemu: fix default value of security_default_confined (disabled by default)

  • qemu: Add support for overriding the maximum threads per process limit (fixes bsc#1133719)

  • cpu_map: add cpu feature md-clear (fixes CVE-2018-12126)

5.14.7 Vagrant

Vagrant is a tool that provides a unified workflow for the creation, deployment and management of virtual development environments. It abstracts away the details of various Virtualization providers (like VirtualBox, VMWare or libvirt) and provides a uniform and simple configuration file, that allows developers and operators to quickly spin up a VM of any Linux distribution.

A new VM can be launched with Vagrant via the following set of commands. The example uses the Vagrant Box for openSUSE Tumbleweed:

vagrant init opensuse/Tumbleweed.x86_64
vagrant up
# your box is now going to be downloaded and started
vagrant ssh
# and now you've got ssh access to the new VM
5.14.7.1 Vagrant Boxes for SUSE Linux Enterprise Server

Starting with SUSE Linux Enterprise Server 12 SP5, we are providing official Vagrant Boxes for SUSE Linux Enterprise Server for x86_64 and aarch64 (only for the libvirt provider). These boxes come with the bare minimum of packages to reduce their size and are not registered, thus users need to register the boxes prior to further provisioning.

The VirtualBox provider is compatible with VirtualBox versions 4.0.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x, 5.1.x, 5.2.x, 6.0.x, and 6.1.x. The boxes are tested with the latest Vagrant version only but as they do not use any specific features, they should work with any of the Vagrant 2.2.x releases.

These boxes are only available for direct download via SCC and must be manually registered with Vagrant as follows:

vagrant box add --name SLES-12-SP5 SLES12-SP5-Vagrant.x86_64-12.5-libvirt-*.vagrant.libvirt.box

The box is then available under the name SLES-12-SP5 and can be used as all other Vagrant boxes:

vagrant init SLES-12-SP5
vagrant up
vagrant ssh
5.14.7.2 aarch64 Support

The Vagrant Box is also available for the aarch64 architecture using the libvirt provider. It has been pre-configured for the usage on SUSE Linux Enterprise Server on aarch64 and might not launch on other operating systems without additional settings. Running it on other architectures than aarch64 is not supported.

In case the box fails to start with a libvirt error message, add the following to your Vagrantfile and adjust the variables according to the guest operating system:

  config.vm.provider :libvirt do |libvirt|
    libvirt.driver = "kvm"
    libvirt.host = 'localhost'
    libvirt.uri = 'qemu:///system'
    libvirt.host = "main"
    libvirt.features = ["apic"]
    # path to the UEFI loader for aarch64
    libvirt.loader = "/usr/share/qemu/aavmf-aarch64-code.bin"
    libvirt.video_type = "vga"
    libvirt.cpu_mode = "host-passthrough"
    libvirt.machine_type = "virt-3.1"
    # path to the qemu aarch64 emulator
    libvirt.emulator_path = "/usr/bin/qemu-system-aarch64"
  end

5.14.8 Others

5.14.8.1 perl-Sys-Virt
  • Add all new APIs and constants in libvirt 5.1.0

5.15 Miscellaneous

5.15.1 adcli now supports setting password expiry

The adcli command now supports the --dont-expire-password parameter.

This parameter sets or unsets the DONT_EXPIRE_PASSWORD flag in the userAccountControl attribute to indicate if the machine account password should expire or not. By default adcli will set this flag while joining the domain which corresponds to the default behavior of Windows clients.

5.15.2 /var/run is now volatile

Previously, the /var/run directory was not volatile.

In SLES 12, this has been changed, and /var/run is now volatile.

5.15.3 Enriched system visibility in the SUSE Customer Center (SCC)

SUSE is committed to helping provide better insights into the consumption of SUSE subscriptions regardless of where they are running or how they are managed; physical or virtual, on-prem or in the cloud, connected to SCC or Repository Mirroring Tool (RMT), or managed by SUSE Manager. To help you identify or filter out systems in SCC that are no longer running or decommissioned, SUSEConnect now features a daily “ping”, which will update system information automatically.

For more details see the documentation at https://documentation.suse.com/subscription/suseconnect/single-html/SLE-suseconnect-visibility/.

6 AMD64/Intel 64-Specific Features & Fixes (x86_64)

Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the AMD64/Intel 64 architectures.

