Release Notes #

SMT (Subscription Management Tool) now supports the SLE 10, 11, and 12 product families.

The following definitions apply:

For contracted customers and partners, SUSE Linux Enterprise Server 12 SP1 and its Modules are delivered with L3 support for all packages, except the following:

SUSE will only support the usage of original (e.g., unchanged or un-recompiled) packages.

Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.

Whether a technical preview will be moved to a fully supported package later, depends on customer and market feedback. A technical preview does not automatically result in support at a later point in time. Technical previews could be dropped at any time and SUSE is not committed to provide a technical preview later in the product cycle.

Give your SUSE representative feedback, including your experience and use case.

The following packages require additional support contracts to be obtained by the customer in order to receive full support:

If you install using AutoYaST with a profile that, in the <kdump> section, has <add_crash_kernel> set to true but that does not include <crash_kernel>, an incorrect kernel parameter will be set initially. During the first boot, that is, the second AutoYaST stage, the following will be set:

crashkernel=""

AutoYaST will correct this automatically. However, the corrected value will only go into effect after a reboot.

To solve this, reboot the system. Afterwards, Kdump will be configured properly.

During the installation of SUSE Linux Enterprise Server 12 SP1, you can choose to install extensions from DVD. When doing so, you will not be asked to register the extension by entering a registration code and will therefore also miss out on updates.

Consider installing extensions from the registration server instead. Alternatively, register the extension after the installation by running:

SUSEConnect -p <PRODUCT_NAME>/<VERSION>/<ARCHITECTURE> -r <REGISTRATION_CODE>

In the YaST installer, on the page Installation Settings, the headline Clone System Configuration and the button Export Configuration allow creating an AutoYaST XML file. However, generating files using these options will result in an invalid package selection and network configuration. This means that when the file is used for an installation, that installation could fail.

To create valid AutoYaST XML files, use an installed system. Ensure that the latest YaST updates have been installed and run:

yast clone_system

When deploying a SLES to a private cloud, or any virtualization infrastructure, it is a common practice to build silver images with requisite software pre-installed, pre-configured for the intended environment.

When such a silver image gets cloned and deployed to a cloud platform, it will receive network MAC addresses different from the instance it was originally installed on. Therefore, clean up any mapping associated with persistent network device names:

rm -f /etc/udev/rules.d/70-persistent-net.rules

SMT 12 comes with a new database schema and is standardized on the InnoDB database back-end.

In order to upgrade SMT 11 SPx to SMT 12, it is necessary that SMT 11 is configured against SCC (SUSE Customer Center) before initializing the upgrade of SLES and SMT to version 12 SP1 or newer. If the host is upgraded to SLES 12 SP1 or newer without switching to SCC first, the installed SMT instance will no longer work.

Only SMT 11 SP3 can be configured against SCC. Older versions need to be upgraded to version 11 SP3 first.

Whether the schema or database engine must be upgraded is checked during package upgrade and displayed as an update notification. Back up your database before doing the database upgrade. Both the schema and database engine upgrade are done by the utility /usr/bin/smt-schema-upgrade (can be called directly or via systemctl start smt-schema-upgrade) or are done automatically after smt.target restart (computer reboot or via systemctl restart smt.target). However, manual database tuning is required for optimal performance. For details, see https://mariadb.com/kb/en/mariadb/converting-tables-from-myisam-to-innodb/#non-index-issues (https://mariadb.com/kb/en/mariadb/converting-tables-from-myisam-to-innodb/#non-index-issues)

Support for NCC (Novell Customer Center) was removed from SMT. SMT can still serve SLE 11 clients, but must be configured to receive updates from SCC.

Before migrating from SMT 11 SP3, SMT must be reconfigured against SCC. Migration from older versions of SMT is not possible.

In SLE 12, AutoYaST configures Snapper if the root file system uses Btrfs. But only if LVM is not used for the root file system.

In SLES 12 SP1, AutoYaST always configures Snapper if the root file system uses Btrfs. If Snapper is not wanted, disable this feature in the AutoYaST profile.

In networks that enforce the usage of a proxy server to access remote Web sites, registration was not possible during installation. This resulted in an initial installation without updated packages. Updates had to be installed in a separate step after system installation had been finished.

Before the installation begins, a proxy server can be configured in the boot loader by pressing F4. This enables both product registration and online updates during the installation workflow.

Prior to SUSE Linux Enterprise 12 SP1, after the first rollback of the system the original root volume was no longer reachable and would never be removed automatically. This resulted in a disk space leak.

Starting with SP1, YaST installs the system into a subvolume controlled by Snapper.

Probing floppy devices can slow down the boot process on some machines that have a timeout even if there is no floppy device.

yast2-bootloader no longer tries to detect nor supports floppy devices.

If it is needed to boot from a floppy disk, GRUB 2 can be configured manually.

