Release Notes #

SUSE Linux Enterprise Server 15 introduces many innovative changes compared to SUSE Linux Enterprise Server 12. The most important changes are listed below.

SUSE Linux Enterprise Server 15 SP6 introduces changes compared to SUSE Linux Enterprise Server 15 SP5. The most important changes are listed below:

The full list of changed packages compared to 15 SP5 can be seen at this URL:

The full list of changed modules compared to 15 SP5 can be seen at this URL:

As of 15 SP6, SUSE Linux Enterprise for High-Performance Computing is no longer a separate product. As a result:

Modules

For an HPC installation the user should enable the following modules:

On SUSE Linux Enterprise Server system, make sure the following modules are all enabled:

Roles

The HPC system roles are no longer available:

It is recommended to start with a Text Mode or Minimal System istallation. The admin should make sure that the system is partitioned to the respective requirements and the firewall is configured appropriately. Also, the admin should select the software components required. This may include slurm for the management server, slurm-node for the compute nodes. For login and compute nodes the pattern HPC Modularized Libraries (patterns-hpc-libraries) is available.

To learn about supported features and limitations, refer to the following sections in this document:

Certain software delivered as part of SUSE Linux Enterprise Server may require an external contract. Check the support status of individual packages using the RPM metadata that can be viewed with rpm, zypper, or YaST.

Major packages and groups of packages affected by this are:

SUSE Linux Enterprise Server 15 SP6 (and the SUSE Linux Enterprise modules) includes the following software that is shipped only under a GNU AGPL software license:

SUSE Linux Enterprise Server 15 SP6 (and the SUSE Linux Enterprise modules) includes the following software that is shipped under multiple licenses that include a GNU AGPL software license:

The set of media has changed with 15 SP2. There still are two different installation media, but the way they can be used has changed:

Upgrading the system is only supported from the most recent patch level. Make sure the latest system updates are installed by either running zypper patch or by starting the YaST module Online Update. An upgrade on a system that is not fully patched may fail.

Skipping service packs during an upgrade is only supported if you have a Long Term Service Pack Support contract. Otherwise, you need to first upgrade to SLE 15 SP5 before upgrading to SLE 15 SP6.

SLE 12 is the last codestream that SMT (Subscription Management Tool) is available for.

When upgrading your OS installation to SLE 15, we recommend also upgrading from SMT to its replacement RMT (Repository Mirroring Tool). RMT provides the following functionality:

Note that unlike SMT, RMT does not support installations of SLE 11 and earlier.

For more feature comparison between RMT and SMT, see https://github.com/SUSE/rmt/blob/master/docs/smt_and_rmt.md.

For more information about RMT, also see the new RMT Guide at https://documentation.suse.com/sles/15-SP3/html/SLES-all/book-rmt.html.

The container registry entries for Docker Hub and openSUSE Registry, which were previously included by default, have now been removed. If you want to pull container images from either of them, add them to the /etc/containers/registries.conf file.

Starting with SUSE Linux Enterprise 15 SP3, the rpm package in the suse/sle15 container image no longer supports the BDB back-end (based on Berkeley DB) and switches to the NDB back-end. Tools for scanning, diffing, and building container image using the rpm binary of the host for introspection can fail or return incorrect results if the host’s version of rpm does not recognize the NDB format.

To use such tools, make sure that the host supports reading NDB databases, such as hosts with SUSE Linux Enterprise 15 SP2 and later.

The pgadmin4 package has been updated to version 8.5. It is now part of the Python 3 Module.

The python311-base and libpython3_11-1_0 packages have been moved to the Basesystem Module for technical reasons. These two packages still follow the lifecycle of the Python 3 Module and that is reflected in the metadata as well.

The glibc package has been updated to version 2.38.

The following Java implementations are available in SUSE Linux Enterprise Server 15 SP6:

Warning

IBM Java will be removed in 15 SP7.

The SUSE Linux Enterprise Server 15 SP5 kernels diverged from latest CONFIG_HZ default settings for multiple architectures.