6.1 Running 32-bit applications

SUSE does not support 32-bit development on SLE 12 SP5. 32-bit runtime environments are available with SLE 12 SP5. If there is a need to develop 32-bit applications to run in the SLE 12 SP5 32-bit runtime environment, use the SLE 11 32-bit development tools to create these applications.

6.2 Notable Updates

6.2.1 Virtualization

  • Subpage protechtion

  • Support for new Tremont AiA instructions

  • Model-specific Split Lock Disable support

  • new CLDEMOT instructions (SnowRidge)

  • PT v4 (Intel Processor Trace buffer) for SnowRidge,

  • enable ICX NIs for XEN

6.2.2 Driver Updates

  • e1000e

  • fm10k

  • i40e

  • i40iw

  • iavf (i40evf)

  • ice

  • icrdma

  • igb

  • igbvf

  • igc

  • ixgbe

  • ixgbevf

6.2.3 Package Updates

  • ipmctl

  • ledmon

  • mdadm

6.2.4 Hardware

  • Extened Crystal Ridge support

  • Extended Intel omni-path architecture support

  • Extended Jacobsville support for

    • SPI-NOR

    • GPIO

    • new enumeration of #AC for split lock

  • Whitley/Icelake-SP Platform patches adding enhancements like rep mov for memcpy_mcsafe

6.3 Intel Optane DC Persistent Memory Operating Modes

Intel Optane DC Persistent Memory has two operating modes, AppDirect mode and Memory Mode.

In Memory Mode, the Optane DIMMs serve as cost-effective DRAM replacement. To applications the Optane memory is presented as volatile memory (that is, not persistent), just like on DRAM-only systems. In reality this is a combination of Optane and DRAM, where DRAM acts as a cache for the most frequently-accessed data, while the Optane persistent memory provides large memory capacity. The setup is slower with random access workloads than on DRAM-only systems, but allows for higher capacity memory and is more cost-effective. In this mode, data is not persistent, which means it is lost when the system is powered off.

Intel Optane running in memory mode is supported with SUSE Linux Enterprise Server running on certified platforms. Users running applications that take advantage of this mode must understand that without specific enhancements performance may decrease.

Direct any hardware related questions at your hardware partner. SUSE works with all major hardware vendors to make the use of Intel Optane a perfect user experience on the operating system level and open-source infrastructure level.

6.4 Intel Omni-Path Architecture (OPA) Host Software

Intel Omni-Path Architecture (OPA) host software is fully supported in SUSE Linux Enterprise Server 12 SP5.

Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.

For instructions on installing Intel Omni-Path Architecture documentation, see https://cdrdv2.intel.com/v1/dl/getContent/617176.

6.5 sysfs Support for Dirty Shutdown Count

ACPI 6.3 introduces an a unlatched shutdown count. This will be supported by adding a static attribute to nmemX/nfit/. On machines that do not have ACPI 6.3, a fallback (NVDIMM_FAMILY_INTEL) is provided.

6.6 Miscellaneous

  • VMA based swap readahead

7 POWER-Specific Features & Fixes (ppc64le)

Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the POWER architecture.

7.1 Support for ibmvnic Networking Driver

The kernel device driver ibmvnic provides support for vNIC (virtual Network Interface Controller) which is a PowerVM virtual networking technology that delivers enterprise capabilities and simplifies network management on IBM POWER systems. It is an efficient high-performance technology.

When combined with SR-IOV NIC, it provides bandwidth control Quality of Service (QoS) capabilities at the virtual NIC level. vNIC significantly reduces virtualization overhead resulting in lower latencies and fewer server resources (CPU, memory) required for network virtualization.

For a detailed support statement of ibmvnic in SLES, see https://www.suse.com/support/kb/doc/?id=7023703.

7.2 Speed of ibmveth Interface Not Reported Accurately

The ibmveth interface is a paravirtualized interface. When communicating between LPARs within the same system, the interface’s speed is limited only by the system’s CPU and memory bandwidth. When the virtual Ethernet is bridged to a physical network, the interface’s speed is limited by the speed of that physical network.

Unfortunately, the ibmveth driver has no way of determining automatically whether it is bridged to a physical network and what the speed of that link is. ibmveth therefore reports its speed as a fixed value of 1 Gb/s which in many cases will be inaccurate. To determine the actual speed of the interface, use a benchmark. Using ethtool, you can then set a more accurate displayed speed.