CJK languages (Chinese, Japanese, and Korean) do not work properly during text-mode installation if the framebuffer is not used (Text Mode selected in boot loader).

There are three ways to resolve this issue:

When updating SUSE Linux Enterprise Server 12 to the Service Pack 1 release, any add-on products that have a hard dependency on the SUSE Linux Enterprise 12 GA release will be flagged for automatic removal. For example, this includes driver kits provided on https://drivers.suse.com (https://drivers.suse.com). On the installation settings page, a message will be displayed, similar to the following:

Update Options
* Some products are marked for automatic removal.
* Contact the vendor of the removed add-on to provide you with a new
  installation media
* Or select the appropriate online extension or module in the registration step
* Or to continue with product upgrade go to the software selection and mark
  the product (the -release package) for removal.
* Product SUSE Linux Enterprise Server 12 will be updated to SUSE Linux
  Enterprise Server 12 SP1 RC2
* Error: Product [NAME OF ADD-ON PRODUCT] will be automatically removed.
* Only update installed packages where [NAME OF ADD-ON PRODUCT] will be
  the name of the product to be removed.

If the add-on product named on the error line should not be removed, contact the vendor of the add-on for an update compatible with Service Pack 1 or verify that the correct extensions or modules are selected for update. In this state, the upgrade cannot continue.

If you want to remove the add-on product, manually delete the *-release packages associated with the add-on product.

YaST GUI:

YaST on the command line:

The error message will be replaced with a warning and the upgrade can continue.

When performing a service pack migration, it is necessary to change the configuration on the registration server to provide access to the new repositories. If the migration process is interrupted or reverted (via restoring from a backup or snapshot), the information on the registration server is inconsistent with the status of the system. This may lead to you being prevented from accessing update repositories or to wrong repositories being used on the client.

When a rollback is done via Snapper, the system will notify the registration server to ensure access to the correct repositories is set up during the boot process. If the system was restored any other way or the communication with the registration server failed for any reason (for example, because the server was not accessible due to network issues), trigger the rollback on the client manually by calling snapper rollback.

We suggest always checking that the correct repositories are set up on the system, especially after refreshing the service using zypper ref -s.

When upgrading from SUSE Linux Enterprise Server or Desktop 12 to SUSE Linux Enterprise Server or Desktop 12 SP1, you may experience a version downgrade of specific software packages, including the Linux Kernel.

This is expected behavior. It is important to remember that the version number is not sufficient to determine which bug fixes are applied to a software package.

All SLE 12 SP1 software packages and updates are contained in the SLE 12 SP1 repositories. No packages from SLE 12 repositories are needed for installation or upgrade.

In case you do add SLE 12 update repositories, be aware of one characteristic of the repository concept: Version numbers in the SLE 12 update repository can be higher than those in the SLE 12 SP1 repository. Thus, if you update with the SLE 12 repositories enabled, you may receive the SLE 12 version of a package instead of the SLE 12 SP1 version.

Using package versions from a lower product version or SP can result in unwanted side effects. If you do not need them, switch off all SLE 12 repositories.

Only keep old repositories if your system depends on a specific older version of a package. If you need a package from a lower product version or SP though, and thus have SLE 12 repositories enabled, make sure that the packages you intended to upgrade have actually been upgraded.

Online migration from SLE 12 to SLE 12 SP1 is not supported if debuginfo packages are installed.

In the past, you could use YaST Wagon to migrate between Service Packs. YaST Wagon is now unsupported.

You can now use either the YaST Online Migration module or zypper migration.

To learn more about migrating between Service Packs, see the section Service Pack Migration in the Deployment Guide: https://www.suse.com/documentation/sles-12/book_sle_deployment/data/cha_update_spmigration.html (https://www.suse.com/documentation/sles-12/book_sle_deployment/data/cha_update_spmigration.html).

Note that when performing the SP migration, both YaST and Zypper will install all recommended packages. Especially in the case of custom minimal installations, this may increase the installation size of the system significantly.

There are two ways to change this behavior:

An important requirement for every Enterprise operating system is the level of support a customer receives for his environment. Kernel modules are the most relevant connector between hardware ("controllers") and the operating system.

For more information about the handling of kernel modules, see the SUSE Linux Enterprise Administration Guide.

The YaST module for configuring an SSH server which was present in SLE 11, is not a part of SLE 12. It does not have any direct successor.

The module SSH Server only supported configuring a small subset of all SSH server capabilities. Therefore, the functionality of the module can be replaced by using a combination of 2 YaST modules: The /etc/sysconfig Editor and the Services Manager. This also applies to system configuration via AutoYaST.

In some conditions, Zypper returned an exit value of 0 even if it was aborted. This happened if a user decided to abort because of conflicts or if Zypper ran in a non-interactive mode, but was waiting for user input.

