SUSE Linux Enterprise Server 12 SP5
Release Notes #
Abstract#
This document provides guidance and an overview to high-level general features and updates for SUSE Linux Enterprise Server 12 SP5. Besides architecture or product-specific information, it also describes the capabilities and limitations of SUSE Linux Enterprise Server 12 SP5.
The support period for SUSE Linux Enterprise Server 12 SP5 has ended. To keep systems secure and supported, upgrade to a current SUSE Linux Enterprise Server version. Before starting the upgrade, make sure to apply all maintenance updates.
- 1 About the release notes
- 2 SUSE Linux Enterprise Server
- 3 Modules, Extensions, and Related Products
- 4 Installation and Upgrade
- 5 Changes affecting all architectures
- 6 AMD64/Intel 64-Specific Features & Fixes (x86_64)
- 7 POWER-Specific Features & Fixes (ppc64le)
- 8 IBM Z-Specific Features & Fixes (s390x)
- 9 ARM 64-Bit-Specific Features & Fixes (AArch64)
- 10 Known Issues & Workarounds
- 10.1 User Login Fails After Upgrade
- 10.2 Installation on RAID10 Array Composed from SSD Drives Hangs on Discard Request
- 10.3 Installation in Text Mode: Switching the Keyboard Layout fails
- 10.4 Installation in Text Mode: Russian, Korean, and Chinese EULA is not Displayed Correctly
- 10.5 Installation in Graphic Mode on IBM Z: Installation Fails with 1 GB RAM
- 10.6 Media Does Not Contain Translated Manuals in /docu
- 11 Removed and Deprecated Features and Packages
- 12 Obtaining source code
- 13 Legal notices
- A Kernel parameter changes
1 About the release notes #
These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.
Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.
Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.
However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.
2 SUSE Linux Enterprise Server #
SUSE Linux Enterprise Server 12 SP5 is a highly reliable, scalable, and secure server operating system, built to power mission-critical workloads in both physical and virtual environments. It is an affordable, interoperable, and manageable open source foundation. With it, enterprises can cost-effectively deliver core business services, enable secure networks, and simplify the management of their heterogeneous IT infrastructure, maximizing efficiency and value.
The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux Enterprise Server is optimized to deliver high-performance mission-critical services, as well as edge of network, and web infrastructure workloads.
2.1 Interoperability and Hardware Support #
Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix and Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility.
This modular, general purpose operating system runs on four processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering.
SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription. This makes it the perfect guest operating system for virtual computing.
2.2 Important Sections of This Document #
If you are upgrading from a previous SUSE Linux Enterprise Server release, you should review at least the following sections:
2.3 Security, Standards, and Certification #
SUSE Linux Enterprise Server 12 SP5 has been submitted to the certification bodies for:
Common Criteria Certification, see https://www.commoncriteriaportal.org/
FIPS 140-2 validation, see http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf
For more information about certification, see https://www.suse.com/security/certificates.html.
2.4 Documentation and other information #
2.4.1 Available on the product media #
Read the READMEs on the media.
Get the detailed change log information about a particular package from the RPM (where
FILENAME.rpm
is the name of the RPM):rpm --changelog -qp FILENAME.rpm
Check the
ChangeLog
file in the top level of the installation medium for a chronological log of all changes made to the updated packages.Find more information in the
docu
directory of the installation medium of SUSE Linux Enterprise Server 12 SP5. This directory includes PDF versions of the SUSE Linux Enterprise Server 12 SP5 Installation Quick Start Guide.Get list of manual pages with usage information about a particular package from the RPM (where
FILENAME.rpm
is the name of the RPM):rpm --docfiles -qp FILENAME.rpm | grep man
2.4.2 Online documentation #
For the most up-to-date version of the documentation for SUSE Linux Enterprise Server 12 SP5, see https://documentation.suse.com/sles/12-SP5.
Find a collection of White Papers in the SUSE Linux Enterprise Server Resource Library at https://www.suse.com/products/server#resources.
2.5 Support and life cycle #
SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.
SUSE Linux Enterprise Server 12 has a 13-year life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (SP5) will be fully maintained and supported until 6 months after the end of the SUSE Linux Enterprise Server lifecycle. See https://www.suse.com/lifecycle for details.
If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support duration. You can buy an additional 12 to 36 months in twelve month increments. This means, you receive a total of 3 to 5 years of support per Service Pack.
For more information, check our Support Policy page https://www.suse.com/support/policy.html or the Long Term Service Pack Support Page https://www.suse.com/support/programs/long-term-service-pack-support.html.
2.6 Support statement for SUSE Linux Enterprise Server #
To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server.
The following definitions apply:
- L1
Problem determination, which means technical support designed to provide compatibility information, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation.
- L2
Problem isolation, which means technical support designed to analyze data, reproduce customer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3.
- L3
Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support.
For contracted customers and partners, SUSE Linux Enterprise Server is delivered with L3 support for all packages, except for the following:
Technology Previews, see Section 2.7, “Technology Previews”
Sound, graphics, fonts and artwork
Packages that require an additional customer contract, see Section 2.6.2, “Software requiring specific contracts”
Some packages shipped as part of the module Workstation Extension are L2-supported only
Packages with names ending in
-devel
(containing header files and similar developer resources) will only be supported together with their main packages.Packages provided as part of the Software Development Kit (SLE Software Development Kit)
SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.
2.6.1 General support #
To learn about supported features and limitations, refer to the following sections in this document:
2.6.2 Software requiring specific contracts #
Certain software delivered as part of SUSE Linux Enterprise Server may require an external contract.
Check the support status of individual packages using the RPM metadata that can be viewed with zypper
.
Major packages and groups of packages affected by this are:
PostgreSQL (all versions, including all subpackages)
2.7 Technology Previews #
Technology previews are packages, stacks, or features delivered by SUSE which are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are included for your convenience and give you a chance to test new technologies within an enterprise environment.
Whether a technology preview becomes a fully supported technology later depends on customer and market feedback. Technology previews can be dropped at any time and SUSE does not commit to providing a supported version of such technologies in the future.
Give your SUSE representative feedback about technology previews, including your experience and use case.
2.7.1 Technology Previews for All Architectures #
2.7.1.1 schedutil
#
schedutil
is a CPU frequency scaling governor that makes decisions based on the utilization data provided by the scheduler, as opposed to other governors that use CPU idle time, such as ondemand
.
It was introduced in the Linux kernel version 4.7.
However, it is only viable for production use together with an optimization called util_est
(short for "utilization estimation") that makes it much more responsive.
This optimization is only available in Linux kernel version 4.17 and newer.
For this reason it is only offered as technology preview in SLE 12 SP5.
2.7.2 Technology Previews for AMD64/Intel 64 64-Bit (x86_64) #
2.7.2.1 KVM Nested Virtualization #
KVM Nested Virtualization is available in SLE 12 SP5 as a technology preview. For more information, see the Linux kernel documentation.
2.7.2.2 Crystal Ridge: [HMEM] Hot Plug Device DAX Back Into the Kernel #
Hotplug support for NVDIMM as a normal memory is provided as a technology preview.
2.7.3 Software under GNU AGPL #
SUSE Linux Enterprise Server 12 SP5 (and the SUSE Linux Enterprise modules) includes the following software that is shipped only under a GNU AGPL software license:
Ghostscript (including subpackages)
SUSE Linux Enterprise Server 12 SP5 (and the SUSE Linux Enterprise modules) includes the following software that is shipped under multiple licenses that include a GNU AGPL software license:
MySpell dictionaries and LightProof
ArgyllCMS
3 Modules, Extensions, and Related Products #
This section comprises information about modules and extensions for SUSE Linux Enterprise Server 12 SP5. Modules and extensions add parts or functionality to the system.
3.1 Available Modules #
Warning
As of November 2024, SLES 12 SP5 is out of general support which also means that modules are no longer supported.
Modules are fully supported parts of SUSE Linux Enterprise Server with a different life cycle and update timeline. They are a set of packages, have a clearly defined scope and are delivered via an online channel only. Release notes for modules are contained in this document.