8 IBM Z-Specific Features & Fixes (s390x)

Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP5 for the IBM Z architecture. For more information, see https://www.ibm.com/docs/en/linux-on-systems?topic=distributions-suse-linux-enterprise-server

8.1 Hardware

8.1.1 Valgrind IBM z13 Support

Valgrind now includes instruction support for IBM z13 instructions. This enables debugging and validation of binaries built and optimized for IBM z13. In particular this covers the vector instruction set extensions introduced with IBM z13.

8.1.2 Support for IBM z15 in binutils and glibc

Binutils and glibc have been updated to support instructions introduced with IBM z15.

8.1.3 Compression Improvements for zlib

The zlib library has been updated to exploit the IBM z15 compression capabilities.

8.1.4 Compression Improvements for gzip

The gzip tool has been updated to exploit the IBM z15 compression capabilities.

8.1.5 Performance Counters for IBM z15 (CPU-MF)

For optimized performance tuning the CPU-measurement counter facility now supports counters, including the MT-diagnostic counter set, that were originally introduced with IBM z14.

8.1.6 Collecting NVMe-Related Debug Data

To debug NVMe devices, the debug data gets collected and added to the dbginfo.sh script.

8.1.7 PCI Error Reporting Tool

Defective PCIe devices are now reported via error notification events that include health information of the adapters.

8.2 Network

8.2.1 OSA-Express7S Adapters are now Supported

With the OSA 7 network cards a link speed of 25Gb/s is supported.

8.2.2 Full-blown TCP Segmentation Offload

TCP segmentation offload is now supported on both layer 2 and layer 3 and is extended to IPv6.

8.2.3 Handle Provisioned MAC Addresses

You can now use provisioned MAC addresses for devices supported with IBM z14 and later hardware.

8.3 Performance

8.3.1 Synthesize perf Events/Samples from CPU-MF auxtrace Data

Enhance perf tool to synthesize perf diagnostic events and samples saved in the auxtrace buffer. The auxtrace buffer contains basic- and diagnostic sampling data entries.

8.3.2 CPU-MF/perf: Export Sampling Data for Post-Processing

Enhance the hardware sampling in the perf PMU driver to export additional information for improved perf tool post processing. Display address and function name where sample was taken.

8.3.3 Network Performance Improvements

Enhanced performance for OSA and Hipersockets via code improvements and exploitation of further kernel infrastructure.

8.4 Security

8.4.1 SIMD Implementation of Chacha20 in OpenSSL

This enables support for TLS 1.3 via the Chacha20 cipher suite providing good performance using SIMD instructions.

8.4.2 SIMD Implementation of Poly1305 in OpenSSL

This enables support for TLS 1.3 via the Poly1305 cipher suite providing good performance using SIMD instructions.

8.4.3 Support of CPACF Hashes in ep11 Token in openCryptoki and libica

Provides improved performance for applications computing many digital signatures using EP11 like Blockchain.

8.4.4 In-kernel Crypto: Support for Protected Keys Generated by random in the paes Module

This feature can generate volatile protected keys. This allows, for example, the secure encryption of swap volumes without the need for a CryptoExpress adapter

8.4.5 New Tool zcryptstats to Extract Crypto Measurement Data

Added a new tool zcryptstats to the s390-tools package to to obtain and display measurement data from crypto adapters for capacity planning.

8.4.6 Support Multiple zcrypt Device Nodes

The cryptographic device driver can now provide and maintain multiple zcrypt device nodes. These nodes can be restricted in terms of cryptographic adapters, domains, and available IOCTLs.

8.4.7 openCryptoki ep11 Enhancements

Support new functions and new mechanisms introduced for ep11 with IBM z14.

8.4.8 Enhanced openCryptoki Support

Enhanced openCryptoki ep11 token to support m_*Single functions from ep11 lib.

8.4.9 libica: CPACF Enhancements

Enhanced libica to support NIST curves as provided by CPACF MSA-9.

8.4.10 openssl-ibmca: CPACF Enhancements

Enhanced openssl-ibmca to support NIST curves as provided by CPACF MSA-9.

8.4.11 zcrypt DD: APQN Tags Allow Deterministic Driver Binding

Provides deterministic hot-plugging semantics to enable the virtualization and unique determination of crypto adapters in KVM environments even if the associated hardware gets intermittently lost and reconnected.

8.5 Storage

8.5.1 zdsfs: Online VTOC Refresh

A Linux application can now access new data sets that were created after zdsfs was mounted without the need to remount zdsfs.