In these cases, Zypper will now return a suitable error code.

In the past, the YaST Qt package manager UI auto-installed packages for already installed packages.

The YaST Qt packager UI no longer defaults to installing recommended packages for already installed packages. The persistent option controlling this feature is moved to a one-time option Extras/Install All Matching Recommended Packages (https://bugzilla.suse.com/show_bug.cgi?id=902394 (https://bugzilla.suse.com/show_bug.cgi?id=902394)).

For newly installed packages, the weak dependencies are still installed by default, but now this can be disabled in the UI with the option Dependencies/Install Recommended Packages (https://bugzilla.suse.com/show_bug.cgi?id=900853 (https://bugzilla.suse.com/show_bug.cgi?id=900853)).

The YaST Qt packager UI is also using the configuration file /etc/sysconfig/yast2 as the ncurses package manager UI (https://bugzilla.suse.com/show_bug.cgi?id=900853 (https://bugzilla.suse.com/show_bug.cgi?id=900853)).

We do not recommend disabling the installation of recommended packages during installation unless you are trying to install a minimal system. If you do so, make sure to review the package selection. The functionality associated with patterns expects recommended packages to be installed, too. If any of them are missing, some functionality of the patterns may not be available.

After a rollback of a Service Pack to the previous version, SCC and SMT need to be informed about this to reset the access rules for the old product repositories.

During a Service Pack migration, SCC and SMT change the access rules for this machine and switch it from the old Service Pack to the new one. If you roll back from a Service Pack, SCC and SMT will not grant access to the old repositories again until they are told to do so.

If the rollback is done via Snapper (that is, using Btrfs snapshots), services and repositories are adjusted automatically. If this fails, or the rollback is done in other ways (for example, using VMware/KVM/LVM snapshots, or restoring from a backup), this needs to be done manually using:

SUSEConnect --rollback

When a new product gets activated with the SUSEConnect command line tool, the added service will be configured to autorefresh periodically. This is now fully compatible with YaST's behavior.

For some systems, it may be desired to limit patches that are installed to those that are most necessary.

The version of Zypper shipped with SLE 12 SP1 now allows more fine-grained control over which patches are installed using the --severity parameter. For example, to install only critical security patches, use:

zypper patch --category security --severity critical

Btrfs frees disk space asynchronously after deleting snapshots. So if the user deletes Snapper-controlled snapshots, the user must either wait or manually call several Btrfs commands to have the disk space actually freed.

The delete command of Snapper has a new option --sync that triggers Btrfs to free the disk space and waits until the disk space is actually freed.

The boot menu entry 'Failsafe' has been removed from the list of default boot menu entries, as in case of an error, the "right" combination of parameters to fix needs to be found anyway.

SLE 12 also supports booting from snapshots which are meant to provide a fallback in case the system is not booting after a change.

The bootcycle package from SLE 11 was re-introduced in SLE 12 SP1.

It is possible to run SUSE Linux Enterprise 12 on a shared read-only root file system. A read-only root setup consists of the read-only root file system, a scratch and a state file system. The /etc/rwtab file defines, which files and directories on the read-only root file system are replaced with which files on the state and scratch file systems for each system instance.

The readonlyroot kernel command line option enables read-only root mode; the state= and scratch= kernel command line options determine the devices, on which the state and scratch file systems are located.

In order to set up a system with a read-only root file system, set up a scratch file system, set up a file system to use for storing persistent per-instance state, adjust /etc/rwtab as needed, add the appropriate kernel command line options to your boot loader configuration, replace /etc/mtab with a symlink to /proc/mounts as described below, and (re)boot the system.

Replace /etc/mtab with the appropriate symbolic links:

ln -sf /proc/mounts /etc/mtab

See the rwtab(5) manual page for more information and http://www.redbooks.ibm.com/abstracts/redp4322.html (http://www.redbooks.ibm.com/abstracts/redp4322.html) for limitations on System z.

The YaST Snapper module bypassed the snapperd daemon while working on Snapper-controlled snapshots. This could lead to inconsistent data between YaST Snapper and Snapper.

The YaST Snapper module now uses the DBus interface when working on Snapper-controlled snapshots.

lmi-bmc is a CIM-XML provider based on openlmi framework. This provider publishes information about the service processor via CIM-XML. The information currently includes:

The Zypp history file now includes information about patch installation. The lines in the history are tagged |command| and show the user, command line and optional user data of the process that triggered the commit.

sapconf is a software package for automated system tuning, dedicated to SUSE Enterprise Linux users who wish to run SAP software products. The new release of sapconf comes with important dependency changes, and brings new features.

In previous releases, sapconf automatically tuned a system for SAP Netweaver products only. It provided a system service (sapconf.service) and an executable (/usr/sbin/sapconf). The executable file mimics a SysV-style init script and executes an action (start, restart, try-restart, reload, status, stop) based on command line parameter input.

In this release, the implementation of sapconf is revamped to offer more features and tuning profiles for the system tuning daemon (tuned.service), while keeping compatibility with the previous releases.

If you have been using a previous release of sapconf and plan to upgrade to SLES 12 SP1, please check that tuned package is installed after running the distribution upgrade (run as root: zypper install tuned), because in certain cases a distribution upgrade may ignore the dependency on tuned package and thus resulting in a non-functioning sapconf; if the package tuned is not installed, sapconf will prompt you to install the missing package when it runs.

As with the previous releases, invoking sapconf with action start will activate SAP Netweaver tuning profile only if an SAP-product tuning profile (sap-hana, sap-netweaver) is not active at the time; if an SAP-product tuning profile is already active (such as sap-hana or sap-netweaver), sapconf will simply make sure that tuning is activated, without forcibly switching to sap-netweaver tuning profile.

With this release, sapconf comes with two more actions: "hana" and "b1" (BusinessOne). Invoking sapconf (for example "sapconf hana") with either action name will result in SAP HANA tuning profile being activated. SAP HANA and BusinessOne use an identical method for system tuning, thus there exists only one SAP HANA tuning profile for both cases.

System service sapconf.service continues to stay and it makes sure that system tuning is automatically applied upon reboot.

For more information, see the following new or updated manual pages:

For advanced storage configurations like 4-way multipath to an array, we will end up with an environment where the host OS is scheduling I/O and the storage array is scheduling I/O. It is a common occurrence that those schedulers end up competing with each other and ultimately degrade performance. Because the storage array has the best view of what the storage is doing at any given time, enabling the noop scheduler on the host is telling the OS to just get out of the way and let the array handle all of the scheduling.

Following the same rationale, also for block devices within virtualization guests the noop I/O scheduler should be used.

To change the I/O scheduler for a specific block device, use:

echo [scheduler name] > /sys/block/[device]/queue/scheduler

For more information, see the SUSE Linux Enterprise System Analysis and Tuning Guide.

On systems with a high NFS load, connections may block.

To work around such performance regressions with NFSv4, you could open more than one TCP connection to the same physical host. This could be accomplished with the following mount options:

To request that the transport is not shared use

mount -o sharetransport=N server:/path /mountpoint

Where N is unique. If N is different for two mounts, they will not share the transport. If N is the same, they might (if they are for the same server, etc).

If it is not the root file system and if the file system has at least 20 % free space available, in-place conversion of an existing Ext2/Ext3/Ext4 or ReiserFS file system is supported for data mount points.

SUSE does not recommend or support in-place conversion of OS root file systems. In-place conversion to Btrfs of root file systems requires manual subvolume configuration and additional configuration changes that are not automatically applied for all use cases.

To ensure data integrity and the highest level of customer satisfaction, when upgrading, maintain existing root file systems. Alternatively, reinstall the entire operating system.

First-time users of Btrfs often run the following command without any options:

btrfs balance start

This results in a long I/O-intensive operation that has a noticeable impact on system performance.

The btrfs balance command requires additional options to perform a full file system re-balance. For more information, see the man page btrfs-balance(8).

It is now possible to loopback mount images with 4k blocksize.

The Ceph RADOS Block Device (RBD) kernel module has been updated to include the following features:

Although required crash kernel reservation size does not depend on total installed RAM (contrary to popular belief), it does depend on the number of attached devices. A system connected to multiple SANs with hundreds of LUNs requires more RAM than a system with a single internal SATA disk.

With SLE 12 SP1, it is possible to configure very large crash kernel reservations. The amount can be configured during installation or at any later time using YaST Kdump module. See System Analysis and Tuning Guide for more information on choosing a suitable value.

Creating a new subvolume underneath the / hierarchy after system installation and after the first snapshot to the / filesystem is supported. If the new subvolume is permanently mounted via /etc/fstab (that is, in a way that the new subvolume is also available in future snapshots), the snapshot the subvolume has been created at cannot be deleted anymore, though.

Example:

Technical Reason: Subvolumes in Btrfs always need an origin in the filesystem tree, and this origin is the original point where the subvolume has been created, that is, literally the path. In our example:

/@/.snapshots/212/snapshot/mynewsubvol

A subvolume which should be permanently mounted via /etc/fstab should be created from an origin which is not a snapshot itself. This is why the /@/ subvolume has been created: It serves as an independent root for permanent subvolumes such as /var, /srv, etc.

With SLES 12 SP1 lvmetad is now enabled by default. With lvmetad lvm command can now work faster as they need not to scan the disks for the information, but can ask lvmetad about the disk information.

There was no possibility to keep the startup mode ('automatic', 'manual', or 'on boot') of already connected targets. Using either 'Discovery' on 'Discovered Targets' or 'Add' on 'Connected Targets' screen has reset the startup mode to default mode 'manual'.

Now It is possible when using the 'Add' button on 'Connected Targets' screen to detect additional targets. The startup mode of the targets already connected will not change then.

SLE 12 already supported pNFS File and Objects models as a pNFS client, but not block mode.

The pNFS client included with SLE 12 SP1 now supports block mode.

Block-mode pNFS involves the NFS client accessing the data directly using iSCSI or fibre channel (or similar) rather than using NFS. NFS is used for metadata management, for creating and deleting files and for finding out where in the block devices the data is. Once the client knows where the data is and has permission from the server, it accesses the storage device directly.

The client needs to be running blkmapd which uses device-mapper to stitch together various block devices into a form that the NFS client can use.

blkmapd can be started with:

systemctl enable nfs-blkmap

If the target-isns package is installed, you can use YaST to configure the iSNS Server Address.

Alternately, edit /etc/target-isns.conf after installation: Set the parameter isns_server to the IP address of the server where an iSNS daemon is running.

While flash-based storage is fast, traditional rotational hard disks are slow but provide an excellent price per gigabyte. Multitier I/O Caching describes the means of implementing a cache to amplify read and write operations in the fast, but smaller and expensive flash based storage.

SUSE Linux Enterprise Server implements two different ways of performing caching between flash and rotational devices:

Both caching solutions provide the following caching modes:

dm-cache requires a backing device (HDD), a caching device (SSD, NVMe) and a metadata device. bcache only requires a backing device and a caching device.

Both systems only work on block devices. Thus, network filesystems like NFS cannot be used as backing stores.

SUSE Linux Enterprise Virtual Machine Driver Pack is a set of paravirtualized device drivers for Microsoft Windows operating systems. These drivers improve the performance of unmodified Windows guest operating systems that are run in virtual environments created using Xen or KVM hypervisors with SUSE Linux Enterprise Server 11 SP4 and SUSE Linux Enterprise Server 12 SP1. Paravirtualized device drivers are installed in virtual machine instances of operating systems and represent hardware and functionality similar to the underlying physical hardware used by the system virtualization software layer.

The new features of SUSE Linux Enterprise Virtual Machine Driver Pack 2.3 include:

For more information on VMDP 2.3, see the official documentation.

virt-top is a top-like utility for showing statistics for virtualized domains. Many keys and command line options are the same as for ordinary top.

zEDC compression can be used via the GenWQE (Generic Workqueue Engine) device driver. It is a PCIe card used to do zlib style compression and decompression according to RFC1950, RFC1951, and RFC1952.

Remote control of the capacity of target systems in HA setups allows to maintain the bandwidth during failure situations and removes the need for keeping unused capacity activated during normal operation

This feature provides prerequisites for the System z specific PCI support.

Files on the USB/DVD drive of the SE/HMC of z Systems hardware can now be accessed.

SLES 12 SP1 supports the 10GbE RoCE Express feature on zEC12, zBC12 and IBM z13 via the Ethernet device using TCP/IP traffic without restrictions. Before using this feature on an IBM z13, make sure that the minimum required service is applied: z/VM APAR UM34525 and HW ycode N98778.057 (bundle 14).

SLES 12 SP1 includes RDMA enablement and DAPL/OFED for s390x as a technology preview, but these can only be used on LPAR when running on an IBM zEC12 or zBC12. They cannot be used on an IBM z13.

With SLES 12 SP1 Linux on z Systems includes support for SMT (Simultaneous Multi Threading) that is available with the IBM z13 or later hardware.

Often it is difficult to correlate the commonly used name of the processor with the IBM model number for that processor.

The cputype command is now included in the s390-tools package. The cputype command prints both the IBM model number as well as the more commonly used processor name.

At the end of the installation of SLES 12 SP1, you will be asked to reboot the system. However, on zKVM, immediately rebooting means that the installer will start anew.

Instead of rebooting the system, make sure that the system shuts down. You can then adapt your VM configuration for the changed kernel/initrd parameters. After that, you can reboot into the newly installed system as usual.

This feature provides a library to determine the capacity of an environment for accounting purposes. Applications can trigger system and capacity details regarding the System, LPAR, z/VM, and KVM environments in terms of available CPU (shares).

If you are using z/VM 6.3, we strongly suggest installing the APAR VM65419 (or higher) to improve the output of qclib.

Improved performance handling by querying host performance metrics from within VM is now enabled via vm-dump-metrics, which is available in the vhostmd package.

Provides the infrastructure and tool set to manage and deploy applications based on docker images based on gccgo.

The limitation of eight characters for Linux guest names is removed and long names can be reflected in /proc/sysinfo with up to 255 characters.

Enable to manually trigger LUN recovery and to export debug data for zfcp-attached SCSI devices that are attached by automatic LUN scan.

Because the first sector of a DASD has a special format it is not possible to use unpartitioned DASDs for LVM. In YaST it was possible to select an unpartitioned DASD in the expert partitioner for LVM but then creating the physical volume failed later on.

YaST now disallows to select an unpartitioned DASD for LVM.

Provides improved monitoring and service via more timely and accurate display of settings and values via the ethtool when running on hardware that supports the improved query of network cards

Provide infrastructure to gather and display OSA and TCP/IP configuration information via the "OSA query Address Table" hardware function to ease administration of OSA and TCP/IP configuration information.

The cryptographic device driver includes support for the CEX5S crypto card introduced with the IBM z13. The support of crypto domains is extended above 16 domains and now supports up to 256 domains.

The generation of pseudo random numbers include enhanced support for "Deterministic Random Bit Generator" (DRBG) according to updated security specification NIST SP 800-90A.

Enables to apply concurrent hardware microcode level upgrades (MCL) without impacting I/O operations to the Flash storage media and notifies users of the changed Flash hardware service level

Linux on z Systems now includes the DIAG288 watchdog support that provides improved High Availability and RAS characteristics for Linux KVM guests

Improved Fibre Channel port scan behaviour of the zfcp device driver to avoid excessive scanning and scan bursts. Scan bursts can occur in large virtual server environments.

Support for OSA-Express5s cards has been added to the qethqoat tool, which is part of the s390tools package. This enhancement extends the serviceability of network and card setups for OSA-Express5s cards.

Hot-patch support in gcc implements support for online patching of multi-threaded code for Linux on System binaries. It is possible to select specific functions for hot-patching using a function attribute and to enable hot-patching for all functions (-mhotpatch) via command line option. Because enabling of hot-patching has negative impact on software size and performance it is recommended to use hot-patching for specific functions and not to enable hot-patch support in general.

For online documentation, see http://gcc.gnu.org/onlinedocs/gcc/ (http://gcc.gnu.org/onlinedocs/gcc/).

The memory handling on z Systems is now based on Software reference bit handling, that replaces the z specific "storage key operations". That provides enhanced commonality with other platforms and improved performance especially for Linux running as KVM guest

The Linux kernel now provides support for user space applications to use SIMD (Single Instruction Multiple Data) instructions that operate on vector registers and are available with IBM z13 and later hardware.

Vector registers are now part of kernel dumps. The crash tool is extended to display the vector registers of the kernel dump and the zgetdump tool is enhanced for converting dump formats.

For gcc support, the add on gcc 5.2 is required. The add-on is part of the tool chain module.

SIMD support has been added to LLVM, resulting in improved performance of the software-emulated 3D graphics stack (mesa / llvmpipe).

The stand alone dumper and dump tools include support for SMT instructions that are supported with the IBM z13 and later hardware

The Linux toolchain, gcc, binutils and gdb now supports the hardware instructions that were introduced with the IBM z13. With these instructions, full hardware functionality and improved performance are available. For gcc support, the add-on gcc 5.2 is required. The add-on is part of the Toolchain Module.

User space applications are able to utilize the SIMD vector instructions introduced with the IBM z Systems z13

The enhanced GDB support now displays the program exception TDB "Transactional Diagnostic Block" from a core file, as well as during a debug session for debugging code using transactions

Performance issues sometimes require more details about CPU cycles used by workloads, shared libraries, kernel and device drivers.

With support for the CPU-measurement sampling facility the perf program can be used to capture more detailed performance data. It includes the following key features to sample workloads:

Newer machines have new instructions and better instruction schedulers.

The default for the system compiler is to generate code for z196 / z114 and do the scheduling for zEC12.

This Service Pack adds support for the following Intel processors:

SLE 12 only supported version 7 of OpenJDK. There was no solution for customers needing a higher version of Java.

In SLE 12 SP1, OpenJDK 8 was added as an alternative Java version. OpenJDK 7 remains available additionally. To choose the right version for your use case, use update-alternatives.

Since SLE 12 SP1, YaST includes a new journal module, which enables users and system administrators to take advantage of the advanced filtering capabilities of the systemd journal.

The new module displays the log entries in a table with a search box providing grep-like live searching. In addition, it allows to filter the entries in the list by date and time, unit, file, or priority.

In short, the module offers all the advantages of the old (and still present) log viewer with some extra systemd powered goodies.

The original provider of the pax binary was the package pax. However, this binary was not LSB-compatible and is not maintained upstream.

In SLE 12 SP1, pax was replaced with spax (from the package star). For backwards compatibility, this package also provides a symbolic link for pax.

The new command spax provides many of the same options that the former pax also offered. However, the following options are not supported: -0, -B, -D, -E, -G, -O, -P, -T, -U, -Y, -Z. spax does not provide options beyond those offered by pax.

Additionally, the formats supported by the option -x have changed:

It is also possible that other options have slightly different behavior than you are used to. For more information, see the spax manual pages.

SLE 12 GA shipped with a freeradius version that was stripped to its core and removed certain functionality that was available in SLE 11.

SLE 12 now ships with additional packages that fix the feature omissions:

The packages necessary to set up Shibboleth authentication were added.

The Qt 5 libraries were updated to 5.5.1. Qt 5.5.1 includes new features and security fixes for known vulnerabilities over Qt 5.3.2 (the version initially shipped in SP1).

Among other security fixes, the new version includes a fix for the Qt WebEngine's Weak Diffie-Hellman vulnerability (CVE-2015-4000).

New features include:

Puppet has been updated from 3.6.2 to 3.8.5. All releases between these two versions should only bring Puppet 3 backward-compatible features and bug and security fixes.

For more information, read the following release notes:

In particular, you should pay attention to the following upgrade notes and warnings:

The tar version in SLES and SLED 12 (SP0) was not handling extended attributes properly.

A maintenance update for tar fixes this issue. This update introduces new package dependencies:

Both of these packages are already required by other core packages in a SLE installation.

The Wireshark 1.10.x series of releases was discontinued upstream and does no longer receive security updates or bug fixes.

Wireshark was updated to the 1.12.x series of releases, providing for delivery of fixes for security issues as well as new and updated protocol support and dissectors.

In the Legacy Module for SUSE Linux Enterprise 12, we shipped KSH 93v. However, the 93v branch was not fully stable yet.

With SLE 12 SP1, we release KSH 93u, which is more stable version 93v. In order to provide a regular update path from 93v to 93u, a higher version number (93vu) has been used for this update.

To upgrade a PostgreSQL server installation from version 9.1 to 9.4, the database files need to be converted to the new version.

Note: System Upgrade from SLE 11

On SLE 12, there are no PostgreSQL 8.4 or 9.1 packages. This means, you first must migrate PostgreSQL from 8.4 or 9.1 to 9.4 on SLE 11 before upgrading the system from SLE 11 to SLE 12.

Newer versions of PostgreSQL come with the pg_upgrade tool that simplifies and speeds up the migration of a PostgreSQL installation to a new version. Formerly, it was necessary to dump and restore the database files which was much slower.

To work, pg_upgrade needs to have the server binaries of both versions available. To allow this, we had to change the way PostgreSQL is packaged as well as the naming of the packages, so that two or more versions of PostgreSQL can be installed in parallel.

Starting with version 9.1, PostgreSQL package names on SUSE Linux Enterprise products contain numbers indicating the major version. In PostgreSQL terms, the major version consists of the first two components of the version number, for example, 9.1, 9.3, and 9.4. So, the packages for PostgreSQL 9.3 are named postgresql93, postgresql93-server, etc. Inside the packages, the files were moved from their standard location to a versioned location such as /usr/lib/postgresql93/bin or /usr/lib/postgresql94/bin. This avoids file conflicts if multiple packages are installed in parallel. The update-alternatives mechanism creates and maintains symbolic links that cause one version (by default the highest installed version) to re-appear in the standard locations. By default, database data is stored under /var/lib/pgsql/data on SUSE Linux Enterprise.

The following preconditions have to be fulfilled before data migration can be started:

Upstream documentation about pg_upgrade including step-by-step instructions for performing a database migration can be found under file:///usr/share/doc/packages/postgresql94/html/pgupgrade.html (if the postgresql94-docs package is installed), or online under http://www.postgresql.org/docs/9.4/static/pgupgrade.html (http://www.postgresql.org/docs/9.4/static/pgupgrade.html). NOTE: The online documentation explains how you can install PostgreSQL from the upstream sources (which is not necessary on SLE) and also uses other directory names (/usr/local instead of the update-alternatives based path as described above).

For background information about the inner workings of pg_admin and a performance comparison with the old dump and restore method, see http://momjian.us/main/writings/pgsql/pg_upgrade.pdf (http://momjian.us/main/writings/pgsql/pg_upgrade.pdf).

ntp was updated to version 4.2.8.

Name resolution for the affected hosts works otherwise.

Configure ntpd to not run in chroot mode by setting

NTPD_RUN_CHROOTED="no"

in /etc/sysconfig/ntp. Then restart the service with:

systemctl restart ntpd

Due to the architecture of ntpd, it does not start reliably in a chroot environment. Furthermore, the daemon drops all capabilities except for the one needed to open sockets on reserved ports, so chroot is not required. If policy requirements mandate this, AppArmor can be used to further limit the process in what it can do.

Additional Information

The meaning of some parameters has changed, for example sntp -s is now sntp -S.

After having been deprecated for several years, ntpdc is now disabled by default for security reasons. It can be re-enabled by adding the line enable mode7 to /etc/ntp.conf, but preferably ntpq should be used instead.

The package fcoe-utils used to depend on the back-end libraries libHBAAPI and libhbalinux. The sole purpose of these two libraries is reading informational and statistical data from Sysfs.

The commands fcoeadm and fcping from the package fcoe-utils have been rewritten to directly read the needed information from Sysfs without a third-party back-end library.

New Helper Script and systemd Unit Files

SLE 12 SP1 ships with a new /usr/lib/mysql/mysql-systemd-helper script and the following native systemd unit files:

The reason was to move rc.mysql-multi init script to the systemd services which call mysql-systemd-helper.

Restart on Failure

Within the unit files, the option Restart=on-failure is set. This means that the MariaDB instance is automatically restarted on failure.

Managing Services Using systemd

Instead of chkconfig mysql on (etc.), use native systemd commands now, for example:

systemctl enable mysql

Multiple Instances of MariaDB

After setting multiple instances in /etc/my.cnf, they can be managed with:

mysqld_multi

For more information, see mysqld_multi --help (same as SP0).

In Service Pack 1 of SUSE Linux Enterprise 12, Tomcat 7 was replaced by Tomcat 8 to allow access to newer features.

The Python script interpreter was updated to version 2.7.9. A key feature is the improved SSL module which can better check X.509 certificates used in TLS/SSL communication.

If certificate validation is enabled, the Python SSL module will no longer work with TLS/SSL installations that rely on self-signed certificates or are set up improperly.

For compatibility reasons, TLS/SSL certificate validation remains disabled by default.

Starting with SLES 12 SP1, IBM Java 8 is available for SLES 12.

For documentation and features see: http://www-01.ibm.com/support/docview.wss?uid=swg21696670 (http://www-01.ibm.com/support/docview.wss?uid=swg21696670)

Docker Compose is not supported as a part of SUSE Linux Enterprise Server 12. While it was temporarily included as a Technology Preview, testing showed that the technology was not ready for enterprise use.

SUSE's focus is on Kubernetes which provides better value in terms of features, extensibility, stability and performance.

The following packages were removed with the major release of SUSE Linux Enterprise Server 12:

The following packages were removed with the release of SUSE Linux Enterprise Server 12 SP1:

In order to be able to create PDFs, graphviz needs the package graphviz-gnome. Therefore, graphviz unconditionally required that package. This is unwanted on systems where X11 is not installed.

graphviz package now only pulls in graphviz-gnome if X11 is installed.

This means that on systems without X11, the graphviz tools cannot create PDFs.

The Legacy module now provides a package for libgcrypt11. This enables running applications built on SLES 11 against libgcrypt11 on SLES 12.

For more information about Extension and Modules, see the product documentation and SUSE Linux Enterprise Server 12 Modules (https://www.suse.com/docrep/documents/huz0a6bf9a/suse_linux_enterprise_server_12_modules_white_paper.pdf).

A long-standing class of security issues are time-of-check/time-of-use races of symbolic links and hard links, most commonly seen in world-writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given symbolic link or hard link. That is, having a root process follow a link created by another user.

Additionally, on systems without separated partitions, unauthorized users could "pin" vulnerable setuid/setgid files against being upgraded by the administrator by creating hard links to them or linking to special files.

In /usr/lib/sysctl.d/50-default.conf, this behavior can now be adjusted using the options fs.protected_hardlinks and fs.protected_symlinks:

SUSE now sets this to 1 by default.

On-the-fly compression is now supported with Btrfs. It can be turned on through mount-time options passed to the filesystem. See the Btrfs section in mount(8) manual page for details.

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later we introduced xfs to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel read- and write-operations. With SUSE Linux Enterprise 12 we are going the next step of innovation and are using the Copy on Write file system btrfs as the default for the operating system, to support system snapshots and rollback.

“+”: supported; “-”: unsupported.

The maximum file size above can be larger than the file system's actual size due to usage of sparse blocks. Note that unless a file system comes with large file support (LFS), the maximum file size on a 32-bit system is 2 GB (2^31 bytes). Currently all of our standard file systems (including ext3 and ReiserFS) have LFS, which gives a maximum file size of 2^63 bytes in theory. The numbers in the above tables assume that the file systems are using 4 KiB block size. When using different block sizes, the results are different, but 4 KiB reflects the most common standard.

In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024 GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also http://physics.nist.gov/cuu/Units/binary.html.

NFSv4 with IPv6 is only supported for the client side. A NFSv4 server with IPv6 is not supported.

This version of Samba delivers integration with Windows 7 Active Directory Domains. In addition we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability 11 SP3.

The following table lists supported and unsupported Btrfs features across multiple SLES versions.