The following modules are available for SUSE Linux Enterprise 12 SP5:
Name | Content | Life Cycle |
---|---|---|
Advanced Systems Management Module | CFEngine, Puppet, Salt and the Machinery tool | Frequent releases |
Containers Module | Docker, tools, prepackaged images | Frequent releases |
HPC Module | Tools and libraries related to High Performance Computing (HPC) | Frequent releases |
Legacy Module1 |
| No updates, supported through March 2022 |
Public Cloud Module | Public cloud initialization code and tools | Frequent releases |
Toolchain Module | GNU Compiler Collection (GCC) | Yearly delivery |
Web and Scripting Module | PHP, Python, Ruby on Rails | 3 years, ~18 months overlap |
1 Module is not available for the AArch64 architecture.
For more information about the life cycle of packages contained in modules, see https://scc.suse.com/docs/lifecycle/sle/12/modules.
3.2 Available Extensions #
Extensions add extra functionality to the system and require their own registration key, usually at additional cost. Extensions are delivered via an online channel or physical media. In many cases, extensions have their own release notes documents that are available from https://www.suse.com/releasenotes.
The following extensions are available for SUSE Linux Enterprise Server 12 SP5:
SUSE Linux Enterprise Live Patching: https://www.suse.com/products/live-patching
SUSE Linux Enterprise High Availability Extension: https://www.suse.com/products/highavailability
Geo Clustering for SUSE Linux Enterprise High Availability Extension: https://www.suse.com/products/highavailability/geo-clustering Access to Geo Clustering is now included into the subscription for the High Availability Extension.
SUSE Linux Enterprise Real Time: https://www.suse.com/products/realtime
SUSE Linux Enterprise Workstation Extension: https://www.suse.com/products/workstation-extension
Additionally, there are the following extension which are not covered by SUSE support agreements, available at no additional cost and without an extra registration key:
SUSE Package Hub: https://packagehub.suse.com/
SUSE Linux Enterprise Software Development Kit
4 Installation and Upgrade #
SUSE Linux Enterprise Server can be deployed in several ways:
Physical machine
Virtual host
Virtual machine
System containers
Application containers
4.1 Installation #
This section includes information related to the initial installation of SUSE Linux Enterprise Server 12 SP5.
Important: Installation Documentation
The following release notes contain additional notes regarding the installation of SUSE Linux Enterprise Server. However, they do not document the installation procedure itself.
For installation documentation, see the Deployment Guide at https://documentation.suse.com/sles/12-SP5/singlehtml/book_sle_deployment/book_sle_deployment.html.
4.1.1 Setting CPU Mitigations #
The Linux kernel gained a boot option that controls the mitigations for recently discovered CPU vulnerabilities.
The installer now allows setting the mitigations level directly during the installation of the system, independently of whether the system is being installed manually or via AutoYaST.
The mitigations level can be set to "off", "automatic" or "automatic with disabled Simultaneous Multithreading".
4.2 Upgrade-Related Notes #
This section includes upgrade-related information for SUSE Linux Enterprise Server 12 SP5.
Important: Upgrade Documentation
The following release notes contain additional notes regarding the upgrade of SUSE Linux Enterprise Server. However, they do not document the upgrade procedure itself.
For upgrade documentation, see the Deployment Guide, Updating and Upgrading SUSE Linux Enterprise at https://documentation.suse.com/sles/12-SP5/html/SLES-all/part-update.html.
4.2.1 Make Sure the Current System Is Up-To-Date Before Upgrading #
Upgrading the system is only supported from the most recent patch level.
Make sure the latest system updates are installed by either running zypper patch
or by starting the YaST module Online-Update.
An upgrade on a system not fully patched may fail.
4.2.2 Skipping Service Packs Requires LTSS #
Skipping service packs during an upgrade is only supported if you have a Long Term Service Pack Support contract. Otherwise you first need to upgrade to SP4 before upgrading to SP5.
4.3 JeOS (Just enough Operating System) #
SUSE Linux Enterprise Server JeOS is a slimmed down form factor of SUSE Linux Enterprise Server that is ready to run in virtualization environment and cloud. With SUSE Linux Enterprise Server JeOS, you can choose the right sized SUSE Linux Enterprise Server option to fit your needs.
We are providing different virtual disk images for JeOS, using the .qcow2
, .vhdx
, and .vmdk
file formats respectively for KVM, Xen, OpenStack, Hyper-V, and VMware environments.
All JeOS images are setting up the same disk size (24 GB) for the JeOS system but due to the nature of the different file formats, the size of the JeOS images are different.
4.3.1 JeOS Images for Hyper-V and VMware Are Now Compressed #
Starting with SUSE Linux Enterprise Server 12 SP5, the JeOS images for Hyper-V and VMware using the .vhdx
and .vmdk
file formats respectively, are now compressed with the LZMA2 compression algorithm by default.
Therefore, we are now delivering these images in an .xz
file format, so you
need to decompress the image before using it in your Hyper-V or VMware environment by, for example, using the unxz
command.
The other JeOS images will remain uncompressed because the .qcow2
format already optimizes the size of the images.
4.3.2 firewalld not Available on the OpenStack JeOS Image #
Having a firewall inside an instance is unnecessary and confusing in an OpenStack environment since OpenStack provides security and network capabilities on a different level. OpenStack, for instance, uses security groups which block any incoming connection (no ICMP, no UDP, no TCP) by default. The OpenStack Administrator needs to explicitely enable ICMP and TCP via the security groups configuration, to ping and ssh into an instance.
The official OpenStack recommendation for Linux-based images is to disable any firewalls inside the image (see https://docs.openstack.org/image-guide/openstack-images.html ), so we decided to remove the package firewalld
from our OpenStack JeOS images.
4.3.3 kiwi-templates-SLES12-JeOS Package is Added to the SDK 12 SP5 #
The package kiwi-templates-SLES12-JeOS
contains the necessary files to create
and customize your own JeOS image.
In previous Service Pack this package was only provided in the download area of JeOS on https://download.suse.com/.
With SUSE Linux Enterprise Server 12 SP5, we are providing the kiwi-templates-SLES12-JeOS
package directly with the Software Development Kit 12 Service Pack 5 Media and its online channel.
4.4 For More Information #
For more information, see Section 5, “Changes affecting all architectures” and the sections relating to your respective hardware architecture.
5 Changes affecting all architectures #
Information in this section applies to all architectures supported by SUSE Linux Enterprise Server 12 SP5.
5.1 Authentication #
5.1.1 Notable Updates #
freeradius-server
: Updated to version 3.0.19.warnquota
: now supports LDAP as defaultOpenID is now supported. This feature is provided by
apache2-mod_auth_openidc
.
5.2 Base System #
5.2.1 Xorg Server Has Been Updated to Version 1.19.6-4.3.1 #
SUSE Linux Enterprise Server 12 SP5 now includes version 1.19.6-4.3.1 of these two packages:
xorg-x11-server
xorg-x11-server-extra
The previous version was 7.6_1.15.2-36.21.
5.2.2 Better NVDIMM support #
Updated the NVDIMM support and configuration utilities including ndctl
and others.
5.2.3 Default Size for Core Files Has Changed to unlimited
#
With systemd-coredump
as the default coredump handler, the coredumping logic on SUSE Linux Enterprise Server has been enabled for all services by default.
systemd-coredump
allows to store and manage the coredump in a more comprehensive and clean way.
Therefore the default size for core files has changed to unlimited
.
In previous versions of SUSE Linux Enterprise Server, the default size for core files was set to 0
.
To restore the previous behaviour, set
DefaultLimitCORE=0
in /etc/systemd/system.conf
.
5.2.4 General Changes #
Replaced init script of
ebtables
with systemd service filesar: Better logging information on system shutdown
Improved NoCOW settings, specifically in
/var/log
. It affects only new installations, the upgrade process does not touch storage settings.systemd: enabled GDPR compliant stack backtraces
5.2.5 Notable Updates #
Augeas was updated to version 1.10.1
autofs was updated to version 5.1.3
Intel VROC support was updated to latest version
5.3 Containers #
5.3.1 Packaged Docker Images Are No Longer Supported #
The packaged base container images like sles11sp4-docker-image
and suse-sles12sp3-image
that ship with the SLE 12 Containers module will not receive further updates.
We recommend using the SUSE Linux Enterprise Server 12 SP3 and newer images that can be obtained through the Docker registry at https://registry.suse.com.
5.3.2 New package: container-diff #
The new package provides the command line tool container-diff
. It allows
to analyze and compare certain criteria of container images including:
Docker Image History
Image file system
Image size
various software packages (RPM, apt, pip, npm)
These analyses can be performed on a single image, or a diff can be performed on two images to compare. The tool helps to better understand what is changing inside their images, and provides an overview of an image contains.
