Logo Back to Release Notes for SUSE products ? Release Notes Show Contents: Release Notes Top 1. 1 About the Release Notes 2. 2 SUSE Linux Enterprise Server 3. 3 Installation and Upgrade 4. 4 Architecture Independent Information 5. 5 AMD64/Intel 64 (x86_64) Specific Information 6. 6 POWER (ppc64le) Specific Information 7. 7 IBM Z (s390x) Specific Information 8. 8 ARM 64-Bit (AArch64) Specific Information 9. 9 Packages and Functionality Changes 10. 10 Technical Information 11. 11 Legal Notices SUSE Linux Enterprise Server 12 SP4 Release Notes # This product will be released in December 2018. This document provides guidance and an overview to high level general features and updates for SUSE Linux Enterprise Server 12 SP4. Besides architecture or product-specific information, it also describes the capabilities and limitations of SUSE Linux Enterprise Server 12 SP4. General documentation can be found at: http://www.suse.com/documentation/ sles-12/. Publication Date: 2018-10-29, Version: 12.4.20181011 1 About the Release Notes 2 SUSE Linux Enterprise Server 2.1 Interoperability and Hardware Support 2.2 Support and Life Cycle 2.3 What Is New? 2.4 Documentation and Other Information 2.5 How to Obtain Source Code 2.6 Support Statement for SUSE Linux Enterprise Server 2.7 General Support 2.8 Software Requiring Specific Contracts 2.9 Technology Previews 2.10 Modules, Extensions, and Related Products 2.11 Security, Standards, and Certification 3 Installation and Upgrade 3.1 For More Information 4 Architecture Independent Information 4.1 Security 4.2 Networking 4.3 Systems Management 5 AMD64/Intel 64 (x86_64) Specific Information 5.1 Support for AMD Memory Encryption 5.2 System and Vendor Specific Information 6 POWER (ppc64le) Specific Information 6.1 SDT Markers in Select Applications and Libraries 6.2 Support for POWER9 PMU Events Has Been Added to the perf Tool 6.3 Support for POWER9 24x7 Counters Has Been Added 6.4 OProfile Support for POWER9 6.5 Support for POWER9 Has Been Added to LibPFM 6.6 Support for POWER9 Has Been Added to PAPI 7 IBM Z (s390x) Specific Information 7.1 Hardware 7.2 Virtualization 7.3 Network 7.4 Security 7.5 Reliability, Availability, Serviceability (RAS) 7.6 Performance 7.7 Miscellaneous 8 ARM 64-Bit (AArch64) Specific Information 8.1 Boot and Driver Enablement for Raspberry Pi 9 Packages and Functionality Changes 9.1 Updated Packages 9.2 Removed and Deprecated Functionality 10 Technical Information 10.1 Kernel Limits 10.2 KVM Limits 10.3 Xen Limits 10.4 File Systems 10.5 Supported Java Versions 11 Legal Notices 1 About the Release Notes # These Release Notes are identical across all architectures, and the most recent version is always available online at http://www.suse.com/releasenotes/. Some entries may be listed twice, if they are important and belong to more than one section. Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes documents of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect. However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes. 2 SUSE Linux Enterprise Server # SUSE Linux Enterprise Server is a highly reliable, scalable, and secure server operating system, built to power mission-critical workloads in both physical and virtual environments. It is an affordable, interoperable, and manageable open source foundation. With it, enterprises can cost-effectively deliver core business services, enable secure networks, and simplify the management of their heterogeneous IT infrastructure, maximizing efficiency and value. The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux Enterprise Server is optimized to deliver high-performance mission-critical services, as well as edge of network, and web infrastructure workloads. 2.1 Interoperability and Hardware Support # Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix as well as Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility. This modular, general purpose operating system runs on four processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering. SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription, making it the perfect guest operating system for virtual computing. 2.2 Support and Life Cycle # SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services. SUSE Linux Enterprise Server 12 has a 13-year life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (SP4) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise Server 12 SP5. If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support you get an additional 12 to 36 months in twelve month increments, providing a total of 3 to 5 years of support on any given service pack. For more information, check our Support Policy page https://www.suse.com/ support/policy.html or the Long Term Service Pack Support Page https:// www.suse.com/support/programs/long-term-service-pack-support.html. 2.3 What Is New? # SUSE Linux Enterprise Server 12 introduces many innovative changes compared to SUSE Linux Enterprise Server 11. Here are some of the highlights: * Robustness on administrative errors and improved management capabilities with full system rollback based on Btrfs as the default file system for the operating system partition and the Snapper technology of SUSE. * An overhaul of the installer introduces a new workflow that allows you to register your system and receive all available maintenance updates as part of the installation. * SUSE Linux Enterprise Server Modules offer a choice of supplemental packages, ranging from tools for Web Development and Scripting, through a Cloud Management module, all the way to a sneak preview of upcoming management tooling called Advanced Systems Management. Modules are part of your SUSE Linux Enterprise Server subscription, are technically delivered as online repositories, and differ from the base of SUSE Linux Enterprise Server only by their life cycle. For more information about modules, see Section 2.10.1, ?Available Modules?. * New core technologies like systemd (replacing the time-honored System V-based init process) and Wicked (introducing a modern, dynamic network configuration infrastructure). * The open-source database system MariaDB is fully supported now. * Support for open-vm-tools together with VMware for better integration into VMware-based hypervisor environments. * Linux Containers are integrated into the virtualization management infrastructure (libvirt). Docker is provided as a fully supported technology. For more details, see https://www.suse.com/promo/sle/docker/. * Support for the AArch64 architecture (64-bit ARMv8) and the 64-bit Little-Endian variant of the IBM POWER architecture. Additionally, we continue to support the Intel 64/AMD64 and IBM Z architectures. * GNOME 3.20 gives users a modern desktop environment with a choice of several different look and feel options, including a special SUSE Linux Enterprise Classic mode for easier migration from earlier SUSE Linux Enterprise Desktop environments. * For users wishing to use the full range of productivity applications of a Desktop with their SUSE Linux Enterprise Server, we are now offering SUSE Linux Enterprise Workstation Extension (requires a SUSE Linux Enterprise Desktop subscription). * Integration with the new SUSE Customer Center, the new central web portal from SUSE to manage Subscriptions, Entitlements, and provide access to Support. If you are upgrading from a previous SUSE Linux Enterprise Server release, you should review at least the following sections: * Section 2.6, ?Support Statement for SUSE Linux Enterprise Server? * Section 10, ?Technical Information? 2.4 Documentation and Other Information # 2.4.1 Available on the Product Media # * Read the READMEs on the media. * Get the detailed change log information about a particular package from the RPM (where .rpm is the name of the RPM): rpm --changelog -qp .rpm * Check the ChangeLog file in the top level of the media for a chronological log of all changes made to the updated packages. * Find more information in the docu directory of the media of SUSE Linux Enterprise Server 12 SP4. This directory includes PDF versions of the SUSE Linux Enterprise Server 12 SP4 Installation Quick Start and Deployment Guides. Documentation (if installed) is available below the /usr/share/doc/ directory of an installed system. 2.4.2 Externally Provided Documentation # * http://www.suse.com/documentation/sles-12/ contains additional or updated documentation for SUSE Linux Enterprise Server 12 SP4. * Find a collection of White Papers in the SUSE Linux Enterprise Server Resource Library at https://www.suse.com/products/server/resource-library. 2.5 How to Obtain Source Code # This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to mailto:sle_source_request@suse.com or as otherwise instructed at http:// www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee to recover distribution costs. 2.6 Support Statement for SUSE Linux Enterprise Server # To receive support, you need an appropriate subscription with SUSE. For more information, see http://www.suse.com/products/server/services-and-support/. The following definitions apply: L1 Problem determination, which means technical support designed to provide compatibility information, usage support, ongoing maintenance, information gathering and basic troubleshooting using available documentation. L2 Problem isolation, which means technical support designed to analyze data, reproduce customer problems, isolate problem area and provide a resolution for problems not resolved by Level 1 or alternatively prepare for Level 3. L3 Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support. For contracted customers and partners, SUSE Linux Enterprise Server 12 SP4 and its Modules are delivered with L3 support for all packages, except the following: * Technology Previews * sound, graphics, fonts and artwork * packages that require an additional customer contract, see Section 2.8, ?Software Requiring Specific Contracts? * packages provided as part of the Software Development Kit (SDK) SUSE will only support the usage of original (that is, unchanged and un-recompiled) packages. 2.7 General Support # To learn about supported kernel, virtualization, and file system features, as well as supported Java versions, see Section 10, ?Technical Information?. 2.8 Software Requiring Specific Contracts # The following packages require additional support contracts to be obtained by the customer in order to receive full support: * PostgreSQL Database 2.9 Technology Previews # Technology previews are packages, stacks, or features delivered by SUSE which are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are included for your convenience and give you a chance to test new technologies within an enterprise environment. Whether a technology preview becomes a fully supported technology later depends on customer and market feedback. Technology previews can be dropped at any time and SUSE does not commit to providing a supported version of such technologies in the future. Give your SUSE representative feedback, including your experience and use case. 2.9.1 Technology Previews for AMD64/Intel 64 64-Bit (x86_64) # 2.9.1.1 Support for AMD Secure Encrypted Virtualization # As a technology preview, SLE 12 SP4 now supports AMD Secure Encrypted Virtualization (SEV). SEV integrates main memory encryption capabilities (SME) with the existing AMD-V virtualization architecture to support encrypted virtual machines. Encrypting virtual machines helps protect them from physical threats and other virtual machines or even the hypervisor itself. SEV represents a new approach to security that is particularly suited to cloud computing where virtual machines need not fully trust the hypervisor and administrator of their host system. As with SME, no application software modifications are required to support SEV. See also Section 5.1, ?Support for AMD Memory Encryption? . 2.10 Modules, Extensions, and Related Products # This section comprises information about modules and extensions for SUSE Linux Enterprise Server 12 SP4. Modules and extensions add parts or functionality to the system. 2.10.1 Available Modules # Modules are fully supported parts of SUSE Linux Enterprise Server with a different life cycle and update timeline. They are a set of packages, have a clearly defined scope and are delivered via an online channel only. Release notes for modules are contained in this document. The following modules are available for SUSE Linux Enterprise Server 12 SP4: +-----------------------------------------------------------------------------+ | Name | Content | Life Cycle | |-------------------+----------------------------------+----------------------| |Advanced Systems |CFEngine, Puppet, Salt and the |Frequent releases | |Management Module |Machinery tool | | |-------------------+----------------------------------+----------------------| |Containers Module |Docker, tools, prepackaged images |Frequent releases | |-------------------+----------------------------------+----------------------| |HPC Module |Tools and libraries related to |Frequent releases | | |High Performance Computing (HPC) | | |-------------------+----------------------------------+----------------------| |Legacy Module* |ksh |No updates, supported | | | |through March 2022 | |-------------------+----------------------------------+----------------------| |Public Cloud Module|Public cloud initialization code |Frequent releases | | |and tools | | |-------------------+----------------------------------+----------------------| |Toolchain Module |GNU Compiler Collection (GCC) |Yearly delivery | |-------------------+----------------------------------+----------------------| |Web and Scripting |PHP, Python, Ruby on Rails |3 years, ~18 months | |Module | |overlap | +-----------------------------------------------------------------------------+ * Module is not available for the AArch64 architecture. For more information about the life cycle of packages contained in modules, see https://scc.suse.com/docs/lifecycle/sle/12/modules. 2.10.2 Available Extensions # Extensions add extra functionality to the system and require their own registration key, usually at additional cost. Extensions are delivered via an online channel or physical media. In many cases, extensions have their own release notes documents that are available from https://www.suse.com/ releasenotes/. The following extensions are available for SUSE Linux Enterprise Server 12 SP4: * SUSE Linux Enterprise Live Patching: https://www.suse.com/products/ live-patching * SUSE Linux Enterprise High Availability Extension: https://www.suse.com/ products/highavailability * Geo Clustering for SUSE Linux Enterprise High Availability Extension: https://www.suse.com/products/highavailability/geo-clustering * SUSE Linux Enterprise Real Time: https://www.suse.com/products/realtime * SUSE Linux Enterprise Workstation Extension: https://www.suse.com/products/ workstation-extension Additionally, there are the following extensions which are not covered by SUSE support agreements, available at no additional cost and without an extra registration key: * SUSE Package Hub: https://packagehub.suse.com/ * SUSE Linux Enterprise Software Development Kit 2.10.3 Derived and Related Products # This sections lists derived and related products. In many cases, these products have their own release notes documents that are available from https:// www.suse.com/releasenotes/. * SUSE Enterprise Storage: https://www.suse.com/products/ suse-enterprise-storage * SUSE Linux Enterprise Desktop: https://www.suse.com/products/desktop * SUSE Linux Enterprise Server for SAP Applications: https://www.suse.com/ products/sles-for-sap * SUSE Manager: https://www.suse.com/products/suse-manager * SUSE OpenStack Cloud: https://www.suse.com/products/suse-openstack-cloud 2.11 Security, Standards, and Certification # SUSE Linux Enterprise Server 12 SP4 has been submitted to the certification bodies for: * Common Criteria Certification (http://www.commoncriteriaportal.org/) * FIPS 140-2 validation, see: http://csrc.nist.gov/groups/STM/cmvp/documents/ 140-1/140InProcess.pdf For more information about certification, see https://www.suse.com/security/ certificates.html. 3 Installation and Upgrade # SUSE Linux Enterprise Server can be deployed in several ways: * Physical machine * Virtual host * Virtual machine * System containers * Application containers 3.1 For More Information # For more information, see Section 4, ?Architecture Independent Information? and the sections relating to your respective hardware architecture. 4 Architecture Independent Information # Information in this section pertains to all architectures supported by SUSE Linux Enterprise Server 12 SP4. 4.1 Security # 4.1.1 Support for YubiKey and Nitrokey using the U2F frameworks. # Some applications require stronger authentication methods, including second factor authentication using physical tokens. Support for YubiKey and Nitrokey is now shipped in the form of libraries, PAM modules and CLI and UI utilities. 4.1.2 Support for TLS 1.3 in OpenSSL 1.1.1 # TLS 1.3 is a new version of the Transport Layer Security protocol with some major differences and improvements over the established TLS 1.2. This new protocol version is only available in OpenSSL 1.1.1 or later. This new version is not binary-compatible with the default version of OpenSSL in SLE 12 SP4 (OpenSSL 1.0), and has known differences in the API that require making adjustments before applications can benefit from the changes. OpenSSL 1.1.1 with support for TLSv1.3 is shipped as an option. In SLE 12 SP4, the libraries can be loaded into the same binary image along with OpenSSL 1.0 with symbol versioning enabled. To take advantage of this new protocol option, applications need to be built with OpenSSL 1.1.1 explicitly. OpenSSL 1.0 remains the default for system libraries, services and tools. 4.2 Networking # 4.2.1 Intel* Omni-Path Architecture (OPA) host software # Intel Omni-Path Architecture (OPA) host software is fully supported in SUSE Linux Enterprise Server 12 SP4. Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in a clustered environment. For information about installing Intel Omni-Path Architecture documentation, see the documentation from Intel at https://www.intel.com/content/dam/support/ us/en/documents/network-and-i-o/fabric-products/ Intel_OP_Software_SLES_12_4_RN_K34561.pdf (link may not yet be active during the prerelease phase of SLES 12 SP4). 4.3 Systems Management # 4.3.1 The YaST Module for SSH Server Configuration Has Been Removed # The YaST module for configuring an SSH server which was present in SLE 11, is not a part of SLE 12. It does not have any direct successor. The module SSH Server only supported configuring a small subset of all SSH server capabilities. Therefore, the functionality of the module can be replaced by using a combination of 2 YaST modules: The /etc/sysconfig Editor and the Services Manager. This also applies to system configuration via AutoYaST. 5 AMD64/Intel 64 (x86_64) Specific Information # Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP4 for the AMD64/Intel 64 architectures. 5.1 Support for AMD Memory Encryption # To provide protection against physical attacks on a system, AMD SME can provide full or partial memory encryption depending on the use case, on AMD family 17h CPU processors. Full memory encryption means all DRAM contents are encrypted using random keys. This provides strong protection against cold boot, DRAM interface snooping and similar types of attacks. This technology is especially prominent for systems equipped with NVDIMMs whose contents remain intact after powering down the system. Memory encryption support is present in SLE 15 kernels but not enabled by default. To enable it on compatible hardware (AMD family 17h CPU, with proper BIOS/UEFI support), supply the boot option mem_encrypt=on. 5.2 System and Vendor Specific Information # 5.2.1 TPM 2.0 Software Stack Has Been Updated # The upstream projects for Intel's TPM 2.0 Software Stack have introduced major changes to the project structure. Notably, the resource manager daemon has been replaced by a new implementation that fixes stability and security issues. The packaging has been adjusted to the upstream changes. The previous resource manager daemon, resourcemgr, which was previously part of the tpm2-0-tss package has been dropped. The new package tpm2.0-abrmd provides the new resource manager implementation (tpm2-abrmd / tabrmd). 6 POWER (ppc64le) Specific Information # Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP4 for the POWER architecture. 6.1 SDT Markers in Select Applications and Libraries # SDT markers are static tracepoints included in the source code that expose certain information deemed useful by the application/library developers for various purposes including debugging and performance monitoring. Tools such as perf and systemtap can be used to record data provided at these tracepoints, and for subsequent processing. In SLES 12 SP4, certain userspace applications and libraries (for example, glibc) are built with SDT markers enabled. This enhances the serviceability tooling. 6.2 Support for POWER9 PMU Events Has Been Added to the perf Tool # When executed on a POWER9 system, the perf tool now supports listing or specifying POWER9 PMU events by name. 6.3 Support for POWER9 24x7 Counters Has Been Added # SLES 12 SP4 adds support for the new version of the hypervisor API which is used to access 24x7 performance counters on POWER9 systems. 6.4 OProfile Support for POWER9 # The OProfile package has been updated to include support for POWER9 processors. 6.5 Support for POWER9 Has Been Added to LibPFM # The LibPFM package has been updated to include support for POWER9 processors. 6.6 Support for POWER9 Has Been Added to PAPI # PAPI package updated to include support for POWER9 processors. 7 IBM Z (s390x) Specific Information # Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP4 for the IBM Z architecture. For more information, see https:// www.ibm.com/developerworks/linux/linux390/documentation_suse.html. IBM zEnterprise 196 (z196) and IBM zEnterprise 114 (z114) are in the following referred to as z196 and z114. 7.1 Hardware # * The addition of IBM z14 hardware instructions and an expanded set of IBM z13 hardware instructions in glibc enables improved performance and hardware support. * The LLVM compiler supports IBM z14 instructions for improved performance. * OpenSSL (1.1), ibmca, and libica support IBM z14 instructions for AES-GCM-based encryption of data in flight. * KVM guests can now use CPU features, including CPACF functions, that were introduced with IBM z14. * With z14, the hardware provides an indication of the configuration level of SIE, for example LPAR or KVM. IBM z14 sample configurations help to analyze and optimize KVM performance. * libica supports hardware acceleration for the SHA3 algorithm (CPACF MSA6) using CPACF hardware in IBM z14 machines. * CPU-MF Hardware Counters are added for IBM z13 and z13s. You can now access counters from the MT-diagnostic counter set that is available with IBM z13. You can also specify z13 specific counters using their symbolic event names and obtain counter descriptions with the lscpumf utility. * Support for the True Random Number Generator (TRNG, CPACF MSA7) in IBM z14 machines via CPACF. This improves the availability of random data in the kernel entropy pool. 7.2 Virtualization # * KVM guests can exploit the new hardware features of the new CPU model IBM z14 ZR1. * Machine checks caused by failing KVM guests are now targeted at the KVM virtual server instead of the KVM hypervisor, thus making the hypervisor more resilient. * TLB Purge Enhancements are supported under KVM. This improves performance for KVM guests, in particular when subject to memory pressure. * Store Hypervisor Information (STHYI) from LPAR is available in KVM. Non-privileged user-space applications running on KVM can retrieve hypervisor capacity data through the LPAR if not provided by the Linux kernel. * Guarded Storage Facility is supported for improved performance of all Java workloads on KVM virtual servers. * Standard network boot setups can be used to deploy KVM guests. * The script kvm_stat was formerly a part of QEMU. However, it moved into the kernel tree upstream. To account for the change in the upstream project, in SLES 12 SP4, the script is now available from the new package kvm_stat. * LOADPARM and BOOTPROG are fully supported. A boot menu selection is available during IPL, for example, to recover from a defective KVM guest operating system. * Keyless Guests are supported for performance gains through improved memory handling for workloads running on Linux. * The IBM Call Home feature is enabled for KVM. 7.3 Network # 7.3.1 Shared Memory Communications - Direct (SMC-Direct) # SMC-direct can be used via a new socket family and the existing tooling via TCP handshake. A preload library can be used to enable applications to use the new socket family transparently. 7.3.2 Exploitation of Shared Memory Communications (SMC-R) is now Supported # The technology preview flag is removed for SMC-R, that enables RDMA-capable network interface cards (RNICs) to offer RDMA over Converged Ethernet (RoCE). Its usage is enabled by a collection of tools (smc-tools). 7.3.3 Support for SET VNIC_CHARS in qeth # qeth now supports SET VNIC_CHARS. You can configure MAC address flooding, learning, forwarding, and takeover behavior for HiperSockets devices. 7.4 Security # 7.4.1 dm-crypt with Protected Keys - Change Master Key Tool # Manage LUKS2 encryption keys for protected key cryptography if the master key of the associated Crypto Express adapter is changed. 7.4.2 Support Architectural Limit of Crypto Adapters in zcrypt Device Driver # The crypto device driver now supports the theoretical maximum of 255 adapters. 7.4.3 Protected Key dm-crypt Key Management Tool # Protected key crypto for dm-crypt disks in plain format can be used without a dependency on cryptsetup support for LUKS(2) with protected keys. A key management tool as part of the s390-tools enables to manage a key repository allowing to associate secure keys with disk partitions or logical volumes. 7.4.4 libica: Use TRNG to Seed DRBG (Crypto) # Improved generation of high (pseudo) quality random numbers via libica DRBG especially to generate safe random keys by use of the PRNO-TRNG instruction. 7.4.5 Elliptic Curve Support for Crypto # The strategic elliptic curve asymmetric cryptography that provides strong security with shorter keys is now supported by Crypto Express function offloads with opencryptoki, libica, icatoken and openssl-ibmca. 7.4.6 Support for the CEX6S Crypto Card # The CEX6S crypto card is fully supported. 7.4.7 In-Kernel Cryptography: GCM Enhancements # Kernel services like IPSec now exploit IBM z14 cryptography hardware for the AES-GCM cipher. 7.4.8 Enhanced OpenSSL Support for PKCS#11 Engine # With the version update to 1.0.2, the PKCS#11 can also be linked as a module. 7.5 Reliability, Availability, Serviceability (RAS) # 7.5.1 Support for DASD Block Layer Discard # SLES 12 SP4 includes support for the Linux discard function that releases unused space on z/VM VDISKs. 7.6 Performance # 7.6.1 Performance Counters for IBM z14 (CPUMF) # The performance counters of the IBM z14 are supported and can be handled and displayed with the perf tool for optimized performance tuning. 7.6.2 Guest Kernel Support to Avoid Unnecessary TLB Purges # The Linux kernel now tags pages that are not used as part of a page table, so that the hypervisor can avoid unnecessary purging of guest TLB (translation lookaside buffer) entries. 7.6.3 Kernel Interface for the Guarded Storage Facility Added to Improve Java Performance # Optimized Java processes improve performance for many Java applications. 7.6.4 Single Increment Assignment of Memory # A new option for the ?Attach Storage Element? SCLP command to speed up memory hotplug is available. 7.7 Miscellaneous # 7.7.1 Deprecated DMSVSMA Functionality Has Been Removed from snIPL # The DMSVSMA RPC protocol was only used to remote access machines running z/VM versions that are now out of maintenance. snIPL's support for this protocol was deprecated beginning with SLES 12 SP1. snIPL's support for remote access to z/VM hosts via the DMSVSMA RPC protocol has now been removed. We recommend using SMAPI to remotely access z/VM hosts instead which is provided by supported z/VM 5.4, and z/VM 6.x versions. For information about setting up your z/VM system for API access, see z/VM Systems Management Application Programming, SC24-6234. 8 ARM 64-Bit (AArch64) Specific Information # Information in this section pertains to the version of SUSE Linux Enterprise Server 12 SP4 for the AArch64 architecture. 8.1 Boot and Driver Enablement for Raspberry Pi # Bootloaders and a supported microSD card image of SUSE Linux Enterprise Server for ARM 12 SP4 for the Raspberry Pi are available. The template of the SUSE Linux image is available as profile "RaspberryPi" in the package kiwi-templates-SLES12-JeOS to derive custom appliances. Expansion Boards# The Raspberry Pi 3 Model B/B+ offers a 40-pin General Purpose I/O connector, with multiple software-configurable functions such as UART, I?C and SPI. This pin mux configuration along with any external devices attached to the pins is defined in the Device Tree which is passed by the bootloader to the kernel. SUSE does not currently provide support for any particular HATs or other expansion boards attached to the 40-pin GPIO connector. However, insofar as drivers for pin functions and for attached chipsets are included in SUSE Linux Enterprise, they can be used. SUSE does not provide support for making changes to the Device Tree, but successful changes will not affect the support status of the operating system itself. Be aware that errors in the Device Tree can stop the system from booting successfully or can even damage the hardware. The bootloader and firmware in SUSE Linux Enterprise Server 12 SP4 now support Device Tree Overlays. The new recommended way of configuring GPIO pins is to create a file extraconfig.txt on the FAT volume (/boot/efi/extraconfig.txt in the SUSE image) with a line dtoverlay=filename-without-.dtbo per Overlay. For more information about the syntax, see the documentation by the Raspberry Pi Foundation. As a side effect, no separate /boot partition is needed anymore. This allows booting Btrfs snapshots in the SUSE image. If not already shipped in the /boot/efi/overlays/ directory (raspberrypi-firmware-dt package), .dtbo files can be obtained from the manufacturer of the HAT or compiled from self-authored sources. For More Information# For more information, see the SUSE Best Practices documentation for the Raspberry Pi at . (https://www.suse.com/documentation/suse-best-practices/#els) 9 Packages and Functionality Changes # This section comprises changes to packages, such as additions, updates, removals and changes to the package layout of software. It also contains information about modules available for SUSE Linux Enterprise Server. For information about changes to package management tools, such as Zypper or RPM, see Section 4.3, ?Systems Management?. 9.1 Updated Packages # 9.1.1 KIWI Has Been Updated to 9.15.3 # There was a widening gap between the KIWI version shipped in previous SLE 12 service packs and the upstream version of KIWI. In SLE 12 SP4, KIWI has been updated to version 9.15.3, the same version that was also shipped in SLE 15 GA. Version 9 of KIWI is a complete rewrite of the software that, while keeping general compatibility, also includes many new features. This update also fixes several bugs related to building JeOS. Given the newer codestream, this update also simplifies support of the tool. For a comparison between KIWI 7 and KIWI 9, see https://opensource.suse.com/ kiwi/overview/legacy_kiwi.html. 9.2 Removed and Deprecated Functionality # 9.2.1 Packages and Features to Be Removed in the Future # 9.2.1.1 libcgroup1 Deprecated Starting with SLE 12 SP4 # Most functionality of libcgroup1 is also provided by systemd. In fact, the cgroup handling of libcgroup1 can conflict with that of systemd. Starting with SLE 12 SP4, libcgroup1 is considered deprecated. Consider migrating to the equivalent functionality in systemd. For more information, see https://www.suse.com/support/kb/doc/?id=7018741. 10 Technical Information # This section contains information about system limits, a number of technical changes and enhancements for the experienced user. When talking about CPUs, we use the following terminology: CPU Socket The visible physical entity, as it is typically mounted to a motherboard or an equivalent. CPU Core The (usually not visible) physical entity as reported by the CPU vendor. On IBM Z, this is equivalent to an IFL. Logical CPU This is what the Linux Kernel recognizes as a "CPU". We avoid the word "thread" (which is sometimes used), as the word "thread" would also become ambiguous subsequently. Virtual CPU A logical CPU as seen from within a Virtual Machine. 10.1 Kernel Limits # This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 12 SP4. +-----------------------------------------------------------------------------+ | SLES 12 SP4 (Linux 4.4) | AMD64/Intel 64 | IBM Z | POWER | AArch64 | | | (x86_64) | (s390x) | (ppc64le) | (ARMv8) | |--------------------------+----------------+----------+-----------+----------| |CPU bits |64 |64 |64 |64 | |--------------------------+----------------+----------+-----------+----------| |Maximum number of logical |8192 |256 |2048 |128 | |CPUs | | | | | |--------------------------+----------------+----------+-----------+----------| |Maximum amount of RAM |> 1 PiB/64 TiB |10 TiB/256|1 PiB/64 |256 TiB/ | |(theoretical/certified) | |GiB |TiB |n.a. | |--------------------------+----------------+----------+-----------+----------| |Maximum amount of user |128 TiB/128 TiB |n.a. |512 TiB ^1/|256 TiB/ | |space/kernel space | | |2 EiB |128 TiB | |--------------------------+--------------------------------------------------| |Maximum amount of swap |Up to 29 * 64 GB (x86_64) or 30 * 64 GB (other | |space |architectures) | |--------------------------+--------------------------------------------------| |Maximum number of |1048576 | |processes | | |--------------------------+--------------------------------------------------| |Maximum number of threads |Upper limit depends on memory and other parameters| |per process |(tested with more than 120,000)^2 | |--------------------------+--------------------------------------------------| |Maximum size per block |Up to 8 EiB | |device | | |--------------------------+--------------------------------------------------| |FD_SETSIZE |1024 | +-----------------------------------------------------------------------------+ ^1 By default, the userspace memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 512 TiB. ^2 The total number of all processes and all threads on a system may not be higher than the ?maximum number of processes?. 10.2 KVM Limits # +-----------------------------------------------------------------------------+ | SLES 12 SP4 | | | Virtual Machine | Limits | | (VM) | | |-----------------+-----------------------------------------------------------| |Maximum VMs per |Unlimited (total number of virtual CPUs in all guests being| |host |no greater than 8 times the number of CPU cores in the | | |host) | |-----------------+-----------------------------------------------------------| |Maximum Virtual |288 | |CPUs per VM | | |-----------------+-----------------------------------------------------------| |Maximum Memory |4 TiB | |per VM | | +-----------------------------------------------------------------------------+ Virtual Host Server (VHS) limits are identical to those of SUSE Linux Enterprise Server. 10.3 Xen Limits # Since SUSE Linux Enterprise Server 11 SP2, we removed the 32-bit hypervisor as a virtualization host. 32-bit virtual guests are not affected and are fully supported with the provided 64-bit hypervisor. +-------------------------------------------------------------------+ | SLES 12 SP4 Virtual Machine (VM) | Limits | |-------------------------------------+-----------------------------| |Maximum number of virtual CPUs per VM|64 | |-------------------------------------+-----------------------------| |Maximum amount of memory per VM |16 GiB x86_32, 511 GiB x86_64| +-------------------------------------------------------------------+ +----------------------------------------------------------------+ |SLES 12 SP4 Virtual Host Server (VHS) | Limits | |--------------------------------------+-------------------------| |Maximum number of physical CPUs |256 | |--------------------------------------+-------------------------| |Maximum number of virtual CPUs |256 | |--------------------------------------+-------------------------| |Maximum amount of physical memory |5 TiB | |--------------------------------------+-------------------------| |Maximum amount of Dom0 physical memory|500 GiB | |--------------------------------------+-------------------------| |Maximum number of block devices |12,000 SCSI logical units| +----------------------------------------------------------------+ * PV: Paravirtualization * FV: Full virtualization For more information about acronyms, see the virtualization documentation provided at https://www.suse.com/documentation/sles-12/. 10.4 File Systems # 10.4.1 Comparison of Supported File Systems # SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback. + supported ? unsupported +-----------------------------------------------------------------------------+ | Feature | Btrfs | XFS | Ext4 |OCFS 2 ^1|ReiserFS ^2 | |-----------------------+------------+-------+---------+---------+------------| |Support in products |SLE |SLE |SLE |SLE HA |SLE | |-----------------------+------------+-------+---------+---------+------------| |Data/metadata |N/A ^3 |? / + |+ / + |? / + |? / + | |journaling | | | | | | |-----------------------+------------+-------+---------+---------+------------| |Journal internal/ |N/A ^3 |+ / + |+ / + |+ / ? |+ / + | |external | | | | | | |-----------------------+------------+-------+---------+---------+------------| |Journal checksumming |N/A ^3 |+ |+ |+ |? | |-----------------------+------------+-------+---------+---------+------------| |Subvolumes |+ |? |? |? |? | |-----------------------+------------+-------+---------+---------+------------| |Offline extend/shrink |+ / + |? / ? |+ / + |+ / ? ^4 |+ / ? | |-----------------------+------------+-------+---------+---------+------------| |Online extend/shrink |+ / + |+ / ? |+ / ? |? / ? |+ / ? | |-----------------------+------------+-------+---------+---------+------------| |Inode allocation map |B-tree |B+-tree|table |B-tree |u. B*-tree | |-----------------------+------------+-------+---------+---------+------------| |Sparse files |+ |+ |+ |+ |+ | |-----------------------+------------+-------+---------+---------+------------| |Tail packing |? |? |? |? |+ | |-----------------------+------------+-------+---------+---------+------------| |Small files stored |+ (in |? |+ (in |+ (in |+ (in | |inline |metadata) | |inode) |inode) |metadata) | |-----------------------+------------+-------+---------+---------+------------| |Defragmentation |+ |+ |+ |? |? | |-----------------------+------------+-------+---------+---------+------------| |Extended file |+ / + |+ / + |+ / + |+ / + |+ / + | |attributes/ACLs | | | | | | |-----------------------+------------+-------+---------+---------+------------| |User/group quotas |? / ? |+ / + |+ / + |+ / + |+ / + | |-----------------------+------------+-------+---------+---------+------------| |Project quotas |? |+ |+ |? |? | |-----------------------+------------+-------+---------+---------+------------| |Subvolume quotas |+ |N/A |N/A |N/A |N/A | |-----------------------+------------+-------+---------+---------+------------| |Data dump/restore |? |+ |? |? |? | |-----------------------+-----------------------------------------------------| |Block size default |4 KiB ^5 | |-----------------------+-----------------------------------------------------| |Maximum file system |16 EiB |8 EiB |1 EiB |4 PiB |16 TiB | |size | | | | | | |-----------------------+------------+-------+---------+---------+------------| |Maximum file size |16 EiB |8 EiB |1 EiB |4 PiB |1 EiB | +-----------------------------------------------------------------------------+ ^1 OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension. ^2 ReiserFS is supported for existing file systems. The creation of new ReiserFS file systems is discouraged. ^3 Btrfs is a copy-on-write file system. Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in. Until the last write, the changes are not ?committed?. Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups). ^4 To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted. ^5 The block size default varies with different host architectures. 64 KiB is used on POWER, 4 KiB on other systems. The actual size used can be checked with the command getconf PAGE_SIZE. Additional Notes# Maximum file size above can be larger than the file system's actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 2^63 bytes in theory. The numbers in the above table assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different. In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024 GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also http:// physics.nist.gov/cuu/Units/binary.html. NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported. The version of Samba shipped with SUSE Linux Enterprise Server 12 SP4 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 12 SP4. Some file system features are available in SUSE Linux Enterprise Server 12 SP4 but are not supported by SUSE. By default, the file system drivers in SUSE Linux Enterprise Server 12 SP4 will refuse mounting file systems that use unsupported features (in particular, in read-write mode). To enable unsupported features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported. However, note that setting this option will render your kernel and thus your system unsupported. 10.4.2 Supported Btrfs Features # The following table lists supported and unsupported Btrfs features across multiple SLES versions. + supported ? unsupported +-----------------------------------------------------------------------------+ | Feature | SLES 11 | SLES 12 | SLES 12 | SLES 12 | SLES 12 | | | SP4 | GA | SP1 | SP2 | SP3 | |-----------------------+----------+---------+----------+----------+----------| |Copy on Write |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Snapshots/Subvolumes |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Metadata Integrity |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Data Integrity |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Online Metadata |+ |+ |+ |+ |+ | |Scrubbing | | | | | | |-----------------------+----------+---------+----------+----------+----------| |Automatic |? |? |? |? |? | |Defragmentation | | | | | | |-----------------------+----------+---------+----------+----------+----------| |Manual Defragmentation |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |In-band Deduplication |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |Out-of-band |+ |+ |+ |+ |+ | |Deduplication | | | | | | |-----------------------+----------+---------+----------+----------+----------| |Quota Groups |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Metadata Duplication |+ |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Multiple Devices |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |RAID 0 |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |RAID 1 |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |RAID 10 |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |RAID 5 |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |RAID 6 |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |Hot Add/Remove |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Device Replace |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |Seeding Devices |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |Compression |? |? |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Big Metadata Blocks |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Skinny Metadata |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Send Without File Data |? |+ |+ |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Send/Receive |? |? |? |+ |+ | |-----------------------+----------+---------+----------+----------+----------| |Inode Cache |? |? |? |? |? | |-----------------------+----------+---------+----------+----------+----------| |Fallocate with Hole |? |? |? |+ |+ | |Punch | | | | | | +-----------------------------------------------------------------------------+ 10.5 Supported Java Versions # The following table lists Java implementations available in SUSE Linux Enterprise Server 12 SP4: +-----------------------------------------------------------------------------+ | Name (Package Name) |Version| Part of SUSE Linux Enterprise | Support | | | | Server | | |-------------------------+-------+-------------------------------+-----------| |OpenJDK ( |1.8.0 |SLES |SUSE, L3 | |java-1_8_0-openjdk) | | | | |-------------------------+-------+-------------------------------+-----------| |OpenJDK ( |1.7.0 |SLES |SUSE, L3 | |java-1_7_0-openjdk) | | | | |-------------------------+-------+-------------------------------+-----------| |IBM Java (java-1_8_0-ibm)|1.8.0 |SLES |External | | | | |only | |-------------------------+-------+-------------------------------+-----------| |IBM Java (java-1_7_1-ibm)|1.7.1 |SLES |External | | | | |only | |-------------------------+-------+-------------------------------+-----------| |IBM Java (java-1_6_0-ibm)|1.6.0 |Legacy Module |External | | | | |only | +-----------------------------------------------------------------------------+ 11 Legal Notices # SUSE makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes. Further, SUSE makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Refer to http://www.suse.com/company/ legal/ for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals. Copyright ? 2010- 2018 SUSE LLC. This release notes document is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License (CC-BY-ND-3.0 US, http://creativecommons.org/licenses/by-nd/3.0/us/). SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries. For SUSE trademarks, see SUSE Trademark and Service Mark list (http:// www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners. Share this page: Facebook ? Google+ ? Twitter ? E-Mail Print this page ? 2018 SUSE * Careers * Legal * About * Contact Us