8.5.2 Persistent Device Configuration

The following SUSE-supplied commands are now deprecated:

  • ctc_configure

  • dasd_configure

  • qeth_configure

  • zfcp_disk_configure

  • zfcp_host_configure

These commands will be removed in a future release.

With SUSE Linux Enterprise Server 12 SP5, as an intermediate step, these scripts have been modified to use the IBM-supplied commands chzdev and lszdev.

If you are using the SUSE-supplied scripts, discontinue their use and directly use the commands chzdev and lszdev provided by IBM in the package s390-tools.

8.5.3 Enable Raw Track Access Without Prefix CCW

The DASD driver makes use of the Prefix CCW when accessing a DASD in raw track access mode. On some systems (e.g. zPDT), support for the Prefix CCW is not available. As a result, the raw track access mode cannot be used on those systems.

By enabling raw track access mode on zPDT, customers can easily move their Linux system volumes between zPDT and LPAR, allowing for greater flexibility during deployment of new setups.

8.5.4 Configurable IFCC Handling (Interface Control Check) for DASDs

Provides a possibility to direct IFCC messages to the kernel log again in addition to the actual path handling. Enables to switch off the actual handling of repeated IFCCs (i.e. removing paths) so that only IFCC messages are written to the log when thresholds are exceeded.

8.5.5 Split DIF and DIX Boot Time Controls

Enables the user to separately configure DIF and DIF+DIX integrity protection mechanisms for zFCP-attached SCSI devices.

8.5.6 scsi: zfcp: Add Port Speed Capabilities

Provides the possibility to display port speed capabilities for SCSI devices.

8.6 Virtualization

The following new features are supported in SUSE Linux Enterprise Server 12 SP5 under KVM:

8.6.1 Avoid Boot Failures After Changing Disks

On SUSE Linux Enterprise Server 12 virtual machines wopuld no longer boot after changing disks. In most cases this could be solved by changing dracut’s persistent_policy to by-path and then rebuild the initrds. There SUSE Linux Enterprise Server 12 SP5 persistent_policy=by-path is the new default for dracut.

8.6.2 Enhanced Hardware Diagnose Data for the Linux Kernel

Provide improved problem determination capabilities by passing Linux kernel information to hardware diagnose data.

8.6.3 zPCI Passthrough Support for KVM

Allow KVM to pass control over ROCE Express host devices to a KVM guest enabling workloads that require direct access to PCI functions.

8.6.4 Interactive Bootloader

Enable to interactively select boot entries to recover misconfigured KVM guests.

8.6.5 Huge Pages

Allow KVM guests to use huge page memory backing for improved memory performance for workloads running with large memory footprints.

8.6.6 Expose Detailed Guest Crash Information to the Hypervisor

Provides additional debug data for operating system failures that occur within a KVM guest.

8.6.7 New CPU Model IBM z14 ZR1

Provide the CPU model for the IBM z14 ZR1 to enable KVM guests to exploit new hardware features on the z14 ZR1.

8.6.8 New CPU Model IBM z15

Provide the CPU model for the IBM z15 to enable KVM guests to exploit new hardware features on the z15.

8.6.9 Secure Linux Boot Toleration

Linux operating system images using a secure boot on-disk format can now be run in KVM without modifications required, lowering the overall administrative overhead.

8.6.10 IPL Support for ECKD DASDs

KVM guests can now IPL from ECKD DASDs attached via CCW passthrough, which is provided as a technology preview in SUSE Linux Enterprise Server 12 SP5.

8.6.11 Dedicated CryptoExpress Adapter Domains for KVM Guests

Allows KVM to dedicate domains of CryptoExpress adapters as passthrough devices to a KVM guest such that the guest can direct crypto requests directly to the IBM Z firmware without the hypervisor being able to observe the communication of the guest with the device.

8.7 Miscellaneous

8.7.1 CONFIG_NUMA_EMU turned off

Turned off CONFIG_NUMA_EMU for s390x, which was also removed upstream because of limited benefit, to improve serviceability.

8.7.2 Kernel Parameter resume Removed

On SUSE Linux Enterprise the resume=…​ kernel parameter was enabled by default on all platforms. With SUSE Linux Enterprise Server 12 SP5 it is no longer enabled on s390x, because it is not used on the IBM Z platform.

9 ARM 64-Bit-Specific Features & Fixes (AArch64)

Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the AArch64 architecture.

9.1 cpufreq driver for Raspberry Pi

The cpufreq allowing the system to change its frequency dynamically, has been added. This makes the system use less power consumption when idle. Also, writing a configuration file to change the frequency is no longer necessary.

