Release Notes for SUSE Linux Enterprise Server 10 Service Pack 3

Version 10.3.11, 14. September 2009

Abstract

These release notes are generic for all SUSE Linux Enterprise Server 10 based
products. Some parts may not apply to a particular architecture/product. Where
this is not obvious, the respective architectures are listed explicitly. The
instructions for installing this Service Pack can be found in the README file
on CD1. There are also translations of this file.

A startup and preparation guide are found under the docu directory on the
media. Any documentation (if installed) can be found below /usr/share/doc/ in
the installed system.

This Novell product includes materials licensed to Novell under the GNU General
Public License (GPL). The GPL requires that Novell make available certain
source code that corresponds to those GPL-licensed materials. The source code
is available for download at http://www.novell.com/linux/source. Also, for up
to three years from Novell's distribution of the Novell product, upon request
Novell will mail a copy of the source code. Requests should be sent by e-mail
to sle_source_request@novell.com or as otherwise instructed at http://
www.novell.com/linux/source. Novell may charge a fee to recover its reasonable
costs of distribution.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Table of Contents

1. Purpose
2. New Features
3. Driver Updates

    3.1. Network Drivers
    3.2. Storage Drivers
    3.3. Other Drivers

4. Other Updates
5. Installation-Related Notes
6. Update-Related Notes

    6.1. General Notes
    6.2. Update from SUSE Linux Enterprise Server 10 SP2
    6.3. Update from SUSE Linux Enterprise Server 10 SP1
    6.4. Update from SUSE LINUX Enterprise Server 9

7. Technology Previews
8. Deprecated Functionality
9. Known Issues
10. Resolved Issues
11. Technical Informations
12. Documentation and other information

Chapter 1. Purpose

This SUSE Linux Enterprise Server 10 Service Pack 3 serves several purposes:

  ● Provide enhancements to the SLES 10 code base (see Chapter 2, New Features
    ).

  ● Provide all maintenance fixes (see Chapter 3, Driver Updates) released
    since GA of SLES 10.

  ● Provide an easy update (see README) of your system or individual packages
    to the latest Service Pack level. This is especially useful if you cannot
    use online update mechanisms.

  ● Provide an easy fresh install (see README) using the latest kernel,
    drivers, and installer updates.

  ● Include PTFs (special fixes for customers) which were folded back into the
    SLES 10 common code base making them part of the maintained code base.

  ● Provide useful additional information and documentation (see Chapter 5,
    Installation-Related Notes).

Through joint testing and maximum care, we try hard not to break any ISV
certification with a Service Pack, but we recommend checking with your ISV
about your application's certification status.

With the release of SUSE Linux Enterprise Server 10 Service Pack 3, the now
obsoleted Service Pack 2 enters limited support status for the following 6
months, during which time Novell will continue to provide security updates and
L3 support to maintain its customer's operations safe during the migration
window. At the end of the six-month parallel support period, on March, 29th
2010, support for Service Pack 2 will be permanently discontinued.

Chapter 2. New Features

  ● Tomcat was updated to version 5.5.27 and necessary new packages were added
    for this.

  ● Added Infiniband Support in version 1.4.1

  ● Avahi daemon was added

  ● A Block IO Tracer (blktrace) was added

  ● On i386, vmi, vmipae and kdumppae kernel flavours were added.

  ● Generic Linux ASM Library support was added (oracleasm)

  ● Multipurpose relay for bidirectional data transfer (socat) was added

  ● Interactive System Activity Grapher for sysstat (sysstat-isag) was added

  ● On System z, a YaST2 module for IPL loader was added

  ● Selective Logging of ECKD DASD devices

    With this feature the system reports system information messages (SIM) to
    the user. The System Reference Code (SRC), which is part of the SIM, is
    reported to the user and allows to look up the reason of the SIM online in
    the documentation of the storage server.

  ● On System z, zipl can now dump to multiple DASDs. So it now possible to
    dump system images, which are larger than a single DASD.

  ● On System z, a new interface for shutdown actions exists. It is now
    possible to specify up to five VM commands after the system was shutdown.
    Depending on the way the system was shutdown (halt, poff, reboot,
    dump_reipl or panic) the actions could be specified.

  ● On System z, it is now possible in z/VM 5.4 to use Discontiguous Saved
    Segments (DCSS) above 2047 MB (2G) of virtual storage.

  ● On System z, it is now possible in z/VM 5.4 to dump linux guest to
    SCSI-disks. This requires zfcpdump-support for memory holes because z/VM
    allows to have discontiguous memory.

  ● On System z, the zfcp trace facility was enhanced.

  ● On System z, support for large volumes on DS8000 was integrated.

  ● On System z, support for disk encryption FICON-attached DS8000, introduced
    with DS8000 R4.2 was integrated. This feasture shows in linux whether the
    accessed disc is encrypted or not.

  ● On System z, a TTY terminal server over IUCV was added. It is now possible
    to connect to a over IUCV. This does not require a working TCP/IP network
    in the connected guest. This service uses AF_IUCV as a network.

  ● On System z, support for HiperSockets IPv6 Layer 3 was integrated.

  ● On System z, inastallation support for two OSA ports per CHPID was
    integrated.

  ● On System z, support for Long random numbers was added. User space can now
    acces large amounts of truly random data. The random data source is the
    built-in hardware random number generator on the CEX2C cards.

  ● On System z, when the machine supports AP adapter interrupts, polling will
    be switched off at module initialization and the driver will work in
    interrupt mode. So the Crypto Device Driver will use Thin Interrupts. This
    support is available on IBM System z10.

  ● On System z, the FCP Performance Data Collection has been improved. A new
    API call to blktrace has been added to pass binary driver data. Support has
    been added to the FCP driver to export performance data. New sysfs
    attribute queue_full has been added to count instances where the adapter
    could not process requests due to no space left in outbound queue. Note
    that the FCP adapter statistics (on z9 or later) and the zfcp statistics
    have been reworked and are now available using the new ziomon-tool, and can
    be retrieved using BLKTRACE 1.0.x

  ● On System z, the service level interface has been added. This interface /
    proc/service_levels allows any code to report a relevant service level,
    e.g. the microcode level of devices, the service level of the hypervisor.

  ● On System z, support for AF_IUCV SOCK_SEQPACKET was added.

Chapter 3. Driver Updates

3.1. Network Drivers

  ● Updated cxgb3 driver to version 1.1.3 and added firmware in version 7.4.0

  ● Added Mellanox (mlx) driver to OFED version 1.4.1.

  ● Added Brocade 10G PCIe Ethernet (bna) driver driver in version 2.0.0.0

  ● Added e1000e driver in version 1.0.2.5

  ● Updated tg3 driver to version 3.99c

  ● Updated bnx2x driver to version 1.48.105

  ● Updated bnx2 driver to version 2.0.1

  ● Added ixgbe driver in version 2.0.34.3

  ● Updated e1000 driver to version 7.6.15.5

  ● Updated e100 driver to version 3.5.24-k3

  ● Updated netxen driver to version 4.0.30

  ● Added igb driver in version 1.3.19.3

  ● Updated sky2 driver to version 1.22

  ● Added Neptune (niu) driver in version 0.9

  ● Added QLogic 10G LAN driver (qlge) driver in version 1.00.00.19

  ● Added Emulex 10G LAN (be2net) driver in version 2.0.348

  ● Updated bonding driver to version 3.2.5

3.2. Storage Drivers

  ● Added Brocade FC/FCoE driver (bfa) in version 2.0.0.0

  ● Updated qla2xxx to version 8.03.00.06.10.3-k4

  ● Updated qla4xxx to version 5.01.03.03.10.3-d1

  ● Updated megaraid_sas to version 4.08

  ● Updated aacraid driver

  ● Added support for new hardware to cciss driver

  ● Updated lpfc driver to version 8.2.0.48.2p

  ● Updated fusion driver to version 3.04.07

  ● Added LSI MPT Fusion SAS 2.0 Device driver (mpt2sas) in version 3.04.07

  ● Added IBM Power Virtual Fibre Channel driver (ibmvfc) in version 1.0.5.

3.3. Other Drivers

  ● Updated CIFS to version 1.51

  ● Updated OCFS2 to version 1.4.0

Chapter 4. Other Updates

  ● Added scsi-eventd

  ● Added setarch utility to modify virtual address randomization

  ● Updated autofs5 to version 5.0.3

  ● Updated dhcp to version 3.0.7

  ● Updated heartbeat to version 2.1.4

  ● Updated IBM Java 1.4.2 to SR13

  ● Updated SUN Java 1.4.2 to version 1.4.2.19

  ● Updated IBM Java 1.5.0 to SR9-ssu

  ● Updated mx4j to version 3.0.1

  ● Updated nagios-plugins to version 1.4.13

  ● Updated openhpi to version 1.14.0

  ● Updated pciutils to version 3.1.2

  ● Updated postgresql to version 8.1.17

  ● Updated samba to version 3.0.35

  ● Updated XEN to version 3.2.3

  ● Updated elilo to version 3.10 on ia64

  ● Updated gnu-efi to version 3.0e on ia64

  ● Updated ia32el to version 7042_7022 on ia64

  ● Updated gdb to version 6.8

  ● Updated ipmitool to version 1.8.10

  ● Updated OpenIPMI to version 2.0.14

  ● Updated iprutils to version 2.2.14

  ● Updated pure-ftpd to version 1.0.22

Chapter 5. Installation-Related Notes

This section includes installation-related information for this Service Pack.

  ● Installation using Persistent Device names

    If you plan to add additional storage devices to your system after the OS
    installation, we strongly recommend to use persistent device names for all
    storage devices during installation. The installer by default uses the
    kernel device names.

    How to proceed:

    During installation, enter the partitioner. For each partition, select
    "Edit" and go to the "FStab Options" dialog. Any mount option except
    "Device name" provide you persistent devicenames.

    To switch an already installed system to using persistent device names,
    proceed as described above for all existing partitions. In addition, rerun
    the boot loader module in YaST to switch the bootloader to using the
    persistent device name also. Just start the module and select "Finish" to
    write the new proposed configuration to disk. This needs to be done before
    adding new storage devices.

    For further information please look at http://en.opensuse.org/
    Persistant_Storage_Device_Names.

  ● Network-based root file systems must not be accessed through a bridge
    device.

    Booting a network-based filesystem (e.g iSCSI) that is accessed through a
    bridge does not work. The workaround is to create a networkpath that does
    not go through a bridge.

  ● MD Devices on top of iSCSI not possible

    iSCSI devices cannot be used for Linux Software RAID. Using MD devices on
    top of iSCSI triggers a cyclic dependency that leads to a crash.

  ● Using qla3xxx and qla4xxx driver at the same time

    QLogic iSCSI Expansion Card for IBM BladeCenter provides both Ethernet and
    iSCSI functions. Some parts on the card are shared by both functions. The
    current qla3xxx (ethernet) and qla4xxx (iSCSI) drivers support Ethernet and
    iSCSI function individually. They do not support using both functions at
    the same time. Using both Ethernet and iSCSI functions at the same time may
    hang the device and cause data lost and filesystem corruptions on iSCSI
    devices or network disruptions on Ethernet.

  ● Using iSCSI Disks When Installing

    To use iSCSI disks during installation it is necessary to add the following
    parameter to the kernel parameter line: withiscsi=1

    During installation, an additional screen appears that provides the
    possibility to attach iSCSI disks to the system and use them in the
    installation process.

    Since SUSE Linux Enterprise Server 10 SP1 booting from an iSCSI server on
    i386, x86_64 and ppc is supported, when an iSCSI enabled firmware is used.

    On ppc, a single bootfile (zImage.initrd) instead of yaboot is used.

  ● Using EDD Information for Storage Device Identification

    If you want to use EDD information (/sys/firmware/edd/<device>) to identify
    your storage devices, change the installer default settings using an
    additional kernel parameter.

    Requirements:

      ○ BIOS provides full EDD information (found in /sys/firmware/edd/
        <device>)

      ○ Disks are signed with a unique MBR signature (found in /sys/firmware/
        edd/<device>/mbr_signature)

    Procedure:

      ○ Add parameter use_edd=1 to the kernel parameters during initial
        installation.

      ○ The device-id list in the installer shows the EDD ID (such as
        edd_dev80_part1) instead of the default device-id name.

      ○ Select those device IDs for installation and runtime (for example, in /
        etc/fstab and bootloader).

  ● Automatic installation with Autoyast in an LPAR (System z)

    For automatic installation with Autoyast in an LPAR, it is required, that
    the parmfile used for such an installation has blank characters at the
    beginning and the end of each line (the first line need not to start with a
    blank). The number of character in one line should not exceed 80
    characters.

  ● linuxrc doesn't accept its proposed default values in System z LPAR
    installation

    Pressing "Send" (enter) in linuxrc to confirm the proposed default value
    leads to no input. This can cause "*** Invalid Input." errors.

    Recommendation: When running linuxrc in a System z LPAR console, instead of
    pressing "Send" (enter) to take the proposed default value, enter the value
    explicitly.

  ● Adding DASD or zFCP disks during installation (System z)

    The adding of DASD or zFCP disks is not only possible during the
    installation workflow, but also when the installation proposal is shown. To
    add disks at that stage please click on the "Expert" tab and scroll down.
    There the DASD and/or zFCP entry is shown. These added disks are not shown
    in the partitioner. To get the disks into the partitioner, you have to
    click on the expert label and select "reread partition table". This may
    reset any previously entered information.

  ● Creating LVM or EVMS Volumes with DASDs (System z)

    If want to create a LVM or EVMS volume with DASDs that are not formatted or
    partitioned this will fail. The DASDs can be formatted in the DASD
    activation panel. Creating a partition can be done in the partitioner by
    hitting the [create] button and specifying "do not format" and removing any
    mountpoints indicated.

  ● Installation loops during network configuration if incorrect or incomplete
    parameters are entered. (System z)

    In case of an erroneous configuration of a (e.g. qeth) device, the device
    does not get ungrouped automatically.

    Perform the following steps to recover from a network device setup failure:

      ○ Enter "x" to get to the expert menu, then "3" to start a shell.

      ○ Enter "cd /sys/bus/ccwgroup/devices/<read channel number>" to get to
        the sysfs directory of the network device.

      ○ Enter "echo 0 >online" to put the device offline.

      ○ Enter "echo 1 >ungroup" to ungroup the device's channels.

      ○ Enter "exit" to return to linuxrc.

      ○ Enter "0" to continue with the installation.

    Now you are ready to retry the network setup.

  ● cxgb3 Adapter Support During Installation

    If support for the cxgb3 adapter is required during the installation phase
    already, please make sure to also select the packages "ofed-1.4.1" and
    "ofed-kmp-ppc64-1.3.1" in the package selection of the installer.

Chapter 6. Update-Related Notes

This section includes update-related information for this Service Pack.

6.1. General Notes

  ● SPident reports an old Service Pack level

    SPident is a tool to identify the Service Pack level of the current
    installation. It may report that the system has not reached the level of
    this Service Pack. This happens, when optional updates that are not
    automatically installed by YOU are not manually selected during update. If
    you use or need any packages which have optional updates, select these in
    order to reach the current Service Pack level.

  ● Novell AppArmor

    This release of SUSE Linux Enterprise Server ships with Novell AppArmor.
    The AppArmor intrusion prevention framework builds a firewall around your
    applications by limiting the access to files, directories, and POSIX
    capabilities to the minimum required for normal operation. AppArmor
    protection can be enabled via the AppArmor control panel, located in YaST
    under Novell AppArmor. For detailed information about using Novell
    AppArmor, see the documentation in /usr/share/doc/packages/apparmor-docs.

    The AppArmor profiles included with SUSE Linux have been developed with our
    best efforts to reproduce how most users use their software. The profiles
    provided work unmodified for many users, but some users find our profiles
    too restrictive for their environments.

    If you discover that some of your applications do not function as you
    expected, you may need to use the AppArmor Update Profile Wizard in YaST
    (or use the aa-logprof(8) command line utility) to update your AppArmor
    profiles. Place all your profiles into learning mode with the following:
    aa-complain /etc/apparmor.d/*

    When a program generates many complaints, the system's performance is
    degraded. To mitigate this, we recommend periodically running the Update
    Profile Wizard (or aa-logprof(8)) to update your profiles even if you
    choose to leave them in learning mode. This reduces the number of learning
    events logged to disk, which improves the performance of the system.

  ● LD_ASSUME_KERNEL Environment Variable

    Do not set the LD_ASSUME_KERNEL environment variable any longer. In the
    past, it was possible to use it to enforce LinuxThreads support, which was
    dropped. If you set LD_ASSUME_KERNEL to a kernel version lower than 2.6.5,
    everything breaks because ld.so looks for libraries in a version that does
    not exist anymore.

6.2. Update from SUSE Linux Enterprise Server 10 SP2

  ● New version of Tomcat

    A version update of Tomcat was done, which requires more and new RPMs.

6.3. Update from SUSE Linux Enterprise Server 10 SP1

  ● New on disk format of new Sysstat package

    The new features of the new Sysstat package needs a new on disk format of
    the data files. After the update of the sysstat package the old collected
    data can no longer be used.

  ● Changed order of starting network interface

    The order in which network interfaces will be started has changed. The new
    order is now bond interfaces first, then vlan, dialup tunnel and finally
    bridge interfaces.

6.4. Update from SUSE LINUX Enterprise Server 9

  ● Becoming Superuser Using su

    By default, calling su to become root does not set the PATH for root.
    Either call su - to start a login shell with the complete environment for
    root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change
    the default behavior of su.

  ● Forwarding xauth keys between users with sux

    The shell script sux was removed. The functionality of forwarding xauth
    keys between users is now handled by the pam_xauth module and su.

  ● NTP-Related Files Renamed

    For reasons of compatibility with LSB (Linux Standard Base), most
    configuration files and the init script were renamed from xntp to ntp.

  ● Changed tar behavior in SUSE Linux Enterprise Server 10

    Under SUSE Linux Enterprise Server 9, when extracting a directory from a
    tar archive that already existed as a symbolic link in the target
    directory, tar would overwrite the symlink with an actual directory. Under
    SUSE Linux Enterprise Server 10, tar leaves the symlink and places the
    contents of the archive within it.

    To enforce the old behavior please use the option --no-overwrite-dir when
    extracting an archive.

  ● ulimits

    SUSE Linux Enterprise Server 9 set up the user environment with an
    unlimited stack size resource limit to work around restrictions in stack
    handling of multithreaded applications. With SUSE Linux Enterprise Server
    10, this is no longer necessary and has been removed. The login environment
    now defaults to the kernel default stack size limit. To restore the old
    behavior, add

    ulimit -Ss unlimited

    to /etc/profile.local. If you want an automatic configuration of your
    resource limits suited to protect desktop systems, you may want to install
    the ulimit package.

  ● Mounting Encrypted Partitions

    With SUSE Linux Enterprise Server 10, we switched to "cryptoloop" as the
    default encryption module. SUSE Linux Enterprise Server 9 used twofish256
    using loop_fish2 with 256 bits. Now we are using twofish256 using
    cryptoloop with 256 bits. The old twofish256 is available as twofishSL92.

  ● Reconfiguring Intel and Nvidia Sound Drivers

    When updating a system with the snd-intel8x0 module (for Intel, SIS, AMD,
    and Nvidia on-board chips), the system might be unable to load the module
    at reboot, because the module option joystick was removed from the newer
    version. To fix the problem, reconfigure the sound system using YaST.

  ● Upgrading MySQL from SLES9 to SLES10

    During the upgrade from SUSE Linux Enterprise Server9 to SUSE Linux
    Enterprise Server10 also MySQL is upgraded from 4.x to 5.x. To complete
    this migration you have also to upgrade your data as described in the MySQL
    documentation.

  ● Migrating from PHP 4 to PHP 5

    Although most existing PHP 4 code should work without changes, there are a
    few backwards-incompatible changes. Find a list of these changes at: http:/
    /www.zend.com/manual/migration5.incompatible.php

  ● Switching from Heimdal to MIT Kerberos

    MIT Kerberos is now used instead of heimdal. Converting an existing Heimdal
    configuration automatically is not always possible. During a system update,
    backup copies of configuration files are created in /etc with the suffix
    .heimdal. YaST-generated configuration settings in /etc/krb5.conf are
    converted, but check whether the results match your expectations.

    Before starting the update, you should decrypt an existing Heimdal database
    into a human-readable file with the command

    kadmin -l dump -d heimdal-db.txt

    . This way, you can create a list of available principals that you can
    restore one-by-one using kdc from MIT Kerberos. Find more information about
    setting up a KDC in the documentation in the "krb5-doc" package.

    To configure a Kerberos client, start the YaST Kerberos Client module and
    enter your values for "Standard Domain", "Standard Realm", and "KDC Server
    Address".

  ● MDNS and .local domain names

    The .local top level domain is treated as link-local domain by the
    resolver. DNS requests are send as multicast DNS requests instead of normal
    DNS requests. If you already use the .local domain in your nameserver
    configuration you will have to switch this option off in /etc/host.conf.
    Please also read the host.conf manual page, more information on multicast
    DNS can be found on http://www.multicastdns.org.

    MDNS can be disabled during installation by booting with the nomdns option
    set.

  ● Fine-Tuning Firewall Settings

    SuSEfirewall2 is enabled by default. That means that by default you cannot
    log in from remote systems. It also interferes with network browsing and
    multicast applications, such as SLP and Samba ("Network Neighborhood"). You
    can fine-tune the firewall settings using YaST.

  ● CD/DVD device name on pSeries changed

    With SUSE Linux Enterprise Server 10 SP1, the built-in CD/DVD drive on
    POWER3/POWER4 pSeries models p610/p615/p630 will be accessed with the
    libata kernel driver because it is more reliable. On all POWER5 models the
    libata driver is used to allow DLPAR hotplug operatons.

    This changes the kernel device name from /dev/hda to /dev/sr0.

  ● vsftpd with xinetd

    Starting with SUSE Linux Enterprise Server 10, vsftpd can be configured
    independently or over the xinetd. The default is stand-alone. In previous
    versions, the default was xinetd.

    To run it over xinetd, make sure that the service is enabled in the xinetd
    configuration (/etc/xinetd.d/vsftpd) and set the following line in /etc/
    vsftpd.conf:

          listen=NO


  ● Setting Up D-BUS for Interprocess Communication in .xinitrc

    Many applications now rely on D-BUS for interprocess communication (IPC).
    Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/
    xinitrc uses dbus-launch to start the window manager.

    If you have a local ~/.xinitrc file, you must change it accordingly.
    Otherwise applications might fail. Save your old ~/.xinitrc. Then copy the
    new template file into your home directory with:

          cp /etc/skel/.xinitrc.template ~/.xinitrc


    Finally, add your customizations from the saved ~/.xinitrc.

  ● Modular KDB

    KDB is no longer available as a loadable module on all architectures except
    Itanium. KDB is only supported in the debug kernel.

  ● PCMCIA

    cardmgr no longer manages PC cards. Instead, as with Cardbus cards and
    other subsystems, a kernel module manages them. All necessary actions are
    executed by hotplug. The pcmcia start script has been removed and cardctl
    is replaced by pccardctl. For more information, see /usr/share/doc/packages
    /pcmciautils/README.SUSE.

Chapter 7. Technology Previews

Technology Preview features are not supported or only supported limitedly.
These features are mainly included for customer convenience and may not be
funtionally complete, instable or in other ways not suitable for production
use.

  ● Hot-Add of Memory

    Hot-Add-memory is currently only supported on the following machines:

      ○ IBM xSeries x260

      ○ IBM xSeries single node x460

      ○ IBM xSeries x3800

      ○ IBM xSeries x3850

      ○ IBM xSeries single node x3950

    If your machine is not listed, please call support, whether the machine has
    been successfully tested. Else a maintenance update will explicitly mention
    the general availability of this feature.

  ● Huge Page Memory support via HMC on POWER

    Huge Page Memory support (16GB pages, enabled via HMC) is not yet supported
    under Linux. Problems occur if huge pages are assigned to a partition in
    combination with eHEA / eHCA adapters. eHEA: Network interfaces can't be
    setup if huge page memory is assigned to the same partition.

  ● libhugetlbfs

    The libhugetlbfs project shipped with SUSE Linux Enterprise Server 10 is a
    preview of application provision with transparent access to system huge
    pages. While the library provides an application with easy access to huge
    pages when sufficient huge pages have been previously allocated on the
    system, additional development and testing is required to provide a stable
    transition to normal pages in a production environment.

  ● Read-Only Root Filesystem

    It is possible to run SUSE Linux Enterprise Server 10 from Service Pack 2
    on on a read-only root filesystem. Due to the huge number of possible
    configurations, this is currently not a supported scenario.

    The /tmp and /var/tmp directories needs to be on a separate partition and
    cannot be mounted read-only.

    After the installation has finished and all services are configured, login
    as root and do the following modifications:

    Modify /etc/fstab and add "ro" to the mount options of the root filesystem
    entry.

       rm /etc/mtab
       ln -s /proc/mounts /etc/mtab
       mkdir /var/lib/hwclock
       mv /etc/adjtime /var/lib/hwclock
       ln -s /var/lib/hwclock/adjtime /etc/adjtime
       # the following two steps are only necessary if you use dhcp:
       mv /etc/resolv.conf /var/lib/misc/
       ln -s /var/lib/misc/resolv.conf /etc/resolv.conf
       # Now mount root filesystem read-only and reboot
       mount -o remount,ro /
       reboot



Chapter 8. Deprecated Functionality

The following list of current functionality is deprecated and will be removed
with the next Service Pack or major SUSE Linux Enterprise Server release.

  ● The JFS filesystem is no longer supported for new installations. The kernel
    file system driver is still there, but YaST does not offer partitioning
    with JFS.

  ● For the future strategy and development with respect to volume- and
    storage-management on SUSE Linux Enterprise System, please see: http://
    www.novell.com/linux/volumemanagement/strategy.html

  ● The ippl package is deprecated and will be removed with SUSE Linux
    Enterprise Server 11.

  ● powertweak package is deprecated and will be removed with SUSE Linux
    Enterprise Server 11.

  ● CTC, ESCON, and IUCV IP interfaces are no longer officially supported. For
    compatibility reasons, they are still usable, but with the next release of
    SUSE Linux Enterprise Server, the support of these interfaces will be
    dropped completely.

  ● For reasons of compatibility with SUSE Linux Enterprise Server 9, the
    mapped-base functionality is present in SUSE Linux Enterprise Server 10.
    This functionality is used by 32-Bit applications that need a larger
    dynamic data space (such as database management systems).

    With SUSE Linux Enterprise Server 10, a similar functionality called
    flexmap is available. Because this is now the preferred way, mapped-base is
    deprecated and will vanish in future releases.

Chapter 9. Known Issues

  ● Installing SLES 10 SP3 as a fully-virtualized guest in XEN using ISO and
    DVD media.

    There is a known issue with installing SLES 10 SP3 as a fully-virtualized
    guest using ISO and DVD media. When booting the installation from such
    media, you will get an error message stating that the installation media
    could not be found. To avoid the problem please use a different
    installation source.

    The following are suggested workarounds:

      ○ Either at the initial boot screen (where you enter boot/installation
        options) or after getting the error message in Linuxrc (and being
        redirected to the manual setup program), instead of initiating a CDROM
        install (or just typing "linux" at the command line boot option
        screen), do either a network or hard disk installation:

          □ Network installation - As a command line boot option this would be
            "install=ftp://installationsource/directory" (for an FTP
            installation). In the Linuxrc manual setup program you would simply
            select "Network" and then provide your network information and the
            installation server IP and directory.

          □ Hard Disk installation - As a command line boot option this would
            be "install=hd:/dev/hdc" (assuming your CDROM is located at /dev/
            hdc). In the Linuxrc manual setup program you would simply select
            "Hard Disk" and then provide the disk partition (e.g. /dev/sdc) and
            leave the source directory empty (Note: this option will result in
            the CDROM showing up as an extra disk during installation and
            afterwards).

      ○ Use an alternate installation method such as PXE.

  ● Suspend Power Management Features

    The suspend power management features (specifically hibernate and sleep/
    standby) are not supported on servers running SUSE Linux Enterprise Server
    10. These features may work on many systems, but cannot be guaranteed.

  ● i586 and i686 Machine with more than 16 GB of Memory

    Depending on the workload, i586 and i686 machines with 16GB-48GB of memory
    can run into instabilities. Machines with more than 48GB of memory are not
    supported at all. To run on such a machine, lower the memory with the mem=
    kernel boot option.

    On such memory scenarious we strongly recommend to use a x86-64 with 64-bit
    SUSE Linux Enterprise Server and run the x86 applications on it.

  ● Bootloader and mount by UUID or LABEL

    When the way the root device is mounted (by UUID or by label) is changed in
    YaST, the boot loader configuration needs to be saved again to make the
    change effective for the boot loader.

    The "mount by" setting displayed in the YaST2 boot loader module is the
    setting that will be in effect after saving the configuration.

  ● EVMS Volumes Might Not Appear When Using iSCSI

    If you have installed and configured an iSCSI SAN and have created and
    configured EVMS Disks or Volumes on that iSCSI SAN, your EVMS volumes might
    not be visible or accessible. This problem is caused by EVMS starting
    before the iSCSI service. iSCSI must be started and running before any
    disks or volumes on the iSCSI SAN can be accessed.

    To resolve this problem, enter either chkconfig evms on or chkconfig
    boot.evms on at the Linux server console of every server that is part of
    your iSCSI SAN. This ensures that EVMS and iSCSI start in the proper order
    each time your servers reboot.

  ● Reset behavior of MAC adresses on POWER 6 eHEA Adapter

    The reset behavior of the Power 6 eHEA (Host Ethernet Adapter) depends on
    the firmware level and the way the Linux system is restarted. The system
    can be restarted in one of the four ways:

      ○ Reboot triggered from within the LPAR

      ○ Via HMC: Use "Restart" command

      ○ Via HMC: Use "Shut Down" command. Then use "Activate" command.

      ○ Restart entire Machine, then activate the partition.

    The firmware behavior concerning MAC address resetting differs between the
    methods described above and between different firmware revisions. The
    relevant firmware version is encoded in the last 3 digits of the EC number
    shown in the update menu of the HMC.

    Value of 330 or bigger: Mac addresses are reset to default values for all
    four restart methods

    Value smaller then 330:

      ○ Mac addresses are not reset for restart method 1, 2, 3.

      ○ Mac addresses are reset to default values for method 4.

  ● Setting up bonding on a POWER 6 eHEA Adapter

    eHEA ethernet devices can be bound to a bonding device. When removing the
    bonding device it is important to detach all ehea ethernet devices from the
    bonding device before unloading the bonding module. Otherwise the unload
    operation will hang.

            modprobe bonding mode=active-backup miimon=10
            ifconfig bond0 A.B.C.D up
            ifenslave bond0 eth0 [where eth0 is an ehea]
            ....systemstart finished...

            ....shutdown started...
            ifenslave -d bond0 eth0   #<--- this is important
            rmmod bonding


  ● cpio and files larger 4GB

    cpio is not able to add files larger than 4GB to an archive.

  ● KDE and IPv6 Support

    By default, IPv6 support is not enabled for KDE. You can enable it using
    the /etc/sysconfig editor of YaST. This feature is disabled because IPv6
    addresses are not properly supported by all Internet service providers and,
    as a consequence, would lead to error messages while browsing the Web and
    delays while displaying Web pages.

  ● Installing/Updating on IBM System z9

    When installing SUSE Linux Enterprise Server 10 on a System z9, some
    restrictions apply through hardware or software. Some of these restrictions
    are part of these Release Notes. For an updated list, refer to http://
    www-128.ibm.com/developerworks/linux/linux390/october2005_restrictions.html
    .

    For IBM System z9 machines ensure to have MCF RJ9967101E or IBM System z9
    GA3 base driver installed. Otherwise Linux reboot will not work.

  ● Using Disks in z/VM (System z)

    If SUSE Linux Enterprise Server 10 is installed on disks in z/VM, which
    reside on the same physical disk, the created access path (/dev/disk/by-id
    /) is not unique. The ID of a disk is the ID of the underlying disk. So if
    two or more disk are on the same physical disk, they all have the same ID.

    To avoid this ambiguity, please use the access path by-path. This can be
    specified during the installation when the mount points are defined.

    The above restriction does not apply for SLES10 SP2 (which has fix for
    Problem-ID 34345 and 43704), if you have the z/VM PTF for APAR VM64273,
    with which z/VM provides a unique identifier that allows to distinguish
    between virtual disks on the same real device. Udev rules that provide both
    old and new /dev/disk/by-id paths are included. To use the new IDs in your
    multipath setup, please replace the getuid_callout "/sbin/dasdinfo -u -b
    %n" with "/sbin/dasdinfo -x -b %n" in your multipath configuration for DASD
    devices. Please see the man page for the dasdinfo tool for additional
    information.

  ● Local Mounts of iSCSI Shares

    An iSCSI shared device should never be mounted directly on the local
    machine. In an OCFS2 environment, doing so causes all hardware to hard
    hang.

  ● Restriction When Using cpint/hcp (System z)

    When using the cpint/hcp interface with z/VM 5.1 or earlier, the guest
    should not have more than 2 GByte of storage. If the guest has more
    storage, the command may fail.

  ● HP sx1000- and sx2000-based systems and multiple VGA adapters

    HP sx1000- and sx2000-based systems, including rx7620, rx8620, rx7640,
    rx8640 and all Superdomes, only support the use of a single VGA device per
    hard partition. The usage of more than one VGA card causes a system hang or
    crash on all of this systems.

    To prevent this on machines with more than one VGA adapter, either do not
    install the X server at all or configure it manually to use only a single
    VGA device.

  ● YaST2 CD-Creator and YUM installation sources

    The YaST2 CD-Creator module does not support YUM installation sources like
    our update server provides. For this reason, it is not possible to create a
    medium with updates included. If you want to create a medium with updates
    included, use YaST2 Product-Creator.

    YaST2 Product-Creator is a successor of YaST2 CD-Creator. It includes a GUI
    for the kiwi imaging system. This way it is also possible to create a
    Live-CD, XEN image, etc. from the same configuration used in the CD
    Creator. The Product-Creator will get shipped together with the SDK.

  ● Be aware that selecting all patterns will cause the VMI kernel to be
    installed and set as the default boot kernel. VMI is intended only for
    VMware guests and is not guaranteed to boot on bare metal.

    If you do not intend to install the VMI kernel, deselect the package by
    choosing "Details", then search for VMI package and clear the installation
    checkbox.

  ● Infiniband - IPOIB CM mode is not recommended with ehca driver

    A bug has been discovered on ppc64 systems resulting in the possibility of
    a system crash when running IPOIB in CM mode in conjunction with the ehca
    driver. Therefore we recommend against the use of IPOIB in connection mode
    on systems with ehca hardware. IPOIB datagram mode will not exhibit the
    problem thus should be used as a workaround until a fix is available.

    To disable connection mode (and enable datagram mode) edit the file:

          /etc/infiniband/openib.conf


    Comment-out or remove the line:

          SET_IPOIB_CM=yes


    The next time openibd is restarted (or the system is rebooted) ipoib will
    run in datagram mode.

  ● Firmware for Brocade FC adapter

    If a Brocade FC adapter is installed after the installation of the OS,
    please make sure to install the firmware via YaST Software Managment
    (package brocade-firmware) in addition. Otherwise the driver will fail to
    support the new device.

  ● Issues when trying to install with 128GB of physical memory

    During the installation on the x86_64 platform you may encounter the
    following error message when the system has 128 Gigabytes (GB) of physical
    memory installed:

    CI-Direct Memory Access (DMA): Using software bounce buffering for I/O
    (SWIOTLB) low bootmem alloc of 67108864 bytes failed! Kernel panic - not
    syscing: Out of low memory.

    This can be solved by adding the parameter "swiotlb=512" to "Boot Options"
    at the beginning of the installation screen.

Chapter 10. Resolved Issues

  ● Bugfixes

    This Service Pack contains all the latest bugfixes for each package
    released via the maintenance Web since the GA version.

  ● Security Fixes

    This Service Pack contains all the latest security fixes for each package
    released via the maintenance Web since the GA version.

  ● Program Temporary Fixes

    This Service Pack contains all the PTFs (Program Temporary Fix) for each
    package released via the maintenance Web since the GA version which were
    suitable for integration into the maintained common codebase.

Chapter 11. Technical Informations

This section contains a number of technical changes and enhancements for the
experienced user.

  ● OCFS2 options needed for SAP

    As part of our collaboration with SAP, we have worked intensively on
    improving the performance of our ocfs2 cluster filesystem to meet the high
    demands in the SAP BIA/BWA environment. Some improvements (like the better
    handling of huge numbers of locks) benefit all customers automatically,
    while some others need specific mkfs and mount options. These will be
    shortly described here. There are a few specific tradeoffs to be made:

      ○ data consistency vs. write performance

        data=journal/ordered/writeback

        Sidenote: ocfs2 only supported writeback until SLES10SP1.

        This puts contraints how the OS can optimize the ordering of writes to
        storage. The journal option implements data journaling; this is the
        mode safest against data loss by power loss or such, but will result in
        all data being written to storage twice, thus having a serious impact
        on write performance. The ordered option will write data just once and
        will make sure that the metadata updates in the journal and the data
        writes are ordered such that no stale data would be exposed. writeback
        provides the best performance, but can result in lost writes in case of
        power outage. For SAP BIA, this risk is uncritical (a table will need
        to be rebuilt).

      ○ sparse support vs. fragmentation

        Sidenote: sparse files in ocfs2 are only supported since SP2.

        The support for sparse files results in a higher tendency for the
        filesystem to fragment. The old allocator that did not have to deal
        with sparse files and which can be selected by the mount option
        legacy_prealloc (if the FS is created without sparse support) does a
        decent job at avoiding fragmentation at the expense of not being as
        space efficient. Use mkfs --fs-features=nosparse and mount -o
        legacy_prealloc to use the non-sparse allocator.

      ○ Other options: We additionally recommend a cluster size -C 64k (mkfs
        option) and to use the mount option noatime for SAP BIA.

  ● Locale Settings in ~/.i18n

    If you are not satisfied with locale system defaults, change the settings
    in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig
    /language. Use the same variable names but without the RC_ namespace
    prefixes, for example, use LANG instead of RC_LANG. For information about
    locales in general, see "Language and Country-Specific Settings" in the
    Reference Manual.

  ● Configuration of kdump

    The kernel is crashing or otherwise misbehaving and a kernel core dump
    needs to be captured for analysis.

    A description on how to setup kdump can be found under the following URL:
    http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId
    =3374462&sliceId=SAL_Public

  ● Realtime Applications

    When running real-time applications on larger systems, lower maximum
    latencies can be achieved by employing the new disable_buffer_lru kernel
    command-line option. This disables the per-CPU LRU in the buffer cache, and
    may thus decrease overall filesystem performance.

  ● JPackage Standard for Java Packages

    Java packages are changed to follow the JPackage Standard (http://
    www.jpackage.org/). Read the documentation in /usr/share/doc/packages/
    jpackage-utils/ for information.

  ● Loading unsupported kernel drivers

    To load unsupported kernel drivers automatically during boot, set the
    sysconfig variable LOAD_UNSUPPORTED_MODULES_AUTOMATICALLY in /etc/sysconfig
    /hardware/config to "yes".

  ● Nonexecutable Stack

    Already introduced for SUSE Linux Enterprise Server 9 on the x86-64 (AMD64)
    architecture with 64-bit kernels, the Linux kernel in SUSE Linux Enterprise
    Server also supports nonexecutable stack (NX) on x86 for CPUs that support
    it (Intel Prescott and AMD64) with 32-bit kernels. For this to work, the
    kernel with PAE support, kernel-bigsmp, must be installed. Go into YaST and
    install that kernel instead of your default kernel. For 64-bit kernels, all
    kernels support NX.

    The nonexecutable stack improves the security of your system. Many security
    vulnerabilities are stack overflows, where an attacker overwrites the stack
    of your program by feeding oversized data to the application that fails to
    properly check the length. Depending on the details of the program, with
    nonexecutable stack, these vulnerabilities may either not be exploitable
    (and only crash the program, resulting in a DoS) or at least be
    significantly harder to exploit.

    Some applications do require executable stacks. The compiler detects this
    during compilation and marks the binaries accordingly. The kernel enable an
    executable stack for them to allow them to work.

    On x86-64, to provide a higher level of security, the user can pass noexec=
    on on the kernel command line. The kernel then uses a nonexecutable stack
    unconditionally and also marks the data section of a program nonexecutable.
    This provides a higher protection level than just the nonexecutable stack,
    but potentially causes problems for some applications. Novell has not found
    any problems during testing the most commonly used applications and
    services. Because it is not the default, this has not been tested as
    extensively as the stack protection alone, so Novell only recommends this
    setup for servers after the administrator has verified that all needed
    services continue to function properly.

Chapter 12. Documentation and other information

  ● Read the READMEs on the DVDs.

  ● Get the detailed changelog information about a particular package from the
    RPM (with filename <FILENAME>):

    rpm --changelog -qp <FILENAME>.rpm


  ● Check the ChangeLog file in the top level of DVD1 for a chronological log
    of all changes made to the updated packages.

  ● Find more information in the docu directory of DVD1 of the SUSE Linux
    Enterprise Server 10 DVDs. This directory includes PDF versions of the SUSE
    Linux Enterprise Server 10 startup and preparation guides.

  ● http://www.novell.com/documentation/sles10/ contains additional or updated
    documentation for SUSE Linux Enterprise Server 10.

  ● These Release Notes are identical across all architectures. The latest
    version is available online at http://www.novell.com/linux/releasenotes/
    x86_64/SUSE-SLES/10-SP3/, http://www.novell.com/linux/releasenotes/s390x/
    SUSE-SLES/10-SP3/, etc.

  ● Visit http://www.novell.com/linux/ for the latest Linux product news from
    SUSE/Novell and http://www.novell.com/linux/source/ for additional
    information on the source code of SUSE Linux Enterprise products.

Colophon

Thanks for using SUSE Linux Enterprise Server in your business.

The SUSE Linux Enterprise Server 10 Team.

