Jump to content
SUSE Linux Enterprise Server 15 SP2

Release Notes

SUSE Linux Enterprise Server is a modern, modular operating system for both multimodal and traditional IT. This document provides a high-level overview of features, capabilities, and limitations of SUSE Linux Enterprise Server 15 SP2 and highlights important product updates.

This product will be released in June 2020. The latest version of these release notes is always available at https://www.suse.com/releasenotes (https://www.suse.com/releasenotes). Drafts of the general documentation can be found at https://susedoc.github.io/doc-sle/master (https://susedoc.github.io/doc-sle/master).

Publication Date: 2020-03-13, Version: 15.2.20200313
1 About the Release Notes
2 SUSE Linux Enterprise Server
2.1 Interoperability and Hardware Support
2.2 What Is New?
2.3 Important Sections of This Document
2.4 Security, Standards, and Certification
2.5 Documentation and Other Information
2.6 Support and Life Cycle
2.7 Support Statement for SUSE Linux Enterprise Server
2.8 Technology Previews
3 Modules, Extensions, and Related Products
3.1 Modules in the SLE 15 SP2 Product Line
3.2 Available Extensions
3.3 Derived and Related Products
4 Installation and Upgrade
4.1 Installation
4.2 Upgrade-Related Notes
4.3 JeOS: Just Enough Operating System
4.4 For More Information
5 General Features & Fixes
5.1 Authentication
5.2 Base System
5.3 Containers
5.4 Databases
5.5 Development
5.6 Desktop
5.7 File Systems
5.8 Hardware
5.9 Kernel
5.10 Networking
5.11 Performance-Related Information
5.12 Security
5.13 Storage
5.14 Systems Management
5.15 Virtualization
5.16 Miscellaneous
6 AMD64/Intel 64-Specific Features & Fixes (x86-64)
7 POWER-Specific Features & Fixes (ppc64le)
8 IBM Z-Specific Features & Fixes (s390x)
8.1 Hardware
8.2 Network
8.3 Performance
8.4 Security
8.5 Storage
8.6 Virtualization
9 Arm 64-Bit-Specific Features & Fixes (AArch64)
9.1 System-on-Chip Driver Enablement
9.2 Boot and Driver Enablement for Raspberry Pi
9.3 No CPU Frequency Scaling on Fujitsu A64FX
9.4 Deprecation of Early Marvell ThunderX2 Silicon Support
9.5 Btrfs Subvolume for /boot/grub2/arm64-efi Missing After System Upgrade
10 Known Issues & Workarounds
10.1 Persistent Naming for SCSI Devices Is Now Active
11 Removed and Deprecated Features and Packages
11.1 Deprecated Features and Packages
12 Obtaining Source Code
13 Legal Notices

1 About the Release Notes

These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes (https://www.suse.com/releasenotes).

Entries can be listed twice, if they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.

2 SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 15 SP2 is a multimodal operating system that paves the way for IT transformation in the software-defined era. The modern and modular OS helps simplify multimodal IT, makes traditional IT infrastructure efficient and provides an engaging platform for developers. As a result, you can easily deploy and transition business-critical workloads across on-premise and public cloud environments.

SUSE Linux Enterprise Server 15 SP2, with its multimodal design, helps organizations transform their IT landscape by bridging traditional and software-defined infrastructure.

2.1 Interoperability and Hardware Support

Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix and Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility.

This modular, general purpose operating system runs on four processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering.

SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription. This makes it the perfect guest operating system for virtual computing.

2.2 What Is New?

2.2.1 General Changes in SLE 15

SUSE Linux Enterprise Server 15 introduces many innovative changes compared to SUSE Linux Enterprise Server 12. The most important changes are listed below.

Migration from openSUSE Leap to SUSE Linux Enterprise Server

Starting with SLE 15, we support migrating from openSUSE Leap 15 to SUSE Linux Enterprise Server 15. Even if you decide to start out with the free community distribution you can later easily upgrade to a distribution with enterprise-class support.

Extended Package Search

Use the new Zypper command zypper search-packages to search across all SUSE repositories available for your product even if they are not yet enabled. This functionality makes it easier for administrators and system architects to find the software packages needed. To do so, it leverages the SUSE Customer Center.

Software Development Kit

With SLE 15, the Software Development Kit is now integrated into the products. Development packages are packaged alongside regular packages. In addition, the Development Tools module contains tools for development.

RMT Replaces SMT

SMT (Subscription Management Tool) has been removed. Instead, RMT (Repository Mirroring Tool) now allows mirroring SUSE repositories and custom repositories. You can then register systems directly with RMT. In environments with tightened security, RMT can also proxy other RMT servers.

Major updates to the software selection:
Salt

SLE 15 SP2 can be managed via Salt, making it integrate better with modern management solutions, such as SUSE Manager.

Python 3

As the first enterprise distribution, SLE 15 offers full support for Python 3 development in addition to Python 2.

Directory Server

389 Directory Server replaces OpenLDAP as the LDAP directory service.

2.2.2 Changes in 15 SP2

SUSE Linux Enterprise Server 15 SP2 introduces changes compared to SUSE Linux Enterprise Server SP1. The most important changes are listed below.

Media Changes

The Unified Installer and Packages DVDs known from SUSE Linux Enterprise Server 15 SP1 are deprecated and have been replaced by the following media:

  • Online Installation Media: All SUSE Linux Enterprise 15 products can be installed with this stand alone media, after entering a registration key. The necessary packages are fetched from online repositories only. For information about available modules, see Section 3.1, “Modules in the SLE 15 SP2 Product Line”.

  • Full Installation Media: All SUSE Linux Enterprise Server 15 products can be installed without network connection with this media, for offline installation scenarios. The media contains all necessary packages. It consists of directories with module repositories which need to be added manually as needed. RMT (Repository Mirroring Tool) and SUSE Manager provide additional options for disconnected or managed installation.

Kernel

SLE 15 SP2 includes the Linux 5.3 kernel. This new kernel release includes upstream features such as 16 million additionally usable IPv4 addresses, utilization clamping support in the task scheduler, power-efficient userspace waiting with the umwait x86_64 instructions and many more.

Vagrant Boxes

SLES 15 SP2 and SLED 15 SP2 will be available as a Vagrant Box. You can obtain boxes for the following architectures:

  • SUSE Linux Enterprise Server: x86_64: libvirt and VirtualBox; AArch64: libvirt

  • SUSE Linux Enterprise Desktop: x86_64: libvirt and VirtualBox

For more information, see Section 5.15.7, “Vagrant”.

2.3 Important Sections of This Document

If you are upgrading from a previous SUSE Linux Enterprise Server release, you should review at least the following sections:

2.4 Security, Standards, and Certification

SUSE Linux Enterprise Server 15 SP2 has been submitted to the certification bodies for:

For more information about certification, see https://www.suse.com/security/certificates.html (https://www.suse.com/security/certificates.html).

2.5 Documentation and Other Information

2.5.1 Available on the Product Media

  • Read the READMEs on the media.

  • Get the detailed change log information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm
  • Check the ChangeLog file in the top level of the media for a chronological log of all changes made to the updated packages.

  • Find more information in the docu directory of the media of SUSE Linux Enterprise Server 15 SP2. This directory includes PDF versions of the SUSE Linux Enterprise Server 15 SP2 Installation Quick Start Guide.