9.2 HDMI Audio support for Raspberry Pi 3

HDMI Audio support has been added for the Raspberry Pi 3 platform.

10 Known Issues & Workarounds

This is a list of known issues for this release.

10.1 User Login Fails After Upgrade

After upgrading from SLES 12 SP4 or earlier, a regular user cannot login to the system.

This is caused by the deprecation of pam_unix2 because of its issues with systemd. For information how to fix the issue, see https://www.suse.com/support/kb/doc/?id=000019703.

10.2 Installation on RAID10 Array Composed from SSD Drives Hangs on Discard Request

When setting up RAID 10 on four SSD drives during the installation, after choosing the target partition to create RAID, the progress bar will hang at 1% completed for some time (depending on the RAID size) before proceeding. This is a known performance issue on RAID 10 because the system takes time to split the large storage into many small ones. This issue only occurs once when setting up the RAID 10 and has no effect afterwards.

Upstream currently has no solution for it.

10.3 Installation in Text Mode: Switching the Keyboard Layout fails

When doing an installation in text mode, switching the keyboard layout in the Language, Keyboard, and License Agreement dialog does not work. The requested change does not get applied.

To work around this issue, make sure to choose a language on the boot screen. A corresponding keyboard layout will automatically be applied. On x86 and aarch64 machines with a traditional BIOS, press F2 on the boot screen to select a language. On x86 and aarch64 machines with EFI, append the language parameter to the kernel command line (e.g. Language=de_DE). For IBM Z you may set the language via the parmfile.

10.4 Installation in Text Mode: Russian, Korean, and Chinese EULA is not Displayed Correctly

When installing on the text console, the console as well as font is configured depending on the selected language. Because different languages use different sets of characters, it is not always possible to display the EULA in all languages.

If the EULA is not shown correctly in your preferred the language, either change the language in the Language selection screen of YaST (in order to load the proper font) or in the boot screen (in order to set-up the console properly). Translated EULAs are also available for download at https://www.suse.com/licensing/eula/.

10.5 Installation in Graphic Mode on IBM Z: Installation Fails with 1 GB RAM

When attempting to do an installation in graphic mode on IBM Z, the installation stops without completing on machines equipped with only 1 GB RAM.

To work around this issue, either perform a text mode installation or add more RAM. The graphical installation requires at least 1.5 GB of RAM.

10.6 Media Does Not Contain Translated Manuals in /docu

Former releases of SUSE Linux Enterprise Server contained translated manuals in the folder /docu on DVD1. 12 SP5 only contains English manuals in /docu on DVD1.

For 12 SP5 documentation translations were unfortunately not ready in time for building the product media. Rather than shipping outdated translations, we decided to remove translations from the /docu folder on the media.

12 SP5 continues to ship translated documentation as rpm packages. Up-to-date packages will be available as an online-update when 12 SP5 ships for the first time.

11 Removed and Deprecated Features and Packages

This section lists features and packages that got removed from SUSE Linux Enterprise Server or will be removed in upcoming versions.

11.1 Removed Features and Packages

The following packages have been removed in this release.

  • libibmad-devel

  • libipmctl2

  • libqpdf13

  • libreoffice-base-drivers-mysql

  • libsmbldap0

  • libsmbldap0-32bit

  • openscap-extra-probes

  • opensm-libs3

  • opensm-libs3-32bit

  • postgresql96

  • postgresql96-contrib

  • postgresql96-devel

  • postgresql96-docs

  • postgresql96-server

  • vaapi-intel-driver

  • xmlsec1-libgcrypt-devel

11.2 Deprecated Features and Packages

The following features and packages are deprecated and will be removed with a future service pack of SUSE Linux Enterprise Server.

Also see the following release notes:

11.2.1 Chelsio T3 Driver (cxgbe3) Is Deprecated

The driver for Chelsio T3 networking equipment (cxgbe3) is now deprecated and may become unsupported in a future Service Pack of SUSE Linux Enterprise Server 12.

12 Obtaining source code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/products/server/download/ on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.

A Kernel parameter changes

Warning
Warning

This list of changes may not be exhaustive.

A.1 During 12 SP5

These Linux kernel parameters have been changed during SLES 12 SP5.

SettingPrevious valueNew valuePackageMore details

net.ipv6.conf.lo.use_tempaddr

1

-1

wicked-0.6.68-3.16.1

Bug 1181163, Bug 1178357

Print this page