5.4 Databases #
5.4.1 unixODBC
package drivers not for production #
Drivers in the unixODBC
package are not suitable for production use.
The drivers are provided for test purposes only.
We have added a reference to the package’s README file with information about third-party unixODBC
drivers that are suitable for production use (http://www.unixodbc.org/drivers.html).
5.4.2 psqlODBC
Has Been Added #
The psqlODBC
package version 12.01.0000
has been added.
5.4.3 PostgreSQL 12 Has Been Added #
PostgreSQL 12 has been added to SUSE Linux Enterprise Server. PostgreSQL 10 remains available in SUSE Linux Enterprise Server 12 SP5.
For information about changes between PostgreSQL 10 and 12, see the upstream release notes:
With PostgreSQL 12, there are the following packaging changes:
Functionality that was available in the package
postgresql10-devel
is now split intopostgresql12-devel
(for building database clients) andpostgresql12-server-devel
(for building server extensions).There is a new optional package called
postgresql12-llvmjit
.
All new packages have an accompanying noarch
package without a version number in its name, such as postgresql-server-devel
and postgresql-llvmjit
.
5.5 Development #
5.5.1 nodejs16
has been added #
The nodejs16
package has been added to the Web and Scripting Module.
5.5.2 tcl
has been updated #
The tcl
package has been updated to version 8.6.12.
See the full changelog for more information.
5.5.3 Supported Java Versions #
The following table lists Java implementations available in SUSE Linux Enterprise Server 12 SP5:
Name (Package Name) | Version | Part of SUSE Linux Enterprise Server | Support |
---|---|---|---|
OpenJDK (java-11-openjdk) | 11 | SLES | SUSE, L3, until 2024-10-31[a] |
OpenJDK (java-1_8_0-openjdk) | 1.8.0 | SLES | SUSE, L3, until 2027-10-31 |
OpenJDK (java-1_7_0-openjdk) | 1.7.0 | SLES | SUSE, L3, until 2022-09-30 |
IBM Java (java-1_8_0-ibm) | 1.8.0 | SLES | External only, until 2025-04-30 |
IBM Java (java-1_7_1-ibm) | 1.7.1 | SLES | External only, until 2022-09-30 |
IBM Java (java-1_6_0-ibm) | 1.6.0 | Legacy Module | External only, until 2017-09-30 |
[a] OpenJDK 11 is guaranteed to work on SLES 12 SP5 and we provide quarterly security fixes. However, software intended for this version may not work and is not supported by SUSE. |
5.5.4 Git Has Been Updated to Version 2.26.2 #
SUSE Linux Enterprise Server now includes version 2.26.2 of the version control Git. This version of Git supports the SHA256 cipher.
Refer to the git Release Notes for more detailed information.
This update fixes the following security vulnerabilities:
5.5.5 PHP Has Been Updated to Version 7.4 #
We upgraded PHP to version 7.4 to provide you with the latest release. To learn more about PHP version 7.4, we recommend reading the PHP release announcement and the 7.3.x to 7.4.x migration guide.
As of January 2021, PHP 7.2 is no longer supported. For more information, see https://scc.suse.com/docs/lifecycle/sle/12/modules.
5.5.6 Python #
5.5.6.1 Added Basic Support for Python 3.6 #
In SUSE Linux Enterprise Server 12 SP5, we are enabling the latest Python 3.6 development which also enables machine-learning applications.
The Python 3.6 interpreter is shipped in the python36-base
package.
For more information, see the upstream release notes at https://docs.python.org/3/whatsnew/3.6.html.
5.5.6.2 Added tkinter with python-3.4 #
Python module allowing to use tensorflow with python 3.4
5.6 Desktop #
5.6.1 LibreOffice Has Been Updated to Version 7.3 #
LibreOffice has been updated to version 7.3. For information about major changes, see the LibreOffice 7.3 release notes at https://wiki.documentfoundation.org/ReleaseNotes/7.3.
5.6.2 Reduce Information on Logged Users During Logout #
When trying to restart or poweroff a system from GNOME or GDM, a list of other users currently logged in could be viewed by any non-privileged user.
This is no longer the case with SUSE Linux Enterprise 12 SP5.
5.6.3 Flatpak Available as Technology Preview #
Flatpak (1.4.x) is now available on SUSE Linux Enterprise 12 SP5, as Technology Preview.
Only command-line tools to install and run flatpaks are available.
5.6.4 Proper Unmount Notification in Nautilus #
When unmounting devices from the Nautilus file viewer, a notification confirming success was not properly displayed.
This issue is fixed in SUSE Linux Enterprise Server 12 SP5.
5.6.5 Mesa Update #
Mesa was updated to version 18.3.2, providing many bug fixes and support for Comet Lake U and Amber Lake Y chipsets.
5.6.6 Intel Graphics Memory Management Libray #
The Intel® Graphics Memory Management Library (gmmlib) provides device specific and buffer management for the Intel® Graphics Compute Runtime for OpenCL™ and the Intel® Media Driver for VAAPI.
gmmlib is available in SUSE Linux Enterprise Server 12 SP5 and the SDK.
5.6.7 intel-vaapi Driver Update #
The Intel® VAAPI driver (providing video acceleration for VA-API) was updated to version 2.2.0, providing support on Gemini Lake, Coffee Lake, Cannon Lake for many codecs (encoding and decoding).
5.6.8 Intel Media Driver for VAAPI #
The Intel® Media Driver for VAAPI is a new VA-API (Video Acceleration API) user mode driver supporting hardware accelerated decoding, encoding, and video post processing for GEN based graphics hardware.
The intel-media-driver
is available in SUSE Linux Enterprise Server 12 SP5.
5.6.9 Intel Media SDK #
The Intel® Media SDK provides a plain C API to access hardware-accelerated video decoding, encoding and filtering on Intel® Gen graphics hardware platforms. the implementation is written in C++ 11 with parts in C-for-Media (CM).
Supported video encoders: HEVC, AVC, MPEG-2, JPEG, VP9
Supported video decoders: HEVC, AVC, VP8, VP9, MPEG-2, VC1, JPEG
Supported video pre-processing filters: Color Conversion, Deinterlace, Denoise, Resize, Rotate, Composition
The Intel Media SDK is available in SUSE Linux Enterprise Server 12 SP5 and SDK.
5.7 File Systems #
5.7.1 Comparison of Supported File Systems #
SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.
y supported
n unsupported
Feature | Btrfs | XFS | Ext4 | OCFS 21 | ReiserFS2 |
---|---|---|---|---|---|
Supported in product | SLE | SLE | SLE | SLE HA | SLE |
Data/metadata journaling | N/A3 | n / y | y / y | n / y | n / y |
Journal internal/external | N/A3 | y / y | y / y | y / n | y / y |
Journal checksumming | N/A3 | y | y | y | n |
Subvolumes | y | n | n | n | n |
Offline extend/shrink | y / y | n / n | y / y | y / n4 | y / n |
Inode allocation map | B-tree | B+-tree | Table | B-tree | u. B*-tree |
Sparse files | y | y | y | y | y |
Tail packing | n | n | n | n | y |
Small files stored inline | y (in metadata) | n | y (in inode) | y (in inode) | y (in metadata) |
Defragmentation | y | y | y | n | n |
Extended file attributes/ACLs | y / y | y / y | y / y | y / y | y / y |
User/group quotas | n / n | y / y | y / y | y / y | y / y |
Project quotas | n | y | y | n | n |
Subvolume quotas | y5 | N/A | N/A | N/A | N/A |
Data dump/restore | n | y | n | n | n |
Block size default | 4 KiB6 | ||||
Maximum file system size | 16 EiB | 8 EiB | 1 EiB | 4 PiB | 16 TiB |
Maximum file size | 16 EiB | 8 EiB | 1 EiB | 4 PiB | 1 EiB |
1 OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.
2 ReiserFS is supported for existing file systems. The creation of new ReiserFS file systems is discouraged.
3 Btrfs is a copy-on-write file system.
Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in.
Until the last write, the changes are not "committed".
Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups
).
4 To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted.
5 Btrfs quota groups can incur degraded performance on SUSE Linux Enterprise Server 12.
6 The block size default varies with different host architectures.
64 KiB is used on POWER, 4 KiB on other systems.
The actual size used can be checked with the command getconf PAGE_SIZE
.
Additional Notes
Maximum file size above can be larger than the file system’s actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 263 bytes in theory.
The numbers in the table above assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different.
In this document:
1024 Bytes = 1 KiB
1024 KiB = 1 MiB;
1024 MiB = 1 GiB
1024 GiB = 1 TiB
1024 TiB = 1 PiB
1024 PiB = 1 EiB.
See also http://physics.nist.gov/cuu/Units/binary.html.
Some file system features are available in SUSE Linux Enterprise Server 12 SP5 but are not supported by SUSE.
By default, the file system drivers in SUSE Linux Enterprise Server 12 SP5 will refuse mounting file systems that use unsupported features (in particular, in read-write mode).
To enable unsupported features, set the module parameter allow_unsupported=1
in /etc/modprobe.d
or write the value 1
to /sys/module/MODULE_NAME/parameters/allow_unsupported
.
However, note that setting this option will render your kernel and thus your system unsupported.
5.7.2 Supported Btrfs Features #
The following table lists supported and unsupported Btrfs features across multiple SLES versions.
y supported
n unsupported
Feature | SLES 11 SP4 | SLES 12 SP3 | SLES 12 SP4 | SLES 12 SP5 | SLES 15 GA | SLES 15 SP1 |
---|---|---|---|---|---|---|
Copy on Write | y | y | y | y | y | y |
Free Space Tree (Free Space Cache v2) | n | n | n | n | n | y |
Snapshots/Subvolumes | y | y | y | y | y | y |
Swap Files | n | n | n | n | n | y |
Metadata Integrity | y | y | y | y | y | y |
Data Integrity | y | y | y | y | y | y |
Online Metadata Scrubbing | y | y | y | y | y | y |
Automatic Defragmentation | n | n | n | n | n | n |
Manual Defragmentation | y | y | y | y | y | y |
In-band Deduplication | n | n | n | n | n | n |
Out-of-band Deduplication | y | y | y | y | y | y |
Quota Groups | y1 | y1 | y1 | y1 | y | y |
Metadata Duplication | y | y | y | y | y | y |
Changing Metadata UUID | n | n | n | n | n | y |
Multiple Devices | n | y | y | y | y | y |
RAID 0 | n | y | y | y | y | y |
RAID 1 | n | y | y | y | y | y |
RAID 5 | n | n | n | n | n | n |
RAID 6 | n | n | n | n | n | n |
RAID 10 | n | y | y | y | y | y |
Hot Add/Remove | n | y | y | y | y | y |
Device Replace | n | n | n | n | n | n |
Seeding Devices | n | n | n | n | n | n |
Compression | n | y | y | y | y | y |
Big Metadata Blocks | n | y | y | y | y | y |
Skinny Metadata | n | y | y | y | y | y |
Send Without File Data | n | y | y | y | y | y |
Send/Receive | n | y | y | y | y | y |
Inode Cache | n | n | n | n | n | n |
Fallocate with Hole Punch | n | y | y | y | y | y |
1 Btrfs quota groups can incur degraded performance on SUSE Linux Enterprise Server 12.
5.7.3 Notable Updates #
multipath-tools
: Now includes a new prioritizer based on a latency algorithmquota-tools
: Added support for HPE XFS.
5.8 Kernel #
Also see the following:
5.8.1 Unprivileged eBPF usage has been disabled #
A large amount of security issues was found and fixed in the Extended Berkeley Packet Filter (eBPF) code. To reduce the attack surface, its usage has been restricted to privileged users only.
Privileged users include root
.
Programs with the CAP_BPF
capability in the newer versions of the Linux kernel can still use eBPF as-is.
To check the privileged state, you can check the value of the /proc/sys/kernel/unprivileged_bpf_disabled
parameter.
Value of 0 means "unprivileged enable", and value of 2 means "only privileged users enabled".
This setting can be changed by the root
user:
to enable it temporarily for all users by running the command
sysctl kernel.unprivileged_bpf_disabled=0
to enable it permanently by adding
kernel.unprivileged_bpf_disabled=0
to the/etc/sysctl.conf
file.
5.8.2 Support for Hygon Dhyana CPUs #
SUSE Linux Enterprise Server 12 SP5 now supports the Hygon Dhyana CPUs. They are AMD-based CPUs produced in China by a joint venture between AMD and Hygon.
5.8.3 IOMMU Passthrough is now Default on all Architectures #
Passthrough mode provides improved I/O performance, especially for high-speed devices, because DMA remapping is not needed for the host (bare-metal or hypervisor).
IOMMU passthrough is now enabled by default in SUSE Linux Enterprise products.
Therefore, you no longer need to add iommu=pt
(Intel 64/AMD64) or iommu.passthrough=on
(AArch64) on the kernel command line.
To disable passthrough mode, use iommu=nopt
(Intel 64/AMD64) or iommu.passthrough=off
(AArch64), respectively.
5.8.4 Enable NVDIMMs in Memory Mode #
Due to missing auto detection by the hardware, enabling NVDIMMs in memory mode, requires the kernel boot parameter page_alloc.shuffle=1
.
5.8.5 Kernel Firmware Shipped in kernel-firmware
Package #
In past releases, the kernel-default
package contained firmware for in-kernel drivers.
Starting with SUSE Linux Enterprise Server 12 SP3, such firmware is delivered as part of the package kernel-firmware
.
5.8.6 Kernel Limits #
This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 12 SP5.
SLES 12 SP5 (Linux 4.12) | AMD64/Intel 64 (x86_64) | IBM Z (s390x) | POWER (ppc64le) | ARMv8 (AArch64) |
---|---|---|---|---|
CPU bits | 64 | 64 | 64 | 64 |
Maximum number of logical CPUs | 8192 | 256 | 2048 | 480 |
Maximum amount of RAM (theoretical/certified) | > 1 PiB/64 TiB | 10 TiB/256 GiB | 1 PiB/64 TiB | 256 TiB/n.a. |
Maximum amount of user space/kernel space | 128 TiB/128 TiB | n.a. | 512 TiB1/2 EiB | 256 TiB/256 TiB |
Maximum amount of swap space | Up to 29 * 64 GB | Up to 30 * 64 GB | ||
Maximum number of processes | 1048576 | |||
Maximum number of threads per process | Upper limit depends on memory and other parameters (tested with more than 120,000)2. | |||
Maximum size per block device | Up to 8 EiB on all 64-bit architectures | |||
FD_SETSIZE | 1024 |
1 By default, the user space memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 512 TiB.
2 The total number of all processes and all threads on a system may not be higher than the "maximum number of processes".
5.9 Networking #
5.9.1 chrony
has been updated #
The chrony
package has been updated to version 4.1.
Be aware especially about the following potential incompatible changes:
See the full changelog for more information.
5.9.2 Samba #
The version of Samba shipped with SUSE Linux Enterprise Server 12 SP5 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 12 SP5.
5.9.2.1 Samba has been updated #
The samba
package has been updated to version 4.15.
This update will require also updating other packages depending on it, namely:
apparmor
cacertificates
gnutls
libldb
libnettle
libtalloc
libtdb
libtevent
p11-kit
sssd
After the update, the ldb
and tdb
files created by samba
(internal databases in /var/lib/samba/**
) should be managed with the tools installed in /usr/lib[64]/samba/bin/
.
The reason is that we are not updating these libraries because the newer versions required by samba
4.15 do not provide Python 2 bindings and we can not remove them with the update, so we built samba
with the libraries bundled in.
The system’s talloc
, tdb
, tevent
, and ldb
packages will not be modified by the update so the databases created using them (not by samba
) must be administrated with the tools provided by the system’s ldb-tools
and tdb-tools
packages as before the update.
5.9.2.2 DFS share failover when remounting #
Previously, when a DFS (Distributed File System) target link changed, it was necessary to manually unmount and remount the filesystem.
Now the switch is done automatically.
5.9.3 NFSv4 #
NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported.
5.9.3.1 gssproxy #
gssproxy
comes with added suppoprt for kerberos authentication on NFSv4.
5.9.5 Wicked #
5.9.5.1 Packaging #
The wicked library (package libwicked
) is no longer shipped in a separate package, but part or the package wicked
.
5.9.5.2 DHCPv6 Prefix-Length #
In accordance with RFC5942 Wicked no longer assumes a /64
default prefix-length for the DHCPv6 addresses.