The SUSE Linux Enterprise Server for Arm 15 SP6 kernel changed the CONFIG_HZ value (Section 8.3, “Changed kernel CONFIG_HZ value”): x86-64 and Arm* architectures now use the same value of 250 Hz.

PowerPC and IBM Z architectures continue to share a value of 100 Hz.

These configuration values cannot be overridden from the kernel command line. If your applications run into issues, contact your SUSE representative.

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 15 SP6.

¹ By default, the user space memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 4 PiB.

² The total number of all processes and all threads on a system may not be higher than the "maximum number of processes".

Previously in kernel 5.14, it was possible to disable compression by passing an empty string instead of explicitly mentioning none or no.

In SLES 15 SP6, this behavior is changed to the more expected one. From kernel 5.14 onwards, empty string will reset the default setting instead of disabling compression.

The xorriso package has been split into xorriso (command-line only) and xorriso-tcltk (a GUI frontend).

The sysctl-logger package has been added. It is a sysctl monitoring tool that tracks changes to sysctl value based on BPF.

A RPM plugin for IMA (Integrity Measurement Architecture)/EVM (Linux Extended Verification Module) signing has been added. The plugin is installed as part of the following package:

Previously, the self-updater URL on the installation media was pointing to updates.suse.com. In SUSE Linux Enterprise Server 15 SP6 it now points to installer-updates.suse.com. If you are behind a firewall you might need to update your system as per the support article at https://www.suse.com/support/kb/doc/?id=000021034.

The kdump output directory format has been changed. The format has changed from YYYY-MM-DD-HH:MN to YYYY-MM-DD-HH-MN. That is, the separator between hours and minutes has changed from ":" to "-".

For more information see the full changelog.

By default, recent versions of the X.org and Xwayland servers do not accept connections from clients on different architectures.

For more information see https://documentation.suse.com/sles/15-SP6/single-html/SLES-deployment/#adm-ssh-x-byte-swapping.

systemd has been updated from 249 to version 254.

Some of the changes in this version include:

New

Breaking changes

See https://github.com/systemd/systemd/releases/tag/v254 for the full changelog.

SUSE Linux Enterprise Server 15 SP6 changes default cgroup mode to unified (cgroup v2). Hybrid mode can be enabled using a boot parameter for workloads that depend on cgroup v1, see https://documentation.suse.com/sles/15-SP6/html/SLES-all/cha-tuning-cgroups.html#sec-cgroups-hybrid-hierarchy.

The bind package has been updated from version 9.16 to version 9.18. This is a major update that removes several options but also adds, among others, the following features:

See the full changelog for more information.

The version of Samba shipped with SUSE Linux Enterprise Server 15 SP6 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability 15 SP6.

The openssh package has been updated to version 9.6p1, aligning with system crypto policies from the crypto-policies package. This update excludes insecure cryptographic algorithms, notably disallowing RSA keys under 2048 bits. This change may affect users with RSA host keys under 2048 bits for server connections.

To check for affected keys:

grep ssh-rsa ~/.ssh/known_hosts | ssh-keygen -lf -

The output lists key sizes and associated hostnames/IPs. After upgrade, connections to hosts with 1024 bit keys will fail if no alternative valid key exists.

Note: Troubleshooting

Before upgrade

1. Either update openssh to version 8.4p1, which enables UpdateHostkeys by default, allowing ssh to update known_hosts with all server’s host keys. Users must connect to the host with a 1024-bit RSA key after updating to this version and before upgrading to SP6.

2. Or, manually add host keys:

   ssh-keyscan hostname >> ~/.ssh/known_hosts

   Note that this method adds keys without verification; use only if manual host verification is possible.

After upgrade

1. Either temporarily use insecure algorithms by setting the crypto policy to LEGACY:

   sudo update-crypto-policies --set LEGACY

   Then, revert to the default secure policy after connecting:

   sudo update-crypto-policies --set DEFAULT

2. Or, remove the invalid host key from known_hosts and reconnect, manually verifying the new host key.

By default, the CPU mitigations setting to prevent CPU side-channel attacks is set to Auto. However, the kernel boot parameters included in the Auto option may change from one Service Pack to the next due to the necessity of applying new security patches. This may result in performance loss in some scenarios. You might want to change these to achieve a different tradeoff between performance and security.