2.5.2 Externally Provided Documentation

2.6 Support and Life Cycle

SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.

SUSE Linux Enterprise Server 15 has a 13-year life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (SP2) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise Server 15 SP3.

If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support duration. You can buy an additional 12 to 36 months in twelve month increments. This means, you receive a total of 3 to 5 years of support per Service Pack.

For more information, check our Support Policy page https://www.suse.com/support/policy.html (https://www.suse.com/support/policy.html) or the Long Term Service Pack Support Page https://www.suse.com/support/programs/long-term-service-pack-support.html (https://www.suse.com/support/programs/long-term-service-pack-support.html).

2.7 Support Statement for SUSE Linux Enterprise Server

To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server (https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server).

The following definitions apply:

L1

Problem determination, which means technical support designed to provide compatibility information, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation.

L2

Problem isolation, which means technical support designed to analyze data, reproduce customer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3.

L3

Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support.

For contracted customers and partners, SUSE Linux Enterprise Server is delivered with L3 support for all packages, except for the following:

SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.

2.7.1 General Support

To learn about supported features and limitations, refer to the following sections in this document:

2.7.2 Software Requiring Specific Contracts

2.8 Technology Previews

Technology previews are packages, stacks, or features delivered by SUSE to provide glimpses into upcoming innovations. Technology previews are included for your convenience to give you a chance to test new technologies within your environment. We would appreciate your feedback! If you test a technology preview, please contact your SUSE representative and let them know about your experience and use cases. Your input is helpful for future development.

Technology previews come with the following limitations:

  • Technology previews are still in development. Therefore, they may be functionally incomplete, unstable, or in other ways not suitable for production use.

  • Technology previews are not supported.

  • Technology previews may only be available for specific hardware architectures. Details and functionality of technology previews are subject to change. As a result, upgrading to subsequent releases of a technology preview may be impossible and require a fresh installation.

  • Technology previews can be removed from a product at any time. This may be the case, for example, if SUSE discovers that a preview does not meet the customer or market needs, or does not comply with enterprise standards.

2.8.1 Technology Previews for All Architectures

  • Maven 3.6.2 has been added to SUSE Linux Enterprise Server 15 SP2 as a Technology Preview.

2.8.1.1 New Kernel Process Scheduling Variant

As a technology preview, SUSE Linux Enterprise Server 15 SP2 offers the new kernel variant kernel-preempt for latency-sensitive workloads. The settings of kernel-preempt support timely reaction to external events and precise timing at the cost of overall system throughput.

2.8.2 Technology Previews for Arm 64-Bit (AArch64)

2.8.3 Technology Previews for Intel 64/AMD64 (x86-64)

2.8.3.1 haltpoll Driver and Governor for Latency-Sensitive Virtual Guests Have Been Added

On bare-metal, a task waiting for a spinlock can use the mwait instruction to detect a change. This avoids an expensive Inter Processor Interrupt (IPI) when a waiting task must be woken. On virtual guests, mwait is difficult to emulate and IPIs are generally required (though this cost can be reduced with halt_poll_ns).

As a technology preview, the SUSE Linux Enterprise Server 15 SP2 kernel for x86_64 includes haltpoll, a guest driver that polls a virtual CPU within the guest for an auto-tuned duration. haltpoll improves the performance of some latency-sensitive, virtualized applications. haltpoll can only be used on physical hosts with a recent x86_64 CPU.

To use it:

  • On the physical host, the QEMU commands that starts the virtual machine has to contain the parameter -cpu host,kvm-hint-dedicated=on. virsh allows specifying this parameter using <hint-dedicated state='on'/> and <cpu mode='host-passthrough' check='none'/>. For more information, see the libvirt Documentation (https://libvirt.org/formatdomain.html#elementsFeatures).

  • Load the driver in the virtual host: modprobe cpuidle-haltpoll. If it cannot be loaded, check journalctl -k. If something went wrong, you may see an -ENODEV error.

If you are using libvirt/virsh, verify that the kvm-hint-dedicated parameter is actually passed to QEMU. There are two complimentary ways of checking whether the parameter is successfully applied:

  • On the host: Check the qemu command in the process list.

  • On the guest: Check whether the QEMU KVM parameter above is active with cpuid (from the package cpuid): If it is active, cpuid -1 -l 0x40000001 will show that the first bit of edx is set: edx=0x00000001.

2.8.4 Technology Previews for IBM Z (s390x)

2.8.5 Technology Previews for POWER (ppc64le)

3 Modules, Extensions, and Related Products

This section comprises information about modules and extensions for SUSE Linux Enterprise Server 15 SP2. Modules and extensions add functionality to the system.

3.1 Modules in the SLE 15 SP2 Product Line

The SLE 15 SP2 product line is made up of modules that contain software packages. Each module has a clearly defined scope. Modules differ in their life cycles and update timelines.

The modules available within the product line based on SUSE Linux Enterprise 15 SP2 at the release of SUSE Linux Enterprise Server 15 SP2 are listed in the Modules and Extensions Quick Start at https://susedoc.github.io/doc-sle/master/html/SLES-modulesquick/ (https://susedoc.github.io/doc-sle/master/html/SLES-modulesquick/) (draft version).

Not all SLE modules are available with a subscription for SUSE Linux Enterprise Server 15 SP2 itself (see the column Available for).

For information about the availability of individual packages within modules, see https://scc.suse.com/packages (https://scc.suse.com/packages).

3.2 Available Extensions

Extensions add extra functionality to the system and require their own registration key, usually at additional cost. Most extensions have their own release notes documents that are available from https://www.suse.com/releasenotes (https://www.suse.com/releasenotes).

The following extensions are available for SUSE Linux Enterprise Server 15 SP2:

Additionally, there is the following extension which is not covered by SUSE support agreements, available at no additional cost and without an extra registration key:

4 Installation and Upgrade

SUSE Linux Enterprise Server can be deployed in several ways:

  • Physical machine

  • Virtual host

  • Virtual machine

  • System containers

  • Application containers

4.1 Installation

This section includes information related to the initial installation of SUSE Linux Enterprise Server 15 SP2.

Important
Important: Installation Documentation

The following release notes contain additional notes regarding the installation of SUSE Linux Enterprise Server. However, they do not document the installation procedure itself.

For installation documentation, see the Deployment Guide at https://susedoc.github.io/doc-sle/master/html/SLES-deployment/ (https://susedoc.github.io/doc-sle/master/html/SLES-deployment/) (draft version).

4.1.1 New Media Layout

The set of media has changed with 15 SP2. There are still two different installation media, but the way they can be used has changed:

  • Installation without registration now only requires the full media. The installer has been added and therefore can be used stand-alone. The full media can therefore serve as universal media for all types of installation.

  • Installation with registration can either be performed with the online media (as with SUSE Linux Enterprise Server 15 SP1) or with the full media.

4.1.2 Proposed Partition Table on Raspberry Pi

With previous versions of SUSE Linux Enterprise Server, when installing on a Raspberry Pi machine with an SD card with no ESP/firmware partition, such a partition had to be created manually.

With 15 SP2, the installer makes sure to propose an MS-DOS type partition for the SD card. This new partitioning proposal can be used out-of-the-box without further changes.