To use DHCPv6 on networks missing IPv6 Router advertisements that provide the prefix-length of the local network, you need to configure this value.
To do so, set the DHCLIENT6_ADDRESS_LENGTH
ifcfg-variable in /etc/sysconfig/network/dhcp
to the prefix-length, for example:
DHCLIENT6_ADDRESS_LENGTH=64
Alternatively configure the radvd daemon on a (router) machine in the network to provide the router advertisements.
If you are installing SUSE Linux Enterprise Server 12 SP5 in a network missing IPv6 router advertisements, use the ifcfg boot parameter on the kernel command line to set the prefix-length, for example:
ifcfg=*=dhcp,DHCLIENT6_MODE=managed,DHCLIENT6_ADDRESS_LENGTH=64
5.9.6 Notable Network Package Updates #
freeradius-server-3.0.19
rsync 3.1.3
squid-4.8
warnquota now supports ldap
5.9.7 New GeoIP Database Sources #
The GeoIP databases allow approximately geo-locating users by their IP address. In the past, the company MaxMind made such data available for free in its GeoLite Legacy databases. On January 2, 2019, MaxMind discontinued the GeoLite Legacy databases, now offering only the newer GeoLite2 databases for download. To comply with new data protection regulation, since December 30, 2019, GeoLite2 database users are required to comply with an additional usage license. This change means users now need to register for a MaxMind account and obtain a license key to download GeoLite2 databases. For more information about these changes, see the MaxMind blog.
SUSE Linux Enterprise Server includes the GeoIP
package of tools that are only compatible with GeoLite Legacy databases.
As an update for SUSE Linux Enterprise Server 12 SP5, we introduce the following new packages to deal with the changes to the GeoLite service:
geoipupdate
: The official Maxmind tool for downloading GeoLite2 databases. To use this tool, set up the configuration file with your MaxMind account details. This configuration file can also be generated on the Maxmind web page. For more information, see https://dev.maxmind.com/geoip/geoip2/geolite2/.geolite2legacy
: A script for converting GeoLite2 CSV data to the GeoLite Legacy format.geoipupdate-legacy
: A convenience script that downloads GeoLite2 data, converts it to the GeoLite Legacy format, and stores it in/var/lib/GeoIP
. With this script, applications developed for use with the legacygeoip-fetch
tool will continue to work.
5.10 Performance Related Information #
5.10.1 supportconfig
SAP plugin has been added #
A SAP plugin for supportconfig
has been added. This plugin collects information about SAP applications to enhance support for SAP customers.
5.11 Security #
5.11.1 openSSH 8.4 #
A parallel, installable version of the openssh
package is now available.
The default openssh
version is kept due to incompatibility.
Transition to openssh
8.4 needs to be started manually by doing:
zypper in openssh8.4-server
zypper in openssh8.4-clients
When zypper
prompts you, select de-installation of the regular openssh
and
installation of the new openssh8.4
packages.
After doing this review if the service starts or if it needs configuration adjustments.
For more information see https://lists.suse.com/pipermail/sle-updates/2024-March/034754.html.
5.11.2 Restricting privilege listing with sudo
#
Previously, user with ALL
commands allowed in the /etc/sudoers
file could list other users' (including root’s) privileges using the -U
and -l
options.
This has been restricted only to users which have ALL
privileges specified in the /etc/sudoers
file.
5.11.3 sudo
has been updated #
The sudo
package has been updated to the version 1.8.27.
Among others, there are the following notable changes:
PAM account management modules and BSD authentication approval modules are now run even when no password is required.
The LDAP and SSS back-ends now use the same rule evaluation code as the
sudoers
file backend.On systems using PAM,
sudo
now ignores thePAM_NEW_AUTHTOK_REQD
andPAM_AUTHTOK_EXPIRED
errors from PAM account management if authentication is disabled for the user.
5.11.4 Upgraded mod_nss
to Enable TLS 1.3 #
The Network Security Services module for the Apache2 server (apache2-mod_nss
) was updated to version 1.0.17.
This enables the server to handle connections via the more secure TLS 1.3 protocol.
5.11.5 Kernel Parameter fs.protected_hardlinks
#
The kernel parameter fs.protected_hardlinks
is active by default in SUSE products.
Deactivating it introduces additional vectors for malicious local users to escalate their privileges.
If you need to deactivate it please refer to this knowledge base article for additional information.
5.11.6 Added SELinux Policy Core Utilities #
The Package policycoreutils
contains utilities required for the basic operation of a SELinux system.
These utilities include load_policy
to load policies, setfiles
to label filesystems, newrole
to switch roles, and run_init
to run /etc/init.d
scripts in the proper context.
5.11.7 ibmtss
Update Changes Path to Binaries #
IBM’s TPM 2.0 TSS implementation has been updated upstream.
The update now allows to install binaries in /usr/bin/
rather than having to copy them manually into a custom directory.
As a consquence, the binaries had to be renamed in order to not conflict with other programs of the same name.
All binaries shipped with the ibmtss
package are now prefixed with tss
.
So /usr/lib/ibmtss/hash
for example, is now available as /usr/bin/tsshash
.
5.11.8 Notable Updates #
gssproxy
: Added support for Kerberos authentication on NFSv4.
5.12 Storage #
5.12.1 XFS V4 format file systems have been deprecated #
Customers who have created XFS file system on SLE 11 or prior will see the following message:
Deprecated V4 format (crc=0) will not be supported after September 2030
While the file system will work and be supported until the date mentioned, it is best to re-create the file system:
Backup all the data to another drive or partition
Create the file system on the device
Restore the data from the backup
5.13 Systems Management #
5.13.1 rsyslog
has been updated #
The rsyslog
package has been updated from version 8.24 to 8.2106.
There were the following notable changes:
Features
module
guardtime
removed (functionality now inksi
modules, see https://www.rsyslog.com/deprecated-how-to-sign-log-messages-through-signature-provider-guardtime/)module
lmstrmsrv.so
removed (no longer needed)module
openSSL
adddedmodule
fmhash.so
(new hash function module) addedmodule
fmhttp.so
(function module for HTTP functions) added
Dependencies
updated library versions for:
libfastjson
,liblognorm
,librelp
Files
rsyslog.service
andjournald-rsyslog.conf
added
5.13.2 Salt Has Been Updated to Version 3000 #
Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.
As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.
Salt 3000 is the last version of Salt which will support the old syntax of the cmd.run
module.
5.13.3 Snapper’s Space-Aware Snapshot Cleanup Has Been Improved #
Previously, the space-aware cleanup of snapshots integrated in Snapper only looked at the disk space used by all snapshots. In certain cases, this narrow focus meant that the file system ran out of space anyway.
Starting with SUSE Linux Enterprise Server 12 SP5, the space-aware cleanup of Snapper additionally looks at the free space of the file system and keeps the file system at least 20 percent free.
5.13.4 Samba Identity Mapping Backends #
The Windows Domain Membership YaST module (yast-samba-client
) has been updated
to handle the new Samba idmap
backend mappings. Previously, the YaST
module would only configure Samba to use the tdb
back-end,
which does not map users consistently on every Linux client. The module
also configured Samba idmap
with a deprecated syntax.
Now the Windows Domain Membership module configures a host by default
using the rid
back-end, which will provide more consistent SID to uid
mappings between clients. It also uses the newer Samba idmap
syntax
in the smb.conf
.
In addition to defaulting to a better idmap
back-end, SUSE Linux Enterprise Server 12 SP5
allows you to modify
which configuration is chosen from the Domain Join dialog. Advanced
options include the idmap
back-ends tdb
, ad
, rid
, and autorid
.
Each back-end has its advantages and drawbacks.
For more information, see https://www.suse.com/support/kb/doc/?id=7007006 and
the man page of idmap
.
5.14 Virtualization #
For more information about acronyms used below, see the virtualization documentation provided at https://documentation.suse.com/sles/12-SP5/.
5.14.1 Supported Live Migration Scenarios #
You can migrate a virtual machine from one physical machine to another. The following live migration scenarios are supported under both KVM and Xen:
SLES 12 SP4 to SLES 12 SP5
SLES 12 SP5 to SLES 12 SP5
SLES 12 SP5 to SLES 15 SP1
In addition, SUSE strives to support live migrations of VM guests from VM hosts running an LTSS-supported service pack of SLES to newer service packs of the same SLES major version. As an example, a migration of a VM guest from a SLES 12 SP2 host to a SLES 12 SP5 host is supported in this way. SUSE only performs minimal testing of these migration scenarios. We recommend thorough on-site testing before migrating critical VM guests in such scenarios.
5.14.2 Supported KVM/Xen Guests and Hosts #
For information on supported KVM and Xen guests and hosts, see the SUSE Linux Enterprise Server Virtualization Guide at https://documentation.suse.com/sles/12-SP5/html/SLES-all/cha-virt-support.html.
5.14.3 KVM #
5.14.3.1 KVM Limits #
Maximum VMs per Host | Unlimited (total number of virtual CPUs in all guests being no greater than 8 times the number of CPU cores in the host). |
---|---|
Maximum Virtual CPUs per VM | 288 |
Maximum Memory per VM | 4 TiB |
Virtual Host Server (VHS) limits are identical to those of SUSE Linux Enterprise Server.
5.14.4 Xen #
5.14.4.1 Running Xenstore in a separate Stub Domain (stubdom
) #
Since Xen 4.9, it is easy to configure Xenstore to run in a separate stubdom
instead of dom0
.
stubdom
is a lightweight "service" or "driver" domain.
Running Xenstore as a stubdom
increases safety, stability, and improves response times of Xenstore in case dom0
is under heavy load.
The memory configuration (initial size, maximum size) is done via entries in the /etc/sysconfig/xencommon
file.
The Xenstore stubdom
will automatically increase in size according to memory needs.
There are no devices for the domain and no extra action or specific maintenance required, apart from the above configuration.
Because Xenstore must be available all the time, saving, restoring, migrating, and stopping of the domain is prohibited.
5.14.4.2 Xen 4.12 #
Includes improved security mitigation support
Includes an update for the file
xen-dom0-modules.service map
. xenlinux modules that lack aliases are ignored to avoid error messages from modprobe about unknown modules (fixes bsc#1137251).Starting with this release autoballooning is disable by default in
xl.conf
.
5.14.4.3 Xen Limits #
Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as a virtualization host. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.
Feature | Limit |
---|---|
Maximum Physical CPUs per Host | 1024 |
Maximum Physical Memory per Host | 16 TiB |
Maximum Virtual CPUs per Host | Unlimited (total number of virtual CPUs in all guests being no greater than 8 times the number of CPU cores in the host). |
Maximum Physical Memory for Dom0 | 500 GiB |
Maximum Virtual CPUs per VM1 | FV: 128, PV: 512 |
Maximum Memory per VM | 16 GiB x86_32, 2 TiB x86_64 |
Maximum number of block devices | 12,000 SCSI logical units |
Suspend and hibernate modes | Not supported |
1 PV: Paravirtualization, FV: Full virtualization
5.14.5 Containers #
5.14.5.1 Windows Subsystem for Linux (WSL) Image #
The Windows Subsystem for Linux (WSL) Image for SUSE Linux Enterprise Server 12 SP5 can be used with both WSL and WSL 2, there is no separate image for WSL 2. The Image will receive regular updates.
5.14.6 libvirt #
5.14.6.1 Important Changes #
Includes a fix to set
max_grant_frames
for domUs via libvirt (fixes bsc#1126325)Xen PVH has been temporarily disabled until the feature is better usable (fixes bsc#1125889)
virsh now supports setting the precopy bandwidth for migrations (fixes bsc#1145586)
libvirt now supports the Cascadelake-Server CPU model
qemu: fix default value of
security_default_confined
(disabled by default)qemu: Add support for overriding the maximum threads per process limit (fixes bsc#1133719)
cpu_map: add cpu feature md-clear (fixes CVE-2018-12126)
5.14.7 Vagrant #
Vagrant is a tool that provides a unified workflow for the creation, deployment and management of virtual development environments. It abstracts away the details of various Virtualization providers (like VirtualBox, VMWare or libvirt) and provides a uniform and simple configuration file, that allows developers and operators to quickly spin up a VM of any Linux distribution.
A new VM can be launched with Vagrant via the following set of commands. The example uses the Vagrant Box for openSUSE Tumbleweed:
vagrant init opensuse/Tumbleweed.x86_64
vagrant up
# your box is now going to be downloaded and started
vagrant ssh
# and now you've got ssh access to the new VM
5.14.7.1 Vagrant Boxes for SUSE Linux Enterprise Server #
Starting with SUSE Linux Enterprise Server 12 SP5, we are providing official Vagrant Boxes for SUSE Linux Enterprise Server for x86_64 and aarch64 (only for the libvirt provider). These boxes come with the bare minimum of packages to reduce their size and are not registered, thus users need to register the boxes prior to further provisioning.
The VirtualBox provider is compatible with VirtualBox versions 4.0.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x, 5.1.x, 5.2.x, 6.0.x, and 6.1.x. The boxes are tested with the latest Vagrant version only but as they do not use any specific features, they should work with any of the Vagrant 2.2.x releases.
These boxes are only available for direct download via SCC and must be manually registered with Vagrant as follows:
vagrant box add --name SLES-12-SP5 SLES12-SP5-Vagrant.x86_64-12.5-libvirt-*.vagrant.libvirt.box
The box is then available under the name SLES-12-SP5 and can be used as all other Vagrant boxes:
vagrant init SLES-12-SP5
vagrant up
vagrant ssh
5.14.7.2 aarch64 Support #
The Vagrant Box is also available for the aarch64 architecture using the libvirt provider. It has been pre-configured for the usage on SUSE Linux Enterprise Server on aarch64 and might not launch on other operating systems without additional settings. Running it on other architectures than aarch64 is not supported.
In case the box fails to start with a libvirt error message, add the following to your Vagrantfile and adjust the variables according to the guest operating system:
config.vm.provider :libvirt do |libvirt|
libvirt.driver = "kvm"
libvirt.host = 'localhost'
libvirt.uri = 'qemu:///system'
libvirt.host = "main"
libvirt.features = ["apic"]
# path to the UEFI loader for aarch64
libvirt.loader = "/usr/share/qemu/aavmf-aarch64-code.bin"
libvirt.video_type = "vga"
libvirt.cpu_mode = "host-passthrough"
libvirt.machine_type = "virt-3.1"
# path to the qemu aarch64 emulator
libvirt.emulator_path = "/usr/bin/qemu-system-aarch64"
end
5.15 Miscellaneous #
5.15.1 adcli
now supports setting password expiry #
The adcli
command now supports the --dont-expire-password
parameter.
This parameter sets or unsets the DONT_EXPIRE_PASSWORD
flag in the userAccountControl
attribute to indicate if the machine account password should expire or not.
By default adcli
will set this flag while joining the domain which corresponds to the default behavior of Windows clients.
5.15.2 /var/run
is now volatile #
Previously, the /var/run
directory was not volatile.
In SLES 12, this has been changed, and /var/run
is now volatile.
5.15.3 Enriched system visibility in the SUSE Customer Center (SCC) #
SUSE is committed to helping provide better insights into the consumption of SUSE subscriptions regardless of where they are running or how they are managed; physical or virtual, on-prem or in the cloud, connected to SCC or Repository Mirroring Tool (RMT), or managed by SUSE Manager. To help you identify or filter out systems in SCC that are no longer running or decommissioned, SUSEConnect now features a daily “ping”, which will update system information automatically.
For more details see the documentation at https://documentation.suse.com/subscription/suseconnect/single-html/SLE-suseconnect-visibility/.
6 AMD64/Intel 64-Specific Features & Fixes (x86_64) #
Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the AMD64/Intel 64 architectures.
6.1 Running 32-bit applications #
SUSE does not support 32-bit development on SLE 12 SP5. 32-bit runtime environments are available with SLE 12 SP5. If there is a need to develop 32-bit applications to run in the SLE 12 SP5 32-bit runtime environment, use the SLE 11 32-bit development tools to create these applications.