For more information on how to configure these settings, see https://documentation.suse.com/sles/15-SP6/single-html/SLES-administration/#vle-grub2-yast2-cpu-mitigations.

In SLES 15 SP6, OpenSSL has been updated to version 3.1.4, replacing OpenSSL 1.1.1.

Because the development packages of different versions are mutually exclusive and automatic conflict resolution is not performed during updates, libopenssl1_1-devel should be manually selected for de-installation.

The TLS 1.0 and 1.1 standards have been superseded by TLS 1.2 and TLS 1.3. TLS 1.2 has been available for considerable time now.

SUSE Linux Enterprise Server packages using OpenSSL, GnuTLS, or Mozilla NSS already support TLS 1.3. We recommend no longer using TLS 1.0 and TLS 1.1, as SUSE plans to disable these protocols in a future service pack. However, not all packages, for example, Python, are TLS 1.3-enabled yet as this is an ongoing process.

The installer no longer tries to re-use existing LVM configurations. See the Deployment Guide at https://documentation.suse.com/sles/15-SP6/single-html/SLES-deployment/#yast-installer-reuse-lvm for more information.

LUKS2 is no longer technical preview but is now fully supported in YaST Partitioner.

For more information see the Partioning section of the AutoYaST Guide at https://documentation.suse.com/sles/15-SP6/single-html/SLES-autoyast/#CreateProfile-Partitioning

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers in 2000. Later, we introduced XFS to Linux, which allows for reliable large-scale file systems, systems with heavy load, and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.

The following table lists the file systems supported by SUSE Linux Enterprise.

Support status: + supported / ‒ unsupported

¹ OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability.

² Btrfs is a copy-on-write file system. Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in. Until the last write, the changes are not "committed". Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups).

³ To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted.

⁴ The block size default varies with different host architectures. 64 KiB is used on POWER, 4 KiB on other systems. The actual size used can be checked with the command getconf PAGE_SIZE.

Additional notes

Maximum file size above can be larger than the file system’s actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 2⁶³ bytes in theory.

The numbers in the table above assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different.

In this document:

See also http://physics.nist.gov/cuu/Units/binary.html.

Some file system features are available in SUSE Linux Enterprise Server 15 SP6 but are not supported by SUSE. By default, the file system drivers in SUSE Linux Enterprise Server 15 SP6 will refuse mounting file systems that use unsupported features (in particular, in read-write mode). To enable unsupported features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported. However, note that setting this option will render your kernel and thus your system unsupported.

The following table lists supported and unsupported Btrfs features across multiple SLES versions.

Support status: + supported / ‒ unsupported

Before, the lookup of the effective session limit in a systemd setup was not trivial. Now these new properties have been added:

In SLE 15 SP6 you can search for packages both within and outside of currently enabled SLE modules using the following command:

zypper search-packages SEARCH_TERM

This command contacts the SCC and searches all modules for matching packages. This functionality makes it easier for administrators and system architects to find the software packages needed. This feature is now also available when a system is registered against RMT.

Xen has been updated to version 4.18, for more information: https://wiki.xenproject.org/wiki/Xen_Project_4.18_Release_Notes

QEMU has been updated to version 8.2, full list of changes are available at https://wiki.qemu.org/ChangeLog/8.2

Highlights include:

libvirt has been updated to version 10.0.0, this include many incremental improvements and bug fixes, see https://libvirt.org/news.html#v10-0-0-2024-01-15

libvirt provides two daemon deployment options: monolithic or modular daemons. Modular daemons are now enabled by default, but a deployment can be switched to the traditional monolithic daemon by disabling the individual daemons and enabling libvirtd.

Broadcom Emulex Fibre Channel (FC) adapters might fail to be properly removed with DLPAR operations in SUSE Linux Enterprise Server 15 SP6. All POWER 9 and Power10 systems with any Emulex FC adapter are affected.