4.1.3 Disabling UEFI Secure Boot with AutoYaST

By default, AutoYaST enables Secure Boot based on its availability and firmware settings. However, in some cases, it may be desirable to force disabling it unconditionally.

In this case, it is now possible to disable UEFI Secure Boot via the AutoYaST profile. For more information, see https://documentation.suse.com/sles/15-SP2/single-html/SLES-autoyast/ (https://documentation.suse.com/sles/15-SP2/single-html/SLES-autoyast/).

4.1.4 AutoYaST Support of Btrfs File Systems Spread over Multiple Devices

AutoYaST now supports Btrfs file systems that are spread over more than a single partition or device. This includes support for both cloning a system (to create a profile) and support for applying such a profile during an auto-installation.

4.2 Upgrade-Related Notes

This section includes upgrade-related information for SUSE Linux Enterprise Server 15 SP2.

Important
Important: Upgrade Documentation

The following release notes contain additional notes regarding the upgrade of SUSE Linux Enterprise Server. However, they do not document the upgrade procedure itself.

For upgrade documentation, see the Upgrade Guide at https://susedoc.github.io/doc-sle/master/html/SLES-upgrade/ (https://susedoc.github.io/doc-sle/master/html/SLES-upgrade/) (draft version).

4.2.1 Make Sure the Current System Is Up-To-Date Before Upgrading

Upgrading the system is only supported from the most recent patch level. Make sure the latest system updates are installed by either running zypper patch or by starting the YaST module Online-Update. An upgrade on a system that is not fully patched may fail.

4.2.2 Skipping Service Packs Requires LTSS

Skipping service packs during an upgrade is only supported if you have a Long Term Service Pack Support contract. Otherwise you need to first upgrade to SP1 before upgrading to SP2.

4.3 JeOS: Just Enough Operating System

SUSE Linux Enterprise Server JeOS is a slimmed-down form factor of SUSE Linux Enterprise Server that is ready to run in virtualization environments and the cloud. With SUSE Linux Enterprise Server JeOS, you can choose the right-sized SUSE Linux Enterprise Server option to fit your needs.

We are providing different virtual disk images for JeOS, using the .qcow2, .vhdx, and .vmdk file formats respectively, for KVM, Xen, OpenStack, Hyper-V, and VMware environments. All JeOS images set up the same disk size (24 GB) for the JeOS system. Due to the nature of the different image formats, the size of the JeOS image files differs.

4.3.1 JeOS Disks Are Now Mounted By UUID Instead of By Label

All SUSE Linux Enterprise JeOS (and openSUSE JeOS) image flavors now use the Mount by UUID setting for disks.

Switching to Mount by UUID for all JeOS images has the following benefits:

  • Matches the default setting of a regular SLE installation.

  • Uses the same setting for all SUSE Linux Enterprise JeOS (and openSUSE JeOS) images.

This change only affects the JeOS images based on 15 SP2. Previous images, even if upgraded or migrated to 15 SP2, are not affected (JeOS images upgraded or migrated to 15 SP2 will not change their mount by setting).

4.4 For More Information

For more information, see Section 5, “General Features & Fixes” and the sections relating to your respective hardware architecture.

5 General Features & Fixes

Information in this section applies to all architectures supported by SUSE Linux Enterprise Server 15 SP2.

5.1 Authentication

5.1.1 389 Directory Server (389-ds) Administrative Tools

The various tools available in the lib389 package to administrate the 389-ds server are now available in SUSE Linux Enterprise Server.

5.2 Base System

5.2.1 Support for IP Filtering in systemd

Support for IP filtering, as described in http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html (http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html) is now available in systemd on SUSE Linux Enterprise Server 15 SP2.

5.3 Containers

5.3.1 Support for podman

Starting with SUSE Linux Enterprise Server 15 SP2, podman is a supported container engine. However, certain features of podman that are currently excluded from support:

  • The varlink remote API

  • Rootless containers

  • Support for cgroups v2

  • Any CNI plugin other than default bridge plug-in

  • Automatic generation of systemd units via podman generate systemd

  • Pod management via podman pod …​ and podman play

  • The podman container diff command

5.4 Databases

5.5 Development

5.5.1 Supported Java Versions

The following table lists Java implementations available in SUSE Linux Enterprise Server 15 SP2:

Name (Package Name)VersionModuleSupport

OpenJDK (java-11-openjdk)

11

Base System

SUSE, L3

OpenJDK (java-10-openjdk)

10

Legacy

SUSE, L3

IBM Java (java-1_8_0-ibm)

1.8.0

Legacy

External

5.6 Desktop

5.6.1 GNOME Desktop Update

The GNOME Desktop (and associated applications) has been updated to version 3.34 (from version 3.26). This updates brings many improvements, performance improvements, and new features. Among those, you might notice visual refreshes for a number of applications, including the desktop itself and the icon set, custom folders in application overview, redesign of various control panels, and a new on-screen keyboard.

5.6.2 Remote Desktop Packages Update

Various packages used for remote desktop have been updated: xrdp to 0.9.11 and xorgxrdp to 0.2.11.

5.6.3 Qt5 update

Qt5 libraries have been updated to latest 5.12 LTS branch.

5.6.4 Gstreamer Update

The Gstreamer multimedia framework has been updated to version 1.16.2. This version includes among various bug fixes and features, support for WebRTC.

5.6.5 libxml++ Support

Libxml++ libraries are available and supported in SUSE Linux Enterprise Server 15 SP2.

5.7 File Systems

5.7.1 Comparison of Supported File Systems

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.

y supported

n unsupported

FeatureBtrfsXFSExt4OCFS 21

Supported in product

SLE

SLE

SLE

SLE HA

Data/metadata journaling

N/A2

n / y

y / y

n / y

Journal internal/external

N/A2

y / y

y / y

y / n

Journal checksumming

N/A2

y

y

y

Subvolumes

y

n

n

n

Offline extend/shrink

y / y

n / n

y / y

y / n3

Inode allocation map

B-tree

B+-tree

Table

B-tree

Sparse files

y

y

y

y

Tail packing

n

n

n

n

Small files stored inline

y (in metadata)

n

y (in inode)

y (in inode)

Defragmentation

y

y

y

n

Extended file attributes/ACLs

y / y

y / y

y / y

y / y

User/group quotas

n / n

y / y

y / y

y / y

Project quotas

n

y

y

n

Subvolume quotas

y

N/A

N/A

N/A

Data dump/restore

n

y

n

n

Block size default

4 KiB4

Maximum file system size

16 EiB

8 EiB

1 EiB

4 PiB

Maximum file size

16 EiB

8 EiB

1 EiB

4 PiB

1 OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.

2 Btrfs is a copy-on-write file system. Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in. Until the last write, the changes are not "committed". Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups).

3 To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted.

4 The block size default varies with different host architectures. 64 KiB is used on POWER, 4 KiB on other systems. The actual size used can be checked with the command getconf PAGE_SIZE.

Additional Notes

Maximum file size above can be larger than the file system’s actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 263 bytes in theory.

The numbers in the table above assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different.

In this document:

  • 1024 Bytes = 1 KiB

  • 1024 KiB = 1 MiB;

  • 1024 MiB = 1 GiB

  • 1024 GiB = 1 TiB

  • 1024 TiB = 1 PiB

  • 1024 PiB = 1 EiB.

See also http://physics.nist.gov/cuu/Units/binary.html (http://physics.nist.gov/cuu/Units/binary.html).

Some file system features are available in SUSE Linux Enterprise Server 15 SP2 but are not supported by SUSE. By default, the file system drivers in SUSE Linux Enterprise Server 15 SP2 will refuse mounting file systems that use unsupported features (in particular, in read-write mode). To enable unsupported features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported. However, note that setting this option will render your kernel and thus your system unsupported.

5.7.2 Supported Btrfs Features

The following table lists supported and unsupported Btrfs features across multiple SLES versions.

y supported

n unsupported

FeatureSLES 11 SP4SLES 12 SP3SLES 12 SP4SLES 12 SP5SLES 15 GASLES 15 SP1SLES 15 SP2

Copy on Write

y

y

y

y

y

y

y

Free Space Tree (Free Space Cache v2)

n

n

n

n

n

y

y

Snapshots/Subvolumes

y

y

y

y

y

y

y

Swap Files

n

n

n

 

n

y

y

Metadata Integrity

y

y

y

y

y

y

y

Data Integrity

y

y

y

y

y

y

y

Online Metadata Scrubbing

y

y

y

y

y

y

y

Automatic Defragmentation

n

n

n

n

n

n

n

Manual Defragmentation

y

y

y

y

y

y

y

In-band Deduplication

n

n

n

n

n

n

n

Out-of-band Deduplication

y

y

y

y

y

y

y

Quota Groups

y

y

y

y

y

y

y

Metadata Duplication

y

y

y

y

y

y

y

Changing Metadata UUID

n

n

n

 

n

y

y

Multiple Devices

n

y

y

y

y

y

y

RAID 0

n

y

y

y

y

y

y

RAID 1

n

y

y

y

y

y

y

RAID 5

n

n

n

n

n

n

n

RAID 6

n

n

n

n

n

n

n

RAID 10

n

y

y

y

y

y

y

Hot Add/Remove

n

y

y

y

y

y

y

Device Replace

n

n

n

n

n

n

n

Seeding Devices

n

n

n

n

n

n

n

Compression

n

y

y

y

y

y

y

Big Metadata Blocks

n

y

y

y

y

y

y

Skinny Metadata

n

y

y

y

y

y

y

Send Without File Data

n

y

y

y

y

y

y

Send/Receive

n

y

y

y

y

y

y

Inode Cache

n

n

n

n

n

n

n

Fallocate with Hole Punch

n

y

y

y

y

y

y

5.8 Hardware

5.8.1 Support for Modes of Intel Optane DC Persistent Memory

With SUSE Linux Enterprise Server 15 SP2, Intel Optane DIMMs can be used in different modes on YES-certified platforms:

  • In App Direct Mode, the Intel Optane memory is used as fast persistent storage, an alternative to SSDs and NVMe devices. Data is persistent: It is kept when the system is powered off.

    App Direct Mode has been supported since SLE 12 SP4.

  • In Memory Mode, the Intel Optane memory serves as a cost-effective, high-capacity alternative to DRAM. In this mode, separate DRAM DIMMs act as a cache for the most frequently-accessed data while the Optane DIMMs memory provide large memory capacity. However, compared with DRAM-only systems, this mode is slower under random access workloads. If you run applications without Optane-specific enhancements that take advantage of this mode, memory performance may decrease. Data is not persistent: It is lost when the system is powered off.

    Memory Mode has been supported since SLE 15 SP1.

  • In Mixed Mode, the Intel Optane memory is partitioned, so it can serve in both modes simultaneously.

    Mixed Mode has been supported since SLE 15 SP1.

Not all certified platforms support all modes mentioned above. Direct hardware-related questions at your hardware partner. SUSE works with all major hardware vendors to make use of Intel Optane a perfect experience on the OS- and open-source infrastructure level.

5.9 Kernel

5.9.1 Kernel Upgraded to Version 5.3

In alignment with the established cycle, the operating system kernel was upgraded to version 5.3 in this service pack.

5.9.2 Remote Storage During System Boot

In the past, when a configured remote storage device was unavailable (for example, because of a network outage), the system could be blocked from booting.

Starting with SUSE Linux Enterprise Server 15 SP2, remote storage set up with YaST is configured so it does not block the system boot. Unavailable remote devices will be mounted when they become available.

5.9.3 Booting Without Enabling Swap

If a swap device is not available and the system cannot enable it during boot, booting may fail completely.

To make such a system reliably bootable, you can disable the activation of swap devices. Append the following options on the kernel command line:

systemd.device_wants_unit=off systemd.mask=swap.target

This prevents activation of all swap units. You can also mask only specific swap units, for example:

systemd.mask=dev-sda1.swap

5.9.4 Kernel Real-time Group Scheduling Configuration Changed

The scheduler allows reserving runtime proportion to tasks with real-time priority. As an extension, the CONFIG_RT_GROUP_SCHED build option further allows distributing this real-time allocation among cgroups. However, there are limitations in the current mainline kernel implementation of this feature.

Aligned with upstream recommendations, SUSE Linux Enterprise Server kernel is now shipped with the CONFIG_RT_GROUP_SCHED build option disabled.

5.9.5 Kernel Package Clean-up Reimplemented

Kernel-purge functionality has been integrated into zypper. The original /usr/sbin/purge-kernels script has been removed from the dracut package and replaced by the new zypper purge-kernels command. There is a new package purge-kernels-service that is responsible for running kernel package clean-up upon boot.

5.9.6 Reflink Support on XFS

Copy-on-write data extent sharing (reflinks), known from Btrfs, is now fully supported on XFS. This feature primarily allows for better storage space utilization.

Reflinks are available only on file systems formatted with the -m reflink=1 option of mkfs.xfs. The duperemove utility can be used for data deduplication on a reflink-enabled file system. Note that this feature is not yet compatible with file system DAX and is available on SUSE Linux Enterprise Server 15 SP2 and later. Earlier releases of SUSE Linux Enterprise Server can read reflink-enabled XFS file systems but not write them. Read-write mounts of reflink-enabled XFS file systems are strongly discouraged on these systems.

5.9.7 squashfs Version 3.x Legacy Formats Are Deprecated

squashfs 3.x file systems could last be created with SLE 11 GA. Since SLE 11 SP1, the tools produce the squashfs 4.0 format. Until now, the SLE kernel included convenience code allowing to mount file systems with the old format. Starting with SLE 15 SP2, however, the operating system kernel supports only the squashfs 4.0 format.

To migrate a squashfs file system from squashfs 3.x to squashfs 4.0:

  1. Make sure the tool package squashfs is installed:

    sudo zypper in squashfs
  2. Unpack the old squashfs file into a local directory:

    unsquashfs -d squashfs-root rootfs.squashfs3
  3. Repack the directory contents using the squashfs 4.0 format:

    mksquashfs squashfs-root rootfs.squashfs4

5.9.8 Systemtap Updated to Version 4.2

Systemtap has been upgraded to version 4.2 to match the upgraded kernel.

5.9.9 The Legacy Microcode Loading Interface Has Been Removed

The legacy /dev/cpu/microcode microcode loading interface has been removed. SUSE Linux Enterprise Server updates CPU microcode during system boot through the early loading method in the initial system ramdisk.

Loading microcode at runtime is discouraged in most scenarios and should only be used when absolutely necessary. For example, when early microcode loading is impossible as CPU features enabled by the microcode fail to be detected properly by the rest of the running system.

5.9.10 Kernel Limits

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 15 SP2.

SLES 15 SP2 (Linux 5.3)AMD64/Intel 64 (x86_64)IBM Z (s390x)POWER (ppc64le)ARMv8 (AArch64)

CPU bits

64

64

64

64

Maximum number of logical CPUs

8192

256

2048

480

Maximum amount of RAM (theoretical/certified)

> 1 PiB/​64 TiB

10 TiB/​256 GiB

1 PiB/​64 TiB

256 TiB/​n.a.

Maximum amount of user space/kernel space

128 TiB/​128 TiB

n.a.

512 TiB1/​2 EiB

256 TiB/​256 TiB

Maximum amount of swap space

Up to 29 * 64 GB

Up to 30 * 64 GB

Maximum number of processes

1048576

Maximum number of threads per process

Upper limit depends on memory and other parameters (tested with more than 120,000)2.

Maximum size per block device

Up to 8 EiB on all 64-bit architectures

FD_SETSIZE

1024

1 By default, the user space memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 512 TiB.

2 The total number of all processes and all threads on a system may not be higher than the "maximum number of processes".

5.10 Networking

5.10.1 Samba

The version of Samba shipped with SUSE Linux Enterprise Server 15 SP2 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 15 SP2.

5.10.2 NFSv4

NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported.

5.11 Performance-Related Information

5.12 Security

5.13 Storage

5.13.1 Additional libstoragemgmt Plugins

Plugins for HP (hpsa) and LSI (megaraid) hardware are now available for the libstoragemgmt package.

5.14 Systems Management

5.14.1 YaST NTP Client Module and systemd-timer

Starting with SUSE Linux Enterprise Server 15 SP2, the YaST module for NTP client configuration configures the systemd-timer (instead of the cron daemon) to execute chrony if it is not configured to run as a daemon and still performs a regular time sync.

5.14.2 Networking Technologies Removed from the YaST Network Module

The following networking technologies are no longer supported by the YaST module for network configuration:

  • PCMCIA

  • token ring

  • FDDI

  • myrinet

  • arcnet

  • xp (IA64-specific)

  • ESCON (IBM Z-specific)

5.14.3 YaST sysctl Settings Location

Starting with SUSE Linux Enterprise Server 15 SP2, YaST writes sysctl settings to a separate file called /etc/sysctl.d/70-yast.conf.

This helps reduce conflicts with applications that override system settings.

5.14.4 New Zypper Options

Unlike other Zypper commands, zypper download did not allow specifying the repository to download a package from.

With this release, it is possible to specify the repository the same way as with other commands using the --repo option (or its alias --from).

5.14.5 Changes for Snapper Plug-in for zypper

The zypper plug-in for snapper has been rewritten from Python to C. This includes along a different implementation of regular expressions.

If you use regular expressions in /etc/snapper/zypp-plugin.conf, they may stop working correctly in some cases. This is true for regular expressions that rely on syntax that differs between the previous Python implementation and the new POSIX implementation.

In general, using wildcards instead of regular expressions is strongly recommended.

5.14.6 xfs_scrub_all Has Been Removed

The script for scrubbing all XFS filesystems in the system has been removed from the distribution. The SLE kernel does not support XFS scrubbing, meaning it could only be used with a custom kernel.

5.14.7 Extended Package Search in YaST

The YaST software management module can only install packages from enabled modules or repositories. In the past, finding out which module needed to be enabled for a specific package could be tricky. In SLE 15 SP2, if the system is registered against SUSE Customer Center, the software management module you can now search for packages from disabled modules.

5.15 Virtualization

For more information about acronyms used below, see https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-virt.html (https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-virt.html).

5.15.1 Supported Host Environments (Hypervisors)

Support status of SUSE Linux Enterprise Server 15 running as a guest operating system on top of various virtualization hosts (hypervisors).

The following SUSE host environments are supported:

  • SLES 11 SP4: Xen and KVM

  • SLES 12 SP1 to SP5: Xen and KVM

  • SLES 15 GA to SP2: Xen and KVM

The following third-party host environments are supported:

  • VMware ESXi 6.5, 6.7

  • Microsoft Windows 2008 R2 SP1+, 2012+, 2012 R2+, 2016, 2019

  • Citrix XenServer 7.0, 7.1, 8.0

  • Oracle VM 3.4

The level of support is as follows:

  • Support for SUSE host operating systems is full L3 (both for the guest and host) in accordance with the respective product lifecycle (https://www.suse.com/lifecycle/).

  • SUSE provides full L3 support for SUSE Linux Enterprise Server guests within third-party host environments. Support for the host and cooperation with SUSE Linux Enterprise Server guests must be provided by the host system’s vendor.

5.15.2 Guest Supported Guest Operating Systems

Support status of guest operating systems running virtualized on top of SUSE Linux Enterprise Server.

The following guest operating systems are fully supported (L3 in accordance with the respective product lifecycle (https://www.suse.com/lifecycle/)):

  • SLES 11 SP4

  • SLES 12 SP1, SP2, SP3, SP4, SP5

  • SLES 15 GA, SP1, SP2

  • OES 11 SP2, 2015, 2015 SP1, 2018, 2018 SP1, 2018 SP2

  • Netware 6.5 SP8 (32-bit only)

  • Windows Server 2008 SP2+, 2008 R2 SP1+, 2012+, 2012 R2+, 2016, 2019

The following guest operating systems are supported as a technology preview (L2, fixes if reasonable):

  • SLED 15 SP1

The following Red Hat guest operating systems are supported on a best-effort basis for all customers (L2, fixes if reasonable) and fully supported for customers with Expanded Support (L3):

  • RHEL 5.11+, 6.9+, 7.7+, 8.0+

The following Microsoft guest operating systems are supported on a best-effort basis (L2, fixes if reasonable):

  • Windows 8+, 8.1+, 10+

All guest operating systems are supported both fully virtualized and paravirtualized, with the exception of Windows guests, which are only supported fully virtualized and OES and Netware guests, which are only supported paravirtualized.

All guest operating systems are supported both in 32-bit and 64-bit environments, unless stated otherwise (Netware).

5.15.3 Supported VM Migration Scenarios

SUSE Linux Enterprise Server supports migrating a virtual machine from one physical host to another.

5.15.3.1 Offline Migration Scenarios

SUSE Linux Enterprise Server supports offline migration (the VM needs to be shut down prior to the migration), from SLE 12 to SUSE Linux Enterprise Server 15 SP2. The following host operating system combinations are fully supported (L3 in accordance with the respective product lifecycle (https://www.suse.com/lifecycle/)) for migrating guests from one host to another:

  • SLES 12 SP3 to SLES 12 SP4

  • SLES 12 SP3 to SLES 12 SP5

  • SLES 12 SP3 to SLES 15

  • SLES 12 SP4 to SLES 12 SP5

  • SLES 12 SP4 to SLES 15 (KVM only)

  • SLES 12 SP4 to SLES 15 SP1

  • SLES 12 SP5 to SLES 15 SP1

  • SLES 15 GA to SLES 15 SP1

5.15.3.2 Live Migration Scenarios

Support status of various live migration scenarios when running virtualized on top of SLES. Please also refer to the supported live migration requirements in the official Virtualization Guide (https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-virt.html).

The following host operating system combinations are fully supported (L3 in accordance with the respective product lifecycle (https://www.suse.com/lifecycle/)) for live-migrating guests from one host to another:

  • SLE 12 SP3 to SLE 12 SP4

  • SLE 12 SP4 to SLE 12 SP4

  • SLE 12 SP4 to SLE 12 SP5

  • SLE 12 SP4 to SLE 15 (KVM only)

  • SLE 12 SP4 to SLE 12 SP5

  • SLE 12 SP4 to SLE 15 SP1

  • SLE 12 SP5 to SLE 12 SP5

  • SLE 12 SP5 to SLE 15 SP1

  • SLE 15 GA to SLE 15 GA

  • SLE 15 GA to SLE 15 SP1

  • SLE 15 SP1 to SLE 15 SP1

  • SLE 15 SP1 to SLE 15 SP2 (when available)

Note
Note: Xen Live Migration

Live migration between SLE 11 and SLE 12 is not supported because of the different toolstacks, see the SLES 12 release notes (https://www.suse.com/releasenotes/x86_64/SUSE-SLES/12/#fate-317306) for more details.

5.15.4 KVM

5.15.4.1 Important Changes
  • Added support for Intel Cooper Lake CPUs

  • Stop using system memory barriers as this is a blocker for using QEMU in the context of containers. (SUSE now builds the package with --disable-membarrier.)

5.15.4.2 KVM Limits

Supported (and tested) virtualization limits of a SUSE Linux Enterprise Server 15 host running Linux guests on x86_64. For other operating systems, refer to the specific vendor.

Virtual Machine Limits
  • Maximum virtual CPUs per VM: 288

  • Maximum memory per VM: 4 TiB

Host Limits

5.15.5 Xen

5.15.5.1 Update to Xen 4.13

Xen has been updated to version 4.13. Among others, this update contains the following new features:

5.15.5.2 Xen Limits

Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as a virtualization host. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor.

Virtual Machine Limits
  • Maximum virtual CPUs per VM: 128 (HVM), 64 (HVM Windows guest) or 512 (PV)

  • Maximum memory per VM: 2 TB (64bit guest), 16 GB (32-bit guest with PAE)

Host Limits

5.15.6 libvirt

5.15.6.1 Important Changes
  • Removed the --listen option from LIBVIRTD_ARGS in /etc/sysconfig/libvirtd, because it is incompatible with socket activation.

  • Added the --timeout option for consistency with upstream.

  • libvirtd now supports systemd socket activation. libvirtd.socket and libvirtd-ro.socket are now enabled along with libvirtd.service. libvirtd will still start at boot in case there are guests that need to be autostarted, but it will exit after --timeout xxx seconds of inactivity. systemd will start it again when there are connections on the sockets.

  • Added TSX_CTRL and TAA_NO bits for IA32_ARCH_CAPABILITIES MSR (CVE-2019-11135).

  • Added SLE 15 and SLE 12 service pack support to virt-create-rootfs.

  • Added support for parallel migration, which allows memory pages to be processed in parallel by several threads and sent to the destination host using several connections at the same time (virsh migrate vm-name --live --parallel --parallel-connections 2).

  • Xen: Added support for the credit2 scheduler parameters (see https://wiki.xenproject.org/wiki/Credit2_Scheduler (https://wiki.xenproject.org/wiki/Credit2_Scheduler) for more information)

  • Xen: libvirtd shutdowns will now be inhibited when domains are running

5.15.6.2 osinfo-db Has Been Updated
  • osinfo-db now supports more guests.

  • The hwdata package now provides up-to-date information on usb.ids and pci.ids. Prior to version 1.7.x, libosinfo included its own, outdated copies of this information.

5.15.6.3 spice-gtk PulseAudio Back-end Is Deprecated

The PulseAudio back-end of spice-gtk is now considered deprecated and will be removed in a future release.

5.15.7 Vagrant

Vagrant (https://www.vagrantup.com/) is a tool that provides a unified workflow for the creation, deployment and management of virtual development environments. It provides an abstraction layer for various virtualization providers (like VirtualBox, VMWare or libvirt) via a simple configuration file that allows developers and operators to quickly spin up a VM running Linux or any other operating system.

A new VM can be launched with Vagrant via the following set of commands. The example uses the Vagrant Box for openSUSE Tumbleweed:

vagrant init opensuse/Tumbleweed.x86_64
vagrant up
# your box is now going to be downloaded and started
vagrant ssh
# and now you've got ssh access to the new VM
5.15.7.1 Vagrant Boxes for SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop

Starting with SUSE Linux Enterprise Server 15 SP2, we are providing official Vagrant Boxes for SUSE Linux Enterprise Server and SUSE Linux Enterprise Desktop for x86_64 and AArch64 (only for SLES using the libvirt provider). These boxes come with the bare minimum of packages to reduce their size and are not registered, thus users need to register the boxes prior to further provisioning.

These boxes are only available for direct download via SCC and must be manually registered with Vagrant as follows:

vagrant box add --name SLES-15-SP2 SLES15-SP2-Vagrant.x86_64-15.2-libvirt-*.vagrant.libvirt.box

The box is then available under the name SLES-15-SP2 and can be used like other Vagrant boxes:

vagrant init SLES-15-SP2
vagrant up
vagrant ssh
5.15.7.2 AArch64 Support

The SUSE Linux Enterprise Server box is also available for the AArch64 architecture using the libvirt provider. It has been pre-configured for the usage on SUSE Linux Enterprise Server on AArch64 and might not launch on other operating systems without additional settings. Running it on architectures other than AArch64 is not supported.

In case the box fails to start with a libvirt error message, add the following to your Vagrantfile and adjust the variables according to the guest operating system:

  config.vm.provider :libvirt do |libvirt|
    libvirt.driver = "kvm"
    libvirt.host = 'localhost'
    libvirt.uri = 'qemu:///system'
    libvirt.host = "master"
    libvirt.features = ["apic"]
    # path to the UEFI loader for aarch64
    libvirt.loader = "/usr/share/qemu/aavmf-aarch64-code.bin"
    libvirt.video_type = "vga"
    libvirt.cpu_mode = "host-passthrough"
    libvirt.machine_type = "virt-3.1"
    # path to the qemu aarch64 emulator
    libvirt.emulator_path = "/usr/bin/qemu-system-aarch64"
  end

5.15.8 AMD SEV tools

SUSE has worked with AMD to improve the AMD SEV Tool (https://github.com/AMDESE/sev-tool (https://github.com/AMDESE/sev-tool)).

5.15.9 Others

5.15.9.1 Improved First-Boot Experience on Windows Subsystem for Linux

The SUSE Linux Enterprise Server image for Windows Subsystem for Linux (WSL) now uses yast2-firstboot instead of the first-boot wizard provided by upstream. This means, the initial setup now has the SUSE look and feel.

You can find all SUSE images in the Microsoft store at https://www.microsoft.com/en-us/search/shop/Apps?q=%22SUSE+Linux+Enterprise%22 (https://www.microsoft.com/en-us/search/shop/Apps?q=%22SUSE+Linux+Enterprise%22).

5.16 Miscellaneous

6 AMD64/Intel 64-Specific Features & Fixes (x86-64)

Information in this section applies to SUSE Linux Enterprise Server 15 SP2 for the AMD64/Intel 64 architectures.

7 POWER-Specific Features & Fixes (ppc64le)

Information in this section applies to SUSE Linux Enterprise Server for POWER 15 SP2.

8 IBM Z-Specific Features & Fixes (s390x)

Information in this section applies to SUSE Linux Enterprise Server for IBM Z and LinuxONE 15 SP2. For more information, see https://www.ibm.com/developerworks/linux/linux390/documentation_suse.html (https://www.ibm.com/developerworks/linux/linux390/documentation_suse.html)

8.1 Hardware

8.1.1 Support for IBM z15 in binutils, glibc and gdb

Binutils, glibc and gdb have been updated to support instructions introduced with IBM z15.

8.1.2 Compression Improvements for zlib

The zlib library has been updated to exploit the IBM z15 compression capabilities.

8.1.3 Compression Improvements for gzip

The gzip tool has been updated to exploit the IBM z15 compression capabilities.

8.1.4 Performance Counters for IBM z15 (CPU-MF)

For optimized performance tuning, the CPU-measurement counter facility now supports counters, including the MT-diagnostic counter set, which was originally introduced with IBM z14.

8.2 Network

8.2.1 qeth: Support for HiperSockets Multi-Write

Multi-Write allows transferring multiple 64 KB buffers with a single instruction. This reduces CPU utilization, speeds up data transfer, and reduces receiver-side interrupts.

8.3 Performance

8.3.1 CPU-MF/perf: Export Sampling Data for Post-Processing

Enhances the hardware sampling in the perf PMU driver to export additional information for improved perf tool post-processing. Displays the address and function name from where a sample was taken.

8.4 Security

8.4.1 Support for SHA3 via CPACF (MSA6)

Support for hardware acceleration in the kernel for the SHA3 algorithm (CPACF MSA6) on CPACF hardware.

8.4.2 New Tool zcryptstats to Extract Crypto Measurement Data

Added a new tool zcryptstats to the s390-tools package to obtain and display measurement data from crypto adapters for capacity planning.

8.4.3 openCryptoki: Exploit PRNO Pseudo-Random Numbers in ICA, CCA and EP11 Tokens

Support for a NIST compliant pseudo-random number generator that can be seeded with true random numbers based on CPACF functions for the NIST curves P256, P384, and P521.

8.4.4 Support for AES Cipher Keys in pkey and paes Modules and zkey

The generation and transformation of AES cipher keys is now supported in the pkey and paes modules and zkey.

8.4.5 Support for the Crypto Express7S Crypto Card

Added support for the new IBM z15 Crypto Express7S crypto card.

8.4.6 openCryptoki: Support for SHA*-RSA_PKCS_PSS Mechanisms in libica Token

Added support for the following mechanisms to the libica token of openCryptoki: CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS.

8.4.7 libica: Support for Elliptic Curve Cryptography (ECC) via CPACF MSA9

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the Ed25510, Ed448, X25519, and X448 curves).

8.4.8 openssl-ibmca: Support for Elliptic Curve Cryptography (ECC) via CPACF MSA9

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the Ed25510, Ed448, X25519, and X448 curves).

8.4.9 zkey: Enhanced Consistency Checks

Various zkey enhancements have been added based on customer experiences, including checks to ensure that all HSMs used to encrypt a volume use the same master keys.

8.4.10 openSSL: Support for Elliptic Curve Cryptography (ECC) via CPACF MSA9

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the P256, P384, P521, Ed25510, Ed448, X25519 and X448 curves).

8.4.11 Kernel Address Space Layout Randomization (KASLR)

With kernel address space layout randomization (KASLR), the kernel can be loaded to a random location in memory. This offers protection against certain security attacks that rely on knowledge of the kernel addresses.

8.4.12 Installer Enhancements for Encrypting Partitions.

The installer has been enhanced to support dm-crypt to use protected keys to encrypt partitions.

8.5 Storage

8.5.1 zdsfs: Online VTOC Refresh

A Linux application can now access new data sets that were created after zdsfs was mounted without the need to remount zdsfs.

8.5.2 Installer Support for I/O Device Pre-Configuration

YaST now allows the user to process device configuration data obtained from the IBM Dynamic Partition Manager at boot time.

8.5.3 Split DIF and DIX Boot Time Controls

Enables the user to separately configure DIF and DIF+DIX integrity protection mechanisms for zFCP-attached SCSI devices.

8.6 Virtualization

The following new features are supported in SUSE Linux Enterprise Server 15 SP2 under KVM:

8.6.1 New CPU Model IBM z14 ZR1

Provide the CPU model for the IBM z14 ZR1 to enable KVM guests to transparently exploit new hardware features on the z14 ZR1.

8.6.2 New CPU Model IBM z15

Provide the CPU model for the IBM z15 to enable KVM guests to transparently exploit new hardware features on the z15.

8.6.3 libvirt Cpu Model Comparison and Baselining APIs for IBM Z

Enabled APIS for libvirt cpu model comparison and baselining for IBM Z that will allow customers to optimize utilization of heterogeneous KVM host environments.

8.6.4 DASD Passthrough Support

Enables KVM guests to directly access ECKD DASD devices using CCW passthrough. This allows the exploiting advanced features like HyperPAV and reserve/release. IPL from DASD is provided as a technology preview in SUSE Linux Enterprise Server 15 SP2.

8.6.5 Interrupt Support for Crypto Passthrough

Added interrupt support to improve performance and CPU utilization.

8.6.6 Secure Linux Boot Toleration

Linux operating system images using a secure boot on-disk format can now be run in KVM without modifications required, lowering overall administrative overhead.

9 Arm 64-Bit-Specific Features & Fixes (AArch64)

Information in this section applies to SUSE Linux Enterprise Server for Arm 15 SP2.

9.1 System-on-Chip Driver Enablement

SUSE Linux Enterprise Server for Arm 15 SP2 includes driver enablement for the following System-on-Chip chipsets:

  • AMD Opteron A1100

  • Ampere Computing X-Gene, eMAG

  • AWS Graviton, Graviton2

  • Broadcom BCM2837, BCM2711

  • Fujitsu A64FX

  • Huawei Kunpeng 916, Kunpeng 920

  • Marvell ThunderX, ThunderX2; Octeon TX; Armada 7040, Armada 8040

  • Mellanox BlueField

  • Nvidia Tegra X1, Tegra X2

  • NXP i.MX 8M; QorIQ LS1028A, LS1043A, LS1046A, LS1088A, LS2088A, LX2160A

  • Qualcomm Centriq 2400

  • Rockchip RK3399

  • Socionext SynQuacer SC2A11

  • Xilinx Zynq UltraScale+ MPSoC

9.2 Boot and Driver Enablement for Raspberry Pi

Bootloaders and a supported microSD card image of SUSE Linux Enterprise Server for Arm 15 SP2 for Raspberry Pi are available. The template of the SUSE Linux image is available as profile "RaspberryPi" in the package kiwi-templates-SLES15-JeOS to derive custom appliances.

9.2.1 New Features

In addition to the Raspberry Pi Compute Module 3, the Compute Module 3+ is now also supported. It uses the BCM2837 System-on-Chip silicon revision B0, same as Raspberry Pi 3 Model B+.

Also enabled is the Raspberry Pi 3 Model A+ with BCM2837 B0 silicon revision. Compared to Model B+ it offers a reduced feature set and less RAM.

Initial enablement is provided for Raspberry Pi 4 Model B, which uses a new BCM2711 System-on-Chip. Some limitations apply.

In the provided U-Boot bootloader the Btrfs filesystem is now supported, offering additional flexibility for partitioning, scripting and recovery.

Starting with SUSE Linux Enterprise Server for Arm 15 SP1, the .iso installation media allow booting directly from USB storage devices on supported boards, such as Raspberry Pi 3 Model B+. The Unified Installer in 15 SP2 now simplifies installation from USB to microSD by offering a default partitioning proposal for a bootable installation target, avoiding the need for manual partitioning in the most common scenarios. For more details on the boot process please refer to the SUSE Linux Enterprise Server Deployment Guide.

9.2.2 Upgrade Considerations

The bootloader package u-boot-rpi3 has been replaced with a new u-boot-rpiarm64 package that covers both Raspberry Pi 3 and 4 generations.

9.2.3 Expansion Boards

Raspberry Pi 3 Model B/B+/A+ and Raspberry Pi 4 Model B all offer a 40-pin General Purpose I/O connector, with multiple software-configurable functions such as UART, I²C and SPI. This pin mux configuration along with any external devices attached to the pins is defined in the Device Tree which is passed by the bootloader to the kernel.

SUSE does not currently provide support for any particular Hardware Attached on Top (HATs) or other expansion boards attached to the 40-pin GPIO connector. However, insofar as drivers for pin functions and for attached chipsets are included in SUSE Linux Enterprise, they can be used. SUSE does not provide support for making changes to the Device Tree, but successful changes will not affect the support status of the operating system itself. Be aware that errors in the Device Tree can stop the system from booting successfully or can even damage the hardware.

The bootloader and firmware in SUSE Linux Enterprise Server for Arm 15 SP2 support Device Tree Overlays. The recommended way of configuring GPIO pins is to create a file extraconfig.txt on the FAT volume (/boot/efi/extraconfig.txt in the SUSE image) with a line dtoverlay=filename-without-.dtbo per Overlay. For more information about the syntax, see the documentation by the Raspberry Pi Foundation: https://www.raspberrypi.org/documentation/configuration/device-tree.md (https://www.raspberrypi.org/documentation/configuration/device-tree.md)

If not already shipped in the /boot/efi/overlays/ directory (installed by raspberrypi-firmware-dt package), .dtbo files can be obtained from the manufacturer of the HAT or compiled from self-authored sources.

9.2.4 For More Information

For more information, see the SUSE Best Practices documentation for the Raspberry Pi at https://documentation.suse.com/sles/15-SP2/html/SLES-rpi-quick/art-rpiquick.html (https://documentation.suse.com/sles/15-SP2/html/SLES-rpi-quick/art-rpiquick.html).

9.3 No CPU Frequency Scaling on Fujitsu A64FX

Servers based on the Fujitsu A64FX System-on-Chip do not support Collaborative Processor Performance Control (CPPC). This means the CPUs will always run at maximum performance, irrespective of their load.

Contact your hardware vendor for whether third-party drivers are available for SUSE Linux Enterprise Server for Arm 15 SP2.

9.4 Deprecation of Early Marvell ThunderX2 Silicon Support

Marvell ThunderX2 System-on-Chip silicon revisions Ax had errata for the SATA controller. Silicon revisions B0 and later are not affected.

SUSE Linux Enterprise Server for Arm 12 SP3 and later include kernel patches with a recommended workaround. This allowed evaluation of early server systems with the affected silicon revisions.

An upcoming version of SUSE Linux Enterprise Server for Arm will drop the patches with those workarounds. Production servers should not be affected by that change. For early systems with pre-production silicon please check with the hardware vendor whether CPU upgrade kits are available.

9.5 Btrfs Subvolume for /boot/grub2/arm64-efi Missing After System Upgrade

In case you upgraded an AArch64 system with a Btrfs root file system from SUSE Linux Enterprise Server for Arm 12 SP3 or 15 GA, a subvolume for /boot/grub2/arm64-efi is missing. This will result in boot failures (error: symbol grub_efi_allocate_pages not found) when trying to boot the system from a snapshot.

Manually add the missing subvolume to make sure snapshots work correctly. Note that snapshots created before the fix remain unbootable. Run the following commands as user root:

cd /boot/grub2
mv arm64-efi arm64-efi.bk
btrfs subvolume create /boot/grub2/arm64-efi
cp -r arm64-efi.bk/* arm64-efi/

10 Known Issues & Workarounds

This is a list of known issues for this release.

10.1 Persistent Naming for SCSI Devices Is Now Active

On modern SUSE Linux Enterprise Server systems, device drivers are probed asynchronously. This has resulted in traditional device names like /dev/sda or eth0 becoming non-deterministic. To solve this, persistent device naming was introduced. For example, for network devices like eth0, udev would rename the interfaces to be consistent with device MAC addresses. For disk devices like /dev/sda, persistent device name links in /dev/disk/by-id have been introduced.

In the Linux 5.3 kernel, asynchronous probing has been added to more drivers. The sd driver handling SCSI disk devices uses asynchronous probing, too. The result is that /dev/sdX names even within individual SCSI hosts become non-deterministic.

You might now see a device order like:

# lsscsi

[0:2:0:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sdd
[0:2:1:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sdc
[0:2:2:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sde

When using persistent device names as recommended, this will not pose a problem. Modern tools are well-equipped to handle this.

However, some tools might a expect fixed device order or a predefined /dev/sdX name which then will fail to operate properly. In such cases, it is possible to disable asynchronous probing for specific drivers:

  1. Find out the name of the driver(s) used for the device that you want to disable asynchronous probing for:

    # lsscsi -H
    
    [0]    megaraid_sas

    The first number in the first column of the lsscsi output above corresponds to the SCSI host number.

  2. Add the following option to the kernel command line:

    scsi_mod.disable_async_probing=<driver>[,<driver>]

    Given the lsscsi output from the example above, you would add the following to the kernel command line: scsi_mod.disable_async_probing=megaraid_sas.

11 Removed and Deprecated Features and Packages

This section lists features and packages that got removed from SUSE Linux Enterprise Server or will be removed in upcoming versions.

11.1 Deprecated Features and Packages

The following features and packages are deprecated and will be removed with a future service pack of SUSE Linux Enterprise Server.

  • NodeJS 8 will be discontinued in SUSE Linux Enterprise Server 15 SP3.

  • insserv.conf will be discontinued with the next major version of SUSE Linux Enterprise Server.

  • /etc/init.d/halt.local initscript will no longer be supported with the next major version of SUSE Linux Enterprise Server. Please use systemd service files instead.

  • Read support for squashfs 3.x file systems will be deprecated in a future version of SUSE Linux Enterprise Server. For more information, see Section 5.9.7, “squashfs Version 3.x Legacy Formats Are Deprecated”.

12 Obtaining Source Code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html (http://www.suse.com/download-linux/source-code.html). Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to sle_source_request@suse.com (mailto:sle_source_request@suse.com) or as otherwise instructed at http://www.suse.com/download-linux/source-code.html (http://www.suse.com/download-linux/source-code.html). SUSE may charge a reasonable fee to recover distribution costs.

Print this page