6.2 Notable Updates #
6.2.1 Virtualization #
Subpage protechtion
Support for new Tremont AiA instructions
Model-specific Split Lock Disable support
new CLDEMOT instructions (SnowRidge)
PT v4 (Intel Processor Trace buffer) for SnowRidge,
enable ICX NIs for XEN
6.2.2 Driver Updates #
e1000e
fm10k
i40e
i40iw
iavf (i40evf)
ice
icrdma
igb
igbvf
igc
ixgbe
ixgbevf
6.2.3 Package Updates #
ipmctl
ledmon
mdadm
6.2.4 Hardware #
Extened Crystal Ridge support
Extended Intel omni-path architecture support
Extended Jacobsville support for
SPI-NOR
GPIO
new enumeration of #AC for split lock
Whitley/Icelake-SP Platform patches adding enhancements like
rep mov
for memcpy_mcsafe
6.3 Intel Optane DC Persistent Memory Operating Modes #
Intel Optane DC Persistent Memory has two operating modes, AppDirect mode and Memory Mode.
In Memory Mode, the Optane DIMMs serve as cost-effective DRAM replacement. To applications the Optane memory is presented as volatile memory (that is, not persistent), just like on DRAM-only systems. In reality this is a combination of Optane and DRAM, where DRAM acts as a cache for the most frequently-accessed data, while the Optane persistent memory provides large memory capacity. The setup is slower with random access workloads than on DRAM-only systems, but allows for higher capacity memory and is more cost-effective. In this mode, data is not persistent, which means it is lost when the system is powered off.
Intel Optane running in memory mode is supported with SUSE Linux Enterprise Server running on certified platforms. Users running applications that take advantage of this mode must understand that without specific enhancements performance may decrease.
Direct any hardware related questions at your hardware partner. SUSE works with all major hardware vendors to make the use of Intel Optane a perfect user experience on the operating system level and open-source infrastructure level.
6.4 Intel Omni-Path Architecture (OPA) Host Software #
Intel Omni-Path Architecture (OPA) host software is fully supported in SUSE Linux Enterprise Server 12 SP5.
Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment.
For instructions on installing Intel Omni-Path Architecture documentation, see https://cdrdv2.intel.com/v1/dl/getContent/617176.
6.5 sysfs Support for Dirty Shutdown Count #
ACPI 6.3 introduces an a unlatched shutdown count. This will be supported by adding a static attribute to nmemX/nfit/. On machines that do not have ACPI 6.3, a fallback (NVDIMM_FAMILY_INTEL) is provided.
6.6 Miscellaneous #
VMA based swap readahead
7 POWER-Specific Features & Fixes (ppc64le) #
Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the POWER architecture.
7.1 Support for ibmvnic Networking Driver #
The kernel device driver ibmvnic
provides support for vNIC (virtual Network Interface Controller) which is a PowerVM virtual networking technology that delivers enterprise capabilities and simplifies network management on IBM POWER systems.
It is an efficient high-performance technology.
When combined with SR-IOV NIC, it provides bandwidth control Quality of Service (QoS) capabilities at the virtual NIC level. vNIC significantly reduces virtualization overhead resulting in lower latencies and fewer server resources (CPU, memory) required for network virtualization.
For a detailed support statement of ibmvnic in SLES, see https://www.suse.com/support/kb/doc/?id=7023703.
7.2 Speed of ibmveth
Interface Not Reported Accurately #
The ibmveth
interface is a paravirtualized interface.
When communicating between LPARs within the same system, the interface’s speed is limited only by the system’s CPU and memory bandwidth.
When the virtual Ethernet is bridged to a physical network, the interface’s speed is limited by the speed of that physical network.
Unfortunately, the ibmveth
driver has no way of determining automatically whether it is bridged to a physical network and what the speed of that link is.
ibmveth
therefore reports its speed as a fixed value of 1 Gb/s which in many cases will be inaccurate.
To determine the actual speed of the interface, use a benchmark.
Using ethtool
, you can then set a more accurate displayed speed.
8 IBM Z-Specific Features & Fixes (s390x) #
Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP5 for the IBM Z architecture. For more information, see https://www.ibm.com/docs/en/linux-on-systems?topic=distributions-suse-linux-enterprise-server
8.1 Hardware #
8.1.1 Valgrind IBM z13 Support #
Valgrind now includes instruction support for IBM z13 instructions. This enables debugging and validation of binaries built and optimized for IBM z13. In particular this covers the vector instruction set extensions introduced with IBM z13.
8.1.2 Support for IBM z15 in binutils and glibc #
Binutils and glibc have been updated to support instructions introduced with IBM z15.
8.1.3 Compression Improvements for zlib #
The zlib library has been updated to exploit the IBM z15 compression capabilities.
8.1.4 Compression Improvements for gzip #
The gzip tool has been updated to exploit the IBM z15 compression capabilities.
8.1.5 Performance Counters for IBM z15 (CPU-MF) #
For optimized performance tuning the CPU-measurement counter facility now supports counters, including the MT-diagnostic counter set, that were originally introduced with IBM z14.
8.1.6 Collecting NVMe-Related Debug Data #
To debug NVMe devices, the debug data gets collected and added to the dbginfo.sh script.
8.1.7 PCI Error Reporting Tool #
Defective PCIe devices are now reported via error notification events that include health information of the adapters.
8.2 Network #
8.2.1 OSA-Express7S Adapters are now Supported #
With the OSA 7 network cards a link speed of 25Gb/s is supported.
8.2.2 Full-blown TCP Segmentation Offload #
TCP segmentation offload is now supported on both layer 2 and layer 3 and is extended to IPv6.
8.2.3 Handle Provisioned MAC Addresses #
You can now use provisioned MAC addresses for devices supported with IBM z14 and later hardware.
8.3 Performance #
8.3.1 Synthesize perf Events/Samples from CPU-MF auxtrace Data #
Enhance perf tool to synthesize perf diagnostic events and samples saved in the auxtrace buffer. The auxtrace buffer contains basic- and diagnostic sampling data entries.
8.3.2 CPU-MF/perf: Export Sampling Data for Post-Processing #
Enhance the hardware sampling in the perf PMU driver to export additional information for improved perf tool post processing. Display address and function name where sample was taken.
8.3.3 Network Performance Improvements #
Enhanced performance for OSA and Hipersockets via code improvements and exploitation of further kernel infrastructure.
8.4 Security #
8.4.1 SIMD Implementation of Chacha20 in OpenSSL #
This enables support for TLS 1.3 via the Chacha20 cipher suite providing good performance using SIMD instructions.
8.4.2 SIMD Implementation of Poly1305 in OpenSSL #
This enables support for TLS 1.3 via the Poly1305 cipher suite providing good performance using SIMD instructions.
8.4.3 Support of CPACF Hashes in ep11 Token in openCryptoki and libica #
Provides improved performance for applications computing many digital signatures using EP11 like Blockchain.
8.4.4 In-kernel Crypto: Support for Protected Keys Generated by random in the paes Module #
This feature can generate volatile protected keys. This allows, for example, the secure encryption of swap volumes without the need for a CryptoExpress adapter
8.4.5 New Tool zcryptstats
to Extract Crypto Measurement Data #
Added a new tool zcryptstats
to the s390-tools package to to obtain and display measurement data from crypto adapters for capacity planning.
8.4.6 Support Multiple zcrypt Device Nodes #
The cryptographic device driver can now provide and maintain multiple zcrypt device nodes. These nodes can be restricted in terms of cryptographic adapters, domains, and available IOCTLs.
8.4.7 openCryptoki ep11 Enhancements #
Support new functions and new mechanisms introduced for ep11 with IBM z14.
8.4.8 Enhanced openCryptoki Support #
Enhanced openCryptoki ep11 token to support m_*Single functions from ep11 lib.
8.4.9 libica: CPACF Enhancements #
Enhanced libica to support NIST curves as provided by CPACF MSA-9.
8.4.10 openssl-ibmca: CPACF Enhancements #
Enhanced openssl-ibmca to support NIST curves as provided by CPACF MSA-9.
8.4.11 zcrypt DD: APQN Tags Allow Deterministic Driver Binding #
Provides deterministic hot-plugging semantics to enable the virtualization and unique determination of crypto adapters in KVM environments even if the associated hardware gets intermittently lost and reconnected.
8.5 Storage #
8.5.1 zdsfs: Online VTOC Refresh #
A Linux application can now access new data sets that were created after zdsfs was mounted without the need to remount zdsfs.
8.5.2 Persistent Device Configuration #
The following SUSE-supplied commands are now deprecated:
ctc_configure
dasd_configure
qeth_configure
zfcp_disk_configure
zfcp_host_configure
These commands will be removed in a future release.
With SUSE Linux Enterprise Server 12 SP5, as an intermediate step, these scripts have been modified to use the IBM-supplied commands chzdev
and lszdev
.
If you are using the SUSE-supplied scripts, discontinue their use and directly use the commands
chzdev
and lszdev
provided by IBM in the package s390-tools.
8.5.3 Enable Raw Track Access Without Prefix CCW #
The DASD driver makes use of the Prefix CCW when accessing a DASD in raw track access mode. On some systems (e.g. zPDT), support for the Prefix CCW is not available. As a result, the raw track access mode cannot be used on those systems.
By enabling raw track access mode on zPDT, customers can easily move their Linux system volumes between zPDT and LPAR, allowing for greater flexibility during deployment of new setups.
8.5.4 Configurable IFCC Handling (Interface Control Check) for DASDs #
Provides a possibility to direct IFCC messages to the kernel log again in addition to the actual path handling. Enables to switch off the actual handling of repeated IFCCs (i.e. removing paths) so that only IFCC messages are written to the log when thresholds are exceeded.
8.5.5 Split DIF and DIX Boot Time Controls #
Enables the user to separately configure DIF and DIF+DIX integrity protection mechanisms for zFCP-attached SCSI devices.
8.5.6 scsi: zfcp: Add Port Speed Capabilities #
Provides the possibility to display port speed capabilities for SCSI devices.
8.6 Virtualization #
The following new features are supported in SUSE Linux Enterprise Server 12 SP5 under KVM:
8.6.1 Avoid Boot Failures After Changing Disks #
On SUSE Linux Enterprise Server 12 virtual machines wopuld no longer boot after changing disks.
In most cases this could be solved by changing dracut’s persistent_policy to by-path
and then rebuild the initrds.
There SUSE Linux Enterprise Server 12 SP5 persistent_policy=by-path
is the new default for dracut.
8.6.2 Enhanced Hardware Diagnose Data for the Linux Kernel #
Provide improved problem determination capabilities by passing Linux kernel information to hardware diagnose data.
8.6.3 zPCI Passthrough Support for KVM #
Allow KVM to pass control over ROCE Express host devices to a KVM guest enabling workloads that require direct access to PCI functions.
8.6.4 Interactive Bootloader #
Enable to interactively select boot entries to recover misconfigured KVM guests.
8.6.5 Huge Pages #
Allow KVM guests to use huge page memory backing for improved memory performance for workloads running with large memory footprints.
8.6.6 Expose Detailed Guest Crash Information to the Hypervisor #
Provides additional debug data for operating system failures that occur within a KVM guest.
8.6.7 New CPU Model IBM z14 ZR1 #
Provide the CPU model for the IBM z14 ZR1 to enable KVM guests to exploit new hardware features on the z14 ZR1.
8.6.8 New CPU Model IBM z15 #
Provide the CPU model for the IBM z15 to enable KVM guests to exploit new hardware features on the z15.
8.6.9 Secure Linux Boot Toleration #
Linux operating system images using a secure boot on-disk format can now be run in KVM without modifications required, lowering the overall administrative overhead.
8.6.10 IPL Support for ECKD DASDs #
KVM guests can now IPL from ECKD DASDs attached via CCW passthrough, which is provided as a technology preview in SUSE Linux Enterprise Server 12 SP5.
8.6.11 Dedicated CryptoExpress Adapter Domains for KVM Guests #
Allows KVM to dedicate domains of CryptoExpress adapters as passthrough devices to a KVM guest such that the guest can direct crypto requests directly to the IBM Z firmware without the hypervisor being able to observe the communication of the guest with the device.
8.7 Miscellaneous #
8.7.1 CONFIG_NUMA_EMU
turned off #
Turned off CONFIG_NUMA_EMU
for s390x, which was also removed upstream because of limited benefit, to improve serviceability.
8.7.2 Kernel Parameter resume
Removed #
On SUSE Linux Enterprise the resume=…
kernel parameter was enabled by default on all platforms.
With SUSE Linux Enterprise Server 12 SP5 it is no longer enabled on s390x, because it is
not used on the IBM Z platform.
9 ARM 64-Bit-Specific Features & Fixes (AArch64) #
Information in this section applies to the version of SUSE Linux Enterprise Server 12 SP5 for the AArch64 architecture.
9.1 cpufreq driver for Raspberry Pi #
The cpufreq allowing the system to change its frequency dynamically, has been added. This makes the system use less power consumption when idle. Also, writing a configuration file to change the frequency is no longer necessary.
9.2 HDMI Audio support for Raspberry Pi 3 #
HDMI Audio support has been added for the Raspberry Pi 3 platform.
10 Known Issues & Workarounds #
This is a list of known issues for this release.
10.1 User Login Fails After Upgrade #
After upgrading from SLES 12 SP4 or earlier, a regular user cannot login to the system.
This is caused by the deprecation of pam_unix2
because of its issues with systemd
.
For information how to fix the issue, see https://www.suse.com/support/kb/doc/?id=000019703.
10.2 Installation on RAID10 Array Composed from SSD Drives Hangs on Discard Request #
When setting up RAID 10 on four SSD drives during the installation, after choosing the target partition to create RAID, the progress bar will hang at 1% completed
for some time (depending on the RAID size) before proceeding.
This is a known performance issue on RAID 10 because the system takes time to split the large storage into many small ones.
This issue only occurs once when setting up the RAID 10 and has no effect afterwards.
Upstream currently has no solution for it.
10.3 Installation in Text Mode: Switching the Keyboard Layout fails #
When doing an installation in text mode, switching the keyboard layout in the Language, Keyboard, and License Agreement dialog does not work. The requested change does not get applied.
To work around this issue, make sure to choose a language on the boot screen.
A corresponding keyboard layout will automatically be applied.
On x86 and aarch64 machines with a traditional BIOS, press F2
on the boot screen to select a language. On x86 and aarch64 machines with EFI, append the language parameter to the kernel command line (e.g. Language=de_DE
). For IBM Z you may set the language via the parmfile.
10.4 Installation in Text Mode: Russian, Korean, and Chinese EULA is not Displayed Correctly #
When installing on the text console, the console as well as font is configured depending on the selected language. Because different languages use different sets of characters, it is not always possible to display the EULA in all languages.
If the EULA is not shown correctly in your preferred the language, either change the language in the Language selection screen of YaST (in order to load the proper font) or in the boot screen (in order to set-up the console properly). Translated EULAs are also available for download at https://www.suse.com/licensing/eula/.
10.5 Installation in Graphic Mode on IBM Z: Installation Fails with 1 GB RAM #
When attempting to do an installation in graphic mode on IBM Z, the installation stops without completing on machines equipped with only 1 GB RAM.
To work around this issue, either perform a text mode installation or add more RAM. The graphical installation requires at least 1.5 GB of RAM.
10.6 Media Does Not Contain Translated Manuals in /docu #
Former releases of SUSE Linux Enterprise Server contained translated manuals in the folder /docu
on DVD1.
12 SP5 only contains English manuals in /docu
on DVD1.
For 12 SP5 documentation translations were unfortunately not ready in time for building the product media.
Rather than shipping outdated translations, we decided to remove translations from the /docu
folder on the media.
12 SP5 continues to ship translated documentation as rpm packages. Up-to-date packages will be available as an online-update when 12 SP5 ships for the first time.
11 Removed and Deprecated Features and Packages #
This section lists features and packages that got removed from SUSE Linux Enterprise Server or will be removed in upcoming versions.
11.1 Removed Features and Packages #
The following packages have been removed in this release.
libibmad-devel
libipmctl2
libqpdf13
libreoffice-base-drivers-mysql
libsmbldap0
libsmbldap0-32bit
openscap-extra-probes
opensm-libs3
opensm-libs3-32bit
postgresql96
postgresql96-contrib
postgresql96-devel
postgresql96-docs
postgresql96-server
vaapi-intel-driver
xmlsec1-libgcrypt-devel
11.2 Deprecated Features and Packages #
The following features and packages are deprecated and will be removed with a future service pack of SUSE Linux Enterprise Server.
Also see the following release notes:
11.2.1 Chelsio T3 Driver (cxgbe3
) Is Deprecated #
The driver for Chelsio T3 networking equipment (cxgbe3
) is now deprecated and may become unsupported in a future Service Pack of SUSE Linux Enterprise Server 12.
12 Obtaining source code #
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/products/server/download/ on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.
13 Legal notices #
SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Refer to https://www.suse.com/company/legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2010-2024 SUSE LLC.
This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see the SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.