When you perform DLPAR remove operations on Emulex FC adapters, there is a possibility that the adapter is not properly removed from the system. This operation can cause future DLPAR operations to fail. A future DLPAR add operation on the same FC adapter might cause symptoms including an EEH error followed by a kernel oops and system crash. The following messages might be seen on a failing system:

Figure 1: Screenshot of an error on a failing system #

There is currently no workaround nor fix available for this issue. Instead of using the DLPAR operation, you can shutdown the logical partition before you remove or add Emulex FC adapters to the configuration.

There is a limit on the memory available to the GRUB bootloader. The installer ramdisk is particularly large because it includes kernel drivers for all possible installation scenarios as well as tools for loading the installer from different types of media. Enabling secure boot and vTPM on the LPAR further increases memory requirements.

When loading the OS from the installation medium the following message might appear:

Loading kernel ...
Loading initial ramdisk ...
error: ../../grub-core/kern/mm.c:548:out of memory.

Press any key to continue...

The recommended workaround is to disable vTPM support during installation.

Secure boot IPL has the following minimum system requirements, depending on the boot device to be IPLed:

If these requirements are not met, the system can be IPLed in non-secure mode only.

SUSE Linux Enterprise Server for Arm 15 SP4 and SP5 prepared their kernels for the Armv8.5 Memory Tagging Extension (FEAT_MTE). Their glibc packages were based on version 2.31 and did not yet support Memory Tagging.

SUSE Linux Enterprise Server for Arm 15 SP6 updates glibc base version to 2.38 and enables Memory Tagging in the GNU C Library as well.

The NVIDIA Grace Hopper* System-on-Chip contains an integrated, Hopper microarchitecture-based Graphics Processor Unit (GPU).

SUSE Linux Enterprise Server for Arm 15 SP6 maintenance updates currently provide packages nvidia-open-driver-G06-signed-kmp-default and kernel-firmware-nvidia-gspx-G06 in version 535.104.05, which does not yet enable NVIDIA Grace Hopper GH200.

Check for maintenance updates of those packages with version 545.29.02 or later, or contact the system vendor or chip vendor NVIDIA for whether third-party graphics drivers are available for SUSE Linux Enterprise Server for Arm 15 SP6.

Note: PCIe GPUs not affected

Discrete GPU cards with Hopper microarchitecture, such as NVIDIA H100, are already enabled in shipping package versions.

The NVIDIA* Tegra* System-on-Chip chipsets include an integrated Graphics Processor Unit (GPU).

SUSE Linux Enterprise Server for Arm 15 SP6 does not include graphics drivers for any of the NVIDIA Jetson*, NVIDIA IGX or NVIDIA DRIVE* platforms.

Contact the chip vendor NVIDIA for whether third-party graphics drivers are available for SUSE Linux Enterprise Server for Arm 15 SP6.

The NXP* Layerscape* LS1028A/LS1018A System-on-Chip contains an Arm* Mali*-DP500 Display Processor, whose output is connected to a DisplayPort* TX Controller (HDP-TX) based on Cadence* High Definition (HD) Display Intellectual Property (IP).

A Display Rendering Manager (DRM) driver for the Arm Mali-DP500 Display Processor is available as technology preview (Section 2.8.1.5, “mali-dp driver for Arm Mali Display Processors available”).

However, there was no HDP-TX physical-layer (PHY) controller driver ready yet. Therefore no graphics output will be available, for example, on the DisplayPort* connector of the NXP LS1028A Reference Design Board (RDB).

Contact the chip vendor NXP for whether third-party graphics drivers are available for SUSE Linux Enterprise Server for Arm 15 SP6.

Alternatively, contact your hardware vendor for whether a bootloader update is available that implements graphics output, allowing to instead use efifb framebuffer graphics in SUSE Linux Enterprise Server for Arm 15 SP6.

Note

The Vivante GC7000UL GPU driver (etnaviv) is available as a technology preview (Section 2.8.1.3, “etnaviv drivers for Vivante GPUs are available”).

The following packages in the Public Cloud module have been removed: