Jump to content
SUSE Linux Enterprise Micro 5.1

Release Notes

SUSE Linux Enterprise Micro is a modern operating system primarily targeted for edge computing. This document provides a high-level overview of features, capabilities, and limitations of SUSE Linux Enterprise Micro 5.1.

These release notes are updated periodically. The latest version of these release notes is always available at https://www.suse.com/releasenotes. General documentation can be found at https://documentation.suse.com/sle-micro/5.1.

Publication Date: 2021-10-08, Version: 5.1.20211008

1 SUSE Linux Enterprise Micro

SUSE Linux Enterprise Micro 5.1 is a modern operating system primarily targeted for edge computing.

1.1 Documentation and other information

1.1.1 Available on the product media

  • Read the READMEs on the media.

  • Get the detailed change log information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm
  • Check the ChangeLog file in the top level of the installation medium for a chronological log of all changes made to the updated packages.

  • Find more information in the docu directory of the installation medium of SUSE Linux Enterprise Micro 5.1. This directory includes PDF versions of the SUSE Linux Enterprise Micro 5.1 Installation Quick Start Guide.

1.1.2 Online documentation

1.2 Support and life cycle

SUSE Linux Enterprise Micro is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.

SUSE Linux Enterprise Micro 5.1 has a 4-year life cycle. For more information, see https://www.suse.com/lifecycle and the Support Policy page at https://www.suse.com/support/policy.html.

2 About the release notes

These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.

Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.

3 Changes affecting all architectures

Information in this section applies to all architectures supported by SUSE Linux Enterprise Micro 5.1.

4 General features and fixes

Information in this section applies to all architectures supported by SUSE Linux Enterprise Micro 5.1.

4.1 Installation media

There are two types of installation media of SUSE Linux Enterprise Micro. The installer ISO allows to install via YaST or AutoYaST, with the possibility to fully customize the installation. The pre-built images contain a system image already pre-configured. Neither of the media is intended to be used for upgrades from the previous version of SUSE Linux Enterprise Micro.

There are slight differences between these two:

  • the software selection for the default installation from the ISO contains fewer packages than the pre-built image

  • firewalld is only installed from the ISO if the firewall is enabled during installation

The images have two things in common:

  • SELinux is not enabled by default

  • firewalld is not enabled by default

To upgrade from the previous version, use the transactional-update command. Neither of the media is needed for that.

4.2 Cockpit web-based node management system

For web-based management of a single node, Cockpit is included.

Cockpit is not enabled by default and its firewall port is not open if the firewall is enabled.

You can enable Cockpit via systemctl enable --now cockpit.socket. Cockpit will then be available at https://YOUR_IP_ADDRESS:9090.

4.3 Managing SUSE Linux Enterprise Micro with SUSE Manager

SUSE Manager can be used to manage SUSE Linux Enterprise Micro hosts. There are certain limitations:

  • SUSE Linux Enterprise Micro host cannot be monitored with SUSE Manager

  • SUSE Manager does not provide integrated container management yet. As a workaround, you can use Salt via cmd.run podman.

  • SUSE Manager can manage the SUSE Linux Enterprise Micro hosts ony with the Salt stack; the traditional stack is not supported

  • Ansible control node cannot be instaled on SUSE Linux Enterprise Micro

We intend to resolve these issues in the future maintenance updates of SUSE Linux Enterprise Micro on SUSE Manager.

4.4 Enabling SELinux

SUSE Linux Enterprise Micro includes SELinux with base system policies. Before enabling SELinux, make sure to install the necessary policies for your workload.

If you are running SUSE Linux Enterprise Micro as KVM virtualization host, the use of SELinux is strongly discouraged and not supported.

4.5 toolbox container

SUSE Linux Enterprise Micro provides the toolbox container. However, it is not part of the media and needs to be downloaded from https://registry.suse.com. To download from the registry, the system needs network access.

The toolbox container does not include or inherit a software repository setup from the underlying system. If the underlying system is registered properly, zypper will enable a basic set of repositories (Basesystem and Server Applications modules of SUSE Linux Enterprise Server 15 SP2) when you execute it. Then you can install additional software into the container.

4.6 Kernel Live Patching

SUSE Linux Enterprise Micro now supports Kernel Live Patching. If your subscription includes the Live Patching module, you can either install it directly during the installation, or register it using the transactional-update command.

After enabling the Live Patching module, it is necessary to change the configuration of libzypp whether or not you want to apply live patches. In /etc/zypp/zypp.conf change the following variables:

  • multiversion = provides:multiversion(kernel) in order to keep the running kernel while patching the system; otherwise you may get dependency conflicts during applying updates

  • multiversion.kernels = latest in order to clean-up kernels in the new created snapshot after applying the live patch; otherwise the snapshot will keep the previous kernel during applying updates

In order to enable live patching, additionally set LIVEPATCH_KERNEL='always' in /etc/sysconfig/livepatching.

To make sure that the live patches are installed after kernel upgrade, make sure to install matching version of the kernel-default-livepatch package.

Note that kernel live patching is only available for the x86-64 and s390x architectures. It is also not available for the real-time kernel.

4.7 Intel Secure Device Onboard (SDO)

SUSE Linux Enterprise Micro includes needed packages for Intel Secure Device Onboard. Intel Secure Device Onboard helps onboard any device to any device management system. The packages are only provided as a technology preview and do not offer full support. Using Intel Secure Device Onboard needs proper integration into your target environment and only works on supported hardware.

4.8 System V init scripts

SUSE Linux Enterprise Micro does not support init script of system services, which are usually located in /etc/init.d directory. Even if this directory still exists, it is empty on purpose. systemd unit files should be used instead of initscripts. To start system services or to configure their status on boot, use the systemctl command instead.

5 Installing SUSE Linux Enterprise Micro

SUSE Linux Enterprise Micro 5.1 can be installed in the following ways:

5.1 Manually installing with YaST

The installation workflow for manual installation is similar to SUSE Linux Enterprise Server. However, it is stripped down and configuration options are more limited. For more information, see the SUSE Linux Enterprise Server documentation.

5.2 Unattended installation with AutoYaST

Installing SUSE Linux Enterprise Micro with AutoYaST works similarly to installing SLES with AutoYaST. The two main differences are:

  • There is limited set of options that can be configured via the AutoYaST profile.

  • There is no second stage of the AutoYaST workflow.

For more information, see the SUSE Linux Enterprise Micro and SUSE Linux Enterprise Server documentation.

The following example shows an AutoYaST profile:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
  <suse_register>
    <do_registration config:type="boolean">true</do_registration>
    <reg_code>YOUR_REGISTRATION_CODE</reg_code>
    <install_updates config:type="boolean">true</install_updates>
    <reg_server>http://YOUR_SMT_SERVER</reg_server>
  </suse_register>
  <bootloader>
    <global>
      <timeout config:type="integer">-1</timeout>
      <hiddenmenu>false</hiddenmenu>
    </global>
  </bootloader>
  <general>
    <mode>
      <confirm config:type="boolean">false</confirm>
      <second_stage config:type="boolean">false</second_stage>
    </mode>
  </general>
  <software>
    <products config:type="list">
      <product>SUSE-MicroOS</product>
    </products>
    <install_recommended config:type="boolean">true</install_recommended>
    <packages config:type="list">
      <package>grub2</package>
    </packages>
    <patterns config:type="list">
      <pattern>basesystem</pattern>
      <pattern>microos-container_runtime</pattern>
      <pattern>microos-selinux</pattern>
    </patterns>
  </software>
  <users config:type="list">
    <user>
      <encrypted config:type="boolean">false</encrypted>
      <user_password>ROOT_PASSWORD</user_password>
      <username>root</username>
    </user>
  </users>
</profile>

AutoYaST only supports a limited set of sections compared to SUSE Linux Enterprise Server:

  • add-on

  • bootloader

  • configuration_management

  • fcoe-client

  • groups

  • general

  • iscsi-client

  • kdump

  • keyboard

  • language

  • login_settings

  • networking

  • partitioning

  • partitioning_advanced

  • report

  • runlevel / services-manager

  • scripts (pre-scripts, postpartitioning-scripts, chroot-scripts)

  • security

  • software

  • ssh_import

  • suse_register

  • timezone

  • users

  • user_defaults

Note
Note: Explicitly disable the second stage

AutoYaST can set some options in either the first or the second stage. SUSE Linux Enterprise Micro does not include a second stage. For some settings (such as networking) to be applied during the first stage, you need to explicitly disable the second stage:

<second_stage config:type="boolean">false</second_stage>

The example profile above already includes this line.

5.3 Unattended installation with Yomi (technology preview)

To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi. Installation with Yomi is a technology preview.

5.4 Deploying pre-built images

SUSE Linux Enterprise Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. SUSE Linux Enterprise Micro is also provided as images for specific hardware device with a customized software selection.

To deploy an image, first identify and download the image you need. Then decompress it and write it to a storage device:

xz -d <downloaded_image.raw.xz>
dd if=<downloaded_image.raw> of=/dev/sdX

When the image is first booted, use Ignition or Combustion for initial configuration. Make sure to set a root password or there will be no way to access the system after deployment.

Ignition or Combustion are invoked only the first time the image boots. To invoke them at a later reboot, append ignition.firstboot to the kernel command line.

Ignition configuration files should be named ignition/config.ign, and can be stored on a USB stick. A minimal Ignition configuration file could look like this:

{
  "ignition":{
    "version":"3.1.0"
  },
  "passwd":{
    "users":[
      {
        "name":"root",
        "passwordHash":"hash, created with, for example, `openssl passwd -6`"
      }
    ]
  }
}

For more information about Ignition and Combustion, including further examples, see:

5.5 Upgrade from previous version

Upgrade from SLE Micro 5.0 is only possible via the transactional-update tool. In order to upgrade a registered system, use the transactional-update migration command from running system. If your system is not registered, update the configured repositories and use transactional-update dup command.

6 Known issues

6.1 Error on console while booting with SELinux enabled

When booting the system with SELinux enabled, the console reports:

Failed to transition into init label 'system_u:system_r:init_t:s0'

This message is harmless.

6.2 Podman and firewalld

When reloading firewalld via firewall-cmd --reload, all Podman-related rules go missing. For this reason, firewalld is not enabled by default during installation. For more information, see https://github.com/containers/podman/issues/5431.

6.3 Pre-built images report two IP addresses on first boot

When booting the pre-built images the first time, two IP addresses may be reported by the ip a command or other tools. This issue only happens on the first boot of the image, on the following boots only a single IP address is assigned to the network interface.

6.4 VNC package cannot be installed during installation

The YaST installer offers installation via VNC. The installer also tries to make it possible to use the final system the same way that the system was initially installed. Therefore, the installer will attempt to install appropriate software and open appropriate firewall ports for later access to the system. However, the VNC server package is only available during the installation, but not for the installed system.

As the VNC server package cannot be installed, the installer will issue a warning. You can safely ignore this warning.

7 Obtaining source code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/download/sle-micro/ on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.

Print this page