Release Notes #

The following definitions apply:

For contracted customers and partners, SUSE Linux Enterprise Server 12 SP2 and its Modules are delivered with L3 support for all packages, except the following:

SUSE will only support the usage of original (e.g., unchanged or un-recompiled) packages.

Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.

Whether a technical preview will be moved to a fully supported package later, depends on customer and market feedback. A technical preview does not automatically result in support at a later point in time. Technical previews could be dropped at any time and SUSE is not committed to provide a technical preview later in the product cycle.

Give your SUSE representative feedback, including your experience and use case.

lspci -n | grep 0300

Modules are fully supported parts of SUSE Linux Enterprise Server with a different life cycle and update timeline. They are a set of packages, have a clearly defined scope and are delivered via online channel only. Release notes for modules are contained in this document.

The following modules are available for SUSE Linux Enterprise Server 12 SP2:

* Module is not available for the AArch64 architecture.

Extensions add extra functionality to the system and require an own registration key that is usually liable for costs. Extensions are delivered via online channel or physical media. In many cases, extensions have own release notes documents that are available from https://www.suse.com/releasenotes/.

The following extensions are available for SUSE Linux Enterprise Server 12 SP2:

This sections lists derived and related products. In many cases, these products have own release notes documents that are available from https://www.suse.com/releasenotes/.

For some configurations with many network interfaces, it can take several hours until all network interfaces are initialized (see https://bugzilla.suse.com/show_bug.cgi?id=988157 (https://bugzilla.suse.com/show_bug.cgi?id=988157)). In such cases, the installation is blocked. SLE 12 SP1 and earlier did not offer a workaround for this behavior.

With SLE 12 SP2, you can speed up interactive installations on systems with many network interfaces by configuring them via linuxrc. When a network interface is configured via linuxrc, YaST will not perform automatic DHCP configuration for any interface. Instead, YaST will continue to use the configuration from linuxrc.

To configure a particular interface via linuxrc, add the following to the boot command line before starting the installation:

ifcfg=eth0=dhcp

In the parameter, replace eth0 with the name of the appropriate network interface. The ifcfg option can be used multiple times.

Previously, when installing from local media, like a CD/DVD or USB drive, these sources remained enabled after the installation.

This could cause problems during software installation, upgrade or migration because an old or obsolete installation source remained there. Additionally, if the source was physically removed (for instance, by ejecting the CD/DVD), Zypper would complain about the source not being available.

After the installation, YaST will now check every local source whether the product they provide is also available through a remote repository. In that case, it will disable them.

YaST is a very configurable installer that allows setting very different behaviors for each product using it (SUSE Enterprise Linux, openSUSE, etc.). In previous versions of YaST, it was possible to use a feature called "Flexible Partitioning". This feature has become obsolete, as the more standard proposal mechanism has been used by SLE and openSUSE in all recent releases.

The new version of YaST detects when a (modified) installer tries to use the obsolete "Flexible Partitioning" feature, alerts the user and falls back to the standard proposal mechanism automatically.

Previously, when YaST created a new partition, there could be signatures of previous MD RAIDs on the partition. That caused the MD RAID to be auto-assembled which made the partition busy. Thus, subsequent commands on the new partition failed.

When creating partitions with YaST now, storage signatures are deleted before auto-assembly takes place.

During installation, the hostname is set to install, the DHCP-provided value, if any, or the value of the boot option hostname. The host name used during installation is not propagated to /etc/hostname of the installed system except when set using the boot option hostname.

During a installation of SUSE Linux Enterprise, existing SSH host keys from a previous installation were imported into the new system. This is convenient in some network scenarios, but as it was done without explicitly informing the user, it could lead to undesired situations.

The installer no longer silently imports the SSH host keys from the most recent Linux installation on the disk. It now allows you to choose whether to import SSH host keys and from which partition they should be imported. It is now also possible to import the rest of the SSH configuration in addition to the keys.

To import previous SSH host keys and configuration during the installation, proceed until the page Installation Summary, then choose Import SSH Host Keys and Configuration.

In earlier versions of SUSE Linux Enterprise, you could clone the system configuration as an AutoYaST profile during installation. But many services and system parameters can only be configured after the installation process has been finished and the system is up and running. This can lead to a situation where parts of the desired configuration are missing in the cloned systems.

The option of creating an AutoYaST profile has been removed. However, you can still create an AutoYaST profile from the running system, after you have made sure that the system configuration fits your needs.

During the installation of SUSE products, it can be tedious to remember and type in registration codes.

You can now save the registration codes to a USB drive and have YaST read them automatically.

For more information, see: https://github.com/yast/yast-registration/wiki/Loading-Registration-Codes-From-an-USB-Storage-%28Flash-Drive-HDD%29.

The SLES online migration process reports package conflicts when Live Patching is enabled and the kernel is being upgraded. This applies when crossing the SP1/SP2 boundary.

To prevent the conflicts, before starting the migration, execute the following as a super user:

zypper rm $(rpm -qa kgraft-patch-*)

The version of systemd shipped in SLES 12 SP2 uses the PIDs cgroup controller. This provides some per-service fork() bomb protection, leading to a safer system.

However, under certain circumstances you may notice regressions. The limits have already been raised above the upstream default values to avoid this but the risk remains.

If you notice regressions, you can change a number of TasksMax settings.

To control the default TasksMax= setting for services and scopes running on the system, use the system.conf setting DefaultTasksMax=. This setting defaults to 512, which means services that are not explicitly configured otherwise will only be able to create 512 processes or threads at maximum.

For thread- or process-heavy services, you may need to set a higher TasksMax value. In such cases, set TasksMax directly in the specific unit files. Either choose a numeric value or even infinity.

Similarly, you can limit the total number of processes or tasks each user can own concurrently. To do so, use the logind.conf setting UserTasksMax (the default is 12288).

nspawn containers also have a TasksMax value set now, the default is 16384.

Transparent Huge Pages (THP) are an important alternative to hugetlbfs that boosts performance for some applications by reducing the amount of work a CPU must do when translating virtual to physical addresses. It is particularly important for virtual machine performance where there are two translation layers.

Early in the lifetime of the system there is enough free memory such that these pages can be allocated cheaply. Once the system is running for long enough, memory must be reclaimed and compacted to allocate the THP. This forces applications to stall for potentially long periods of time which many applications cannot tolerate. In many tuning guides, there is simply a recommendation to disable THP in a number of cases.

SLE 12 SP2 disables THP defragmentation by default. THPs will only be used if they are available instead of stalling on defragmentation. Normally, the defragmentation work is deferred and THPs will be created in the future. However, if an application explicitly requests such behavior via madvise(), it will stall.

If a system has many applications that are willing to stall to allocate THP, it is possible to restore the previous behavior of SLE via sysfs:

echo always > /sys/kernel/mm/transparent_hugepage/defrag

Detailed information about physical memory pages can help answer questions such as:

This is useful for L3 support of the kernel and during development and testing of out-of-tree kernel modules, for example, to debug memory leaks. Previously, kernel interfaces could only provide a subset of the page status flags, and only provide a summary about generic memory usage categories.

The Linux kernel shipped with SLE 12 SP2 can provide more detailed information. However, tracking extra information about each page that the kernel allocates creates overhead in terms of code to be executed and memory used. Therefore, this feature is disabled by default.

This feature is shipped with all kernel versions of SLE 12 SP2 and can be enabled during boot using the kernel parameter page_owner=on.

To obtain the status of all pages, use:

cat /sys/kernel/debug/page_owner > file

The file contains the following for each physical page:

Additional postprocessing of the output can be used, for example, to count the number of pages for each unique backtrace which can help discover a code path that leaks memory.

The CPU scheduler maintains a number of statistics for the purposes of debugging, some tracepoints and sleep profiling. They are only useful for detailed analysis but they incur an overhead for all users. They may be disabled at kernel build time but they are enabled as debugging in the field is important and tools like latencytop depend on them.

Some expensive scheduler debugging statistics are disabled by default. Enabling sleep profiling or running latencytop will activate them automatically but activating the tracepoints will require user intervention. The affected tracepoints are sched_stat_wait, sched_stat_sleep, sched_stat_iowait, sched_stat_blocked and sched_stat_runtime.

They can be activated at runtime using:

echo 1 > /sys/kernel/debug/tracing/events/sched/enable

They can be disabled at runtime using:

echo 0 > /sys/kernel/debug/tracing/events/sched/enable

The first number of tracepoint activations may contain stale data until the necessary data is collected. If this is undesirable, it is possible to activate them at boot time via the kernel parameter schedstats=enable.

The following minor changes have been identified in the 4.4 kernel:

Memory mirroring offers increased system reliability. However, full memory mirroring also dramatically decreases available memory size.

Partial memory mirroring addresses this issue by setting up a smaller mirrored memory range and using this range for kernel code and data structures. The remaining memory operates in regular mode which leaves more room for applications. This feature requires support in hardware and EFI firmware and is currently supported on Fujitsu PRIMEQUEST 2000 series systems and its successor models.

The CXL flash storage device provides persistent, flash-based storage using CAPI technology.

There was a request to provide information about how much of Linux-kernel shared memory (shmem) is swapped out, for processes using such memory segments. shmem mappings are either System V shared memory segments, mappings created by mmap() with MAP_ANONYMOUS / MAP_SHARED flags, and shared mmap() mappings of files residing on the tmpfs RAM disk file system. Prior to the implemented changes, in /proc/pid/smaps, swap usage for these segments would have been shown as 0.

The kernel has been modified to show swap usage of shmem segments properly in /proc/pid/smaps files. Due to shmem implementation limitations, this value will also count swapped-out pages that the process has mapped, but never touched, which differs from anonymous memory accounting. Due to the same limitations and to prevent excessive CPU overhead, the VmSwap field in /proc/pid/status is unaffected and will not account for swapped-out portions of shmem mappings. In addition, the /proc/pid/status file has been enhanced to include three new Rss* fields as a breakdown of the VmRSS field to anonymous, file and shmem mappings. Example excerpt:

VmRSS:      5108 kB
RssAnon:              92 kB
RssFile:            1324 kB
RssShmem:           3692 kB

Non-volatile DIMMs are byte-addressable memory chips that fit inside a computer's normal memory slot but are, in contrast to DRAM chips persistent and thus can be used as an enhancement or replacement for a computer's hard disk drives. This imposes several challenges, namely:

The Linux kernel shipped with SLE now includes several drivers to address these challenges:

The page cache is usually used to buffer reads and writes to files. It is also used to provide the pages which are mapped into userspace by a call to mmap. For block devices that are memory-like, the page cache pages would be unnecessary copies of the original storage.

The Direct Access (DAX) kernel code avoids the extra copy by directly reading from and writing to the storage device. For file mappings, the storage device is mapped directly into userspace. This functionality is implemented in the XFS and Ext4 file systems.

The ZRAM module creates RAM-based block devices. Pages written to these disks are compressed and stored in memory itself. Such disks allow for very fast I/O. Additionally, compression provides memory savings.

ZRAM devices can be managed and configured with the help of the tool zramctl (see the man page of zramctl(8)). Configuration persistence is ensured by zramcfg system service.

Usually, when a system's physical memory is exceeded, the system moves some memory onto reserved space on a hard drive, called "swap" space. This frees physical memory space for additional use. However, this process of "swapping" memory onto (and off a hard drive is much slower than direct memory access, so it can slow down the entire system.

The zswap driver inserts itself between the system and the swap hard drive, and instead of writing memory to a hard drive, it compresses memory. This speeds up both writing to swap and reading from swap, which results in better overall system performance while using swap.

To enable the zswap driver, write 1 or Y to the file /sys/module/zswap/parameters/enabled.

Storage Back-ends

There are two back-ends available for storing compressed pages, zbud (the default), and zsmalloc. The two back-ends each have their own advantages and disadvantages:

It is not possible to give a general recommendation on which storage back-end should be used, as the decision is highly dependent on workload. To change the storage back-end, write either zbud or zsmalloc to the file /sys/module/zswap/parameters/zpool. Pick the back-end before enabling zswap. Changing it later is unsupported.

Setting zswap Memory

Compressed memory still uses a certain amount of memory, so zswap has a limit to the amount of memory which will be stored compressed, which is controllable through the file /sys/module/zswap/parameters/max_pool_percent. By default, this is set to 20, which indicates zswap will use 20 percent of the total system physical memory to store compressed memory.

The zswap memory limit has to be carefully configured. Setting the limit too high can lead to premature out-of-memory situations that would not exist without zswap, if the memory is filled by non-swappable non-reclaimable pages. This includes mlocked memory and pages locked by drivers and other kernel users.

For the same reason, performance can also be hurt by compression/decompression if the current workload's workset would, for example, fit into 90 percent of the available RAM, but 20 percent of RAM is already occupied by zswap. This means that the missing 10 percent of uncompressed RAM would constantly be swapped out of/in to the memory area compressed by zswap, while the rest of the memory compressed by zswap would hold pages that were swapped out earlier which are currently unused. There is no mechanism that would result in gradual writeback of those unused pages to let the uncompressed memory grow.

Freeing zswap Memory

zswap will only free its pages in certain situations:

Memory Allocation Issues

In theory, it can happen that zswap is not yet exceeding its memory limit, but already fails to allocate memory to store compressed pages. In that case, it will refuse to compress any new pages and they will be swapped to disk immediately. For confirmation whether this issue is occurring, check the value of /sys/kernel/debug/zswap/reject_alloc_fail.

Previously, YaST offered no way to know whether two interfaces with NPAR/SR-IOV capabilities were sharing the same physical port. As a result, users could bond them without realizing that they were not getting the desired effect in terms of redundancy.

Information about the physical port ID has been added to Interface Overview and also for each entry of the Bond Slaves table, so you can now inspect the physical port ID when selecting an interface.

Additionally, you will be alerted when trying to bond devices sharing the same physical port.

When SUSE Linux Enterprise 12 was first released, the sudo binary did not correctly support SASL authentication for LDAP because the package was built without a build dependency on the package cyrus-sasl-devel.

To be able to use sudo with SASL, update to the latest version of the package sudo. For information about enabling SASL authentication for sudo, see man 5 sudoers.ldap.

To ease future maintenance, in SLE 12 SP2, systemd was updated to version 228. This version does not support using System V and LSB init scripts from the systemd daemon itself any more.

This functionality is now implemented as a generator that creates systemd unit files from System V/LSB init scripts. These unit files are generated at boot or when systemd is reloaded. Therefore, to have changed System V init scripts recognized by systemd, run systemctl daemon-reload or reboot the machine.

For more information, see the man page of systemd-sysv-generator (man systemd-sysv-generator).

If you are packaging software that ships System V init scripts, use the RPM macros documented at https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines (https://en.opensuse.org/openSUSE:Systemd_packaging_guidelines#Register_services_in_install_scripts) (Section "Register Services in Install Scripts").

Due to a problem in the AutoYaST version shipped with SLE 12 SP1, the network configuration used during the first stage was always copied to the installed system. This happened regardless of the value of keep_install_network in the AutoYaST profile.

SLE 12 SP2 behaves as expected and keep_install_network will be set to true by default.

The new YaST VPN module provides an intuitive and easy to use interface for setting up VPN gateways and clients. It simplifies the setup of typical IPSec VPN gateways and clients.

IPSec is an open and standardized VPN protocol, natively supported by most operating systems and devices, including Linux, Unix, Windows, Android, Blackberry, Apple iOS and MacOS, without the need for third-party software solution.

Using the YaST VPN module, you can create VPN gateways for the following scenarios:

Additionally, you can set up connections to remote VPN gateways, for the following scenarios:

You can configure a SLES computer to become a member in Microsoft Active Directory to leverage its user account and group management. In previous versions of SLES, enrolling a computer in a Microsoft Active Directory was a lengthy and error-prone procedure.

In SLES 12 SP2, YaST ships with the new configuration tool User Logon Management (previously Authentication Client) which offers a powerful yet simple user interface for joining an Active Directory domain and allows authenticating users using those domain accounts. In addition to Active Directory, the editor can also set up authentication against a generic Kerberos or LDAP service.

ntp was updated to version 4.2.8.

Name resolution for the affected hosts works otherwise.

Parameter changes

The meaning of some parameters for the sntp command-line tool have changed or have been dropped, for example sntp -s is now sntp -S. Please review any sntp usage in your own scripts for required changes.

After having been deprecated for several years, ntpdc is now disabled by default for security reasons. It can be re-enabled by adding the line enable mode7 to /etc/ntp.conf, but preferably ntpq should be used instead.

In environments with a clearly defined list of packages to be installed on the system and weak package dependency resolution disabled via solver.onlyRequires=true in /etc/zypp/zypp.conf, automatic installation of the initial kGraft patch is broken.

As an aid in this situation, the package kernel-$FLAVOR-kgraft is provided. Installing this package pulls the associated kGraft patch into the system.

Sudo now respects groups added by the pam_group module and adds these groups to the target user.

If there is a user tux, you can now use the following to add it to the group games:

In SLE 12 SP1 and before, the user tux would not have been added to the group games:

uid=1002(tux) gid=100(users) groups=100(users)

In SLE 12 SP2, the user tux is added to the group games:

uid=1002(tux) gid=100(users) groups=100(users),40(games)

This feature enables perf to collect guest exit statistics based on the kvm_exits made by the threads of a guest-to-host context. The statistics report is grouped by exit reason. This can used as an indicator of the performance of a VM under a certain workload.

Besides kvm_exits, hypervisor calls are also reported and grouped by hcall reason. The statistics can be shown for an individual guest or all guests running on a system.

Page initialization takes a very long time on large-memory systems. This is one of the reasons why large machines take a long time to boot.

The kernel now provides deferred initialization of page structures on the x86_64 architecture. Only approximately 2 GB per memory node are initialized during boot, the rest is initialized in parallel with the boot process by kernel threads named pgdatinitX, where X indicates the node ID.

If it is not the root file system and if the file system has at least 20 % free space available, in-place conversion of an existing Ext2/Ext3/Ext4 or ReiserFS file system is supported for data mount points.

SUSE does not recommend or support in-place conversion of OS root file systems. In-place conversion to Btrfs of root file systems requires manual subvolume configuration and additional configuration changes that are not automatically applied for all use cases.

To ensure data integrity and the highest level of customer satisfaction, when upgrading, maintain existing root file systems. Alternatively, reinstall the entire operating system.

/var/cache contains very volatile data, like the Zypper cache with RPM packages in different versions for each update. As a result of storing data that is mostly redundant but highly volatile, the amount of disk space a snapshot occupies can increase very fast.

To solve this, move /var/cache to a separate subvolume. On fresh installations of SLE 12 SP2 or newer, this is done automatically. To convert an existing root file system, perform the following steps:

The tool nvme-cli provides management features to NVMe devices, such as adapter information retrieval, namespace creation/formatting and adapter firmware update.

The upstream developers of systemd do not support the NFS mount option bg any more. While this mount option is still supported in SLE 12 SP2, it will be removed in the next version of SLE.

It will be replaced by the systemd mount option nofail.

Some programs do not respect the special disk space characteristics of a Btrfs file system containing snapshots. This can result in unexpected situations where no free space is left on a Btrfs filesystem.

Snapper can watch the disk space of snapshots that have automatic cleanup enabled and can try to keep the amount of disk space used below a threshold.

If snapshots are enabled, the feature is enabled for the root file system by default on new installations.

For existing installations, the system administrator must enable quota and set limits for the cleanup algorithm to use this new feature. This can be done using the following commands:

For more information, see the man pages of snapper and snapper-configs.

SUSE Linux Enterprise Virtual Machine Driver Pack is a set of paravirtualized device drivers for Microsoft Windows operating systems. These drivers improve the performance of unmodified Windows guest operating systems that are run in virtual environments created using Xen or KVM hypervisors with SUSE Linux Enterprise Server 11 SP4 and SUSE Linux Enterprise Server 12 SP2. Paravirtualized device drivers are installed in virtual machine instances of operating systems and represent hardware and functionality similar to the underlying physical hardware used by the system virtualization software layer.

The new features of SUSE Linux Enterprise Virtual Machine Driver Pack 2.4 include:

New driver and utility features:

In previous versions of SLE, huge pages with a size of 1 GB could only be allocated via a kernel parameter at boot. This has the following drawbacks:

On the x86-64 architecture, SLE can now allocate and free 1 GB huge pages at system run time, using the same methods that are also used for regular huge pages.

However, you should still allocate 1 GB huge pages as early as possible during the run time. Otherwise, physical memory can become fragmented by other uses and the risk of allocation failure grows.

IPL devices are no longer restricted to subchannel set 0. The limitation is removed as of IBM zEnterprise 196 GA2.

systemd now provides full and correct support for driver model buses specific to Linux on z Systems, such as ccw, ccwgroup, and zfcp.

Depending on the hypervisor that a system runs on (such as z/VM, zKVM, or LPAR), during boot, differerent actions can be needed.

The service virtsetup is preconfigured to do that. To activate it, execute the following command:

systemctl enable virtsetup.service

To configure this service in more detail, see the file /etc/sysconfig/virtsetup. You can also edit the file through YaST:

yast2 sysconfig

Linux guests are now better integrated into the z/VM print solution. It is now possible to specify the spool options CLASS and FORM together with the print command of the VMUR tool.

Userspace applications can now query whether the Linux instance can act as a hypervisor by checking for the SIE (Start Interpretive Execution) capability. This is useful, for example, in continuous integration (CI) environments.

When installing SLES 12 SP2, iSCSI devices may not be enabled after installation.

When configuring iSCSI volumes, make sure to set start mode to automatic. onboot is only valid for iSCSI devices which are supposed to be activated from the initrd, that is, when the system is booted from iSCSI. However, that is currently not supported on z Systems.

You can now concurrently access DASD volumes from different operating system instances. Applications can now query whether a DASD volume is online within another operating system instance by querying the storage server for the online status of all attached hosts. The command lsdasd can display this information, and the commands zdsfs, fdasd, and dasdfmt can evaluate it.

SLES 12 SP2 supports the 10GbE RoCE Express feature on zEC12, zBC12 and IBM z13 via the Ethernet device using TCP/IP traffic without restrictions. Before using this feature on an IBM z13, make sure that the minimum required service is applied: z/VM APAR UM34525 and HW ycode N98778.057 (bundle 14). Use the default MTU size (1500).

SLES 12 SP2 now includes support for RDMA enablement and DAPL/OFED for z Systems. With the Mellanox virtualization support (SR-IOV) the limitation for LPAR use only on an IBM zEC12 or zBC12 is removed and RDMA can be used on an IBM z13.

A HiperSocket port can now be configured to accept Ethernet frames to unknown MAC addresses. This enables it to be used as a member of a software bridge. Control and report of the bridge port status of the HiperSocket port and the udev events are performed via new sysfs attributes.

Priority queuing is now supported for IPv6, similarly to IPv4. This especially improves Linux Live Guest Migration by using IPv6 to minimize impact on workload traffic and enables priority queuing for all applications that use IPv6 QoS traffic operations.

Classic OSA operation in layer 3 mode provides numerous offload operations, exchanging larger amounts of data between the operating system and the OSA adapter. The qeth device driver now also provides large send/receive and checksum offload operations for layer 2 mode.

The tool for remote systems management for Linux, snIPL, now includes IPv6 support. This broadens the set of environments that snIPL supports and simplifies moving from IPv4 to IPv6.

Enhancements in the OSA device driver enable setting network interfaces into promiscuous mode. The mode can provide outside connectivity for virtual servers by receiving all frames through a network interface.

In OpenStack environments, Open vSwitch is one of the connectivity options that use this feature.

The libica support for the generation of pseudo-random numbers for the "Deterministic Random Bit Generator" (DRBG) was enhanced to comply with updated security specifications (NIST SP 800-90A).

This feature enables the monitoring of CPACF crypto activity in the Linux image, in the kernel, and in userspace. A configurable crypto-activity counter allows switching monitoring of CPACF crypto activity on or off for selected areas to verify and monitor specific needs in the crypto stack.

Dynamic tracing in openCryptoki now allows starting and stopping tracing of all openCryptoki API calls and the related tokens while the application is running. This also allows using cryptography in the Java Security Architecture (JCA/JCE) which transparently falls back to software cryptography. Enhanced tracing can now identify whether cryptographic hardware is actually used.

The openCryptoki ICA includes support for a new mechanism supported by CPACF MSA 4. GCM is a highly recommended mechanism for use with TLS 1.2.

We now provide a tool to change master keys on the CCA co-processor without losing the encrypted data. This helps to stay compliant with enhanced industry regulations and company policies.

The Linux support for CUIR (Control Unit Initiated Reconfiguration), which enables concurrent storage service with no or minimized down time, has been extended to include Linux running as a z/VM guest.

The HYPFS has been extended to provide the "diag 0C data" also for Linux z/VM guests that distinguish "management time" spent as part of CPU load.

Support of the IBM z13 hardware instructions in glibc provides improved application performance.

Splitting the system memory into multiple NUMA nodes and distributing memory without using real topology information about the physical memory can improve performance. This is especially true for large systems. This feature is turned off by default but can be enabled for a system from the command line.

In the default configuration of SLES 12 SP2 for z Systems, the boot parameter quiet is disabled, so the system console shows more useful log messages. This has the drawback that the increased amount of log messages can hide a password prompt, such as the prompt for decrypting devices at boot.

To make the password prompt more visible among the system messages, add the boot parameter quiet when there are encrypted devices that need to be activated at system boot.

You can now install from media in the DVD/USB drive of the Hardware Management Console (HMC).

To do so:

Important: Do not forget to configure the network in linuxrc before starting the installation. There is no way to pass boot parameters later and it is very likely that you will need network access. In linuxrc, go to Start Installation > Network Setup.

Important: Wait until the Linux system is booting before granting access to the DVD in the HMC. IPLing seems to disrupt the connection between the HMC and the LPAR in some way. If the first attempt to use it fails, you can grant the access and retry the option HMC.

Note: The installation medium will not be available in the installed system. If you need an installation repository there, register and use the online repository.

Ethernet drivers have been added between kernel versions 3.12 (SLES 12 GA) and 4.4 (SLES 12 SP2).

The support status of Ethernet drivers has been updated for SLE 12 SP2 and below is the list of newly supported drivers.

This Service Pack adds support for the following Intel processors:

SLES now ships with the package libcxl. It provides the library of the same name that can be used for userspace CAPI.

The SLE SDK contains the corresponding development package, libcxl-devel.

In addition to the established tool targetcli, there is now also its enhanced version targetcli-fb available. New users are encouraged to deploy targetcli-fb.

Desktop users often want the size and position of windows to remain the same, even across application restarts. Such functionality usually has to be implemented at the application level but not all applications do so.

In SUSE Linux Enterprise 12 SP2, Devilspie 2 (package devilspie2) has been added. Desvilspie 2 is a window matching utility that allow you to script actions on windows as they are created, such as maximizing windows or setting their size and position.

To allow evaluating and enforcing password strength in an OpenLDAP deployment, the package openldap2-ppolicy-check-password has been added. It is an OpenLDAP password policy plugin which evaluates and enforces strength in new user passwords, and denies weak passwords in password change operations. Configuration options of the plugin allow system administrators to adjust password strength requirements.

SUSE Enterprise Storage 3 and later versions expose additional functionality and performance to upgraded clients, such as the use of advanced RBD features and improved CephFS integration. While SUSE Enterprise Storage 3 is backwards-compatible with older clients, the full benefits are only available to newer clients.

As part of SUSE Linux Enterprise Server 12 Service Pack 2, the Ceph client code, as provided by ceph-common and the related library packages, has been upgraded to match the latest SUSE Enterprise Storage release.

This update also includes rebuilt versions of the KVM integration to take advantage of these.

libStorageMgmt allows programmatically managing storage hardware in a vendor-neutral way.

In SLES 12 SP2, libStorageMgmt was upgraded to version 1.3.2. This version fixes several bugs and adds the ability to more retrieve disk information, such as information on batteries and the list of local disks.

glibc has been upgraded to meet demands in transactional memory handling and memory protection and to gain performance optimizations for modern platforms.

lsof has been updated from version 4.84 to 4.89. The changelog can be found in the file /usr/share/doc/packages/lsof/DIST.

The Qt 5 libraries were updated to 5.6.1, a Qt 5.6 LTS based release. Qt 5.6.1 includes new features and security fixes for known vulnerabilities over Qt 5.5.1 (the version shipped in an upgrade to SP1).

This release includes many bug fixes and changes that improve performance and reduce memory consumption.

For security reasons, the MNG and JPEG2000 image format plugins are not shipped anymore, because the underlying MNG and JPEG2000 libraries have known security issues.

New features include:

As part of this update, Qt Creator has been updated to 4.0.1 (from Qt Creator 3.5.1 shipped as an update to SP1).

New features of Qt Creator include:

In versions of RPM greater than 4.6.0, the behavior of the BuildRoot directive was changed compared to prior versions. RPM now enforces using a build root for all packages and ignores the BuildRoot directive in spec files. By default, rpmbuild places the build root inside %{_topdir}. However, this can be changed through macro configuration.

In the version of RPM shipped with SUSE Linux Enterprise 12 (and later), the BuildRoot directive of spec files is silently ignored. However, it is recommended to keep the BuildRoot directive in spec files for backward compatibility with earlier versions of SUSE Linux Enterprise (and RPM).

For more information, see the RPM 4.6.0 release notes at http://rpm.org/wiki/Releases/4.6.0 (http://rpm.org/wiki/Releases/4.6.0).

OpenSSH received numerous changes and improvements in the last years. To ease further maintenance, OpenSSH was upgraded to a more current release.

Note that the SSHv1 protocol is no longer supported.

Puppet has been updated from 3.6.2 to 3.8.5. All releases between these two versions should only bring Puppet 3 backward-compatible features and bug and security fixes.

For more information, read the following release notes:

In particular, you should pay attention to the following upgrade notes and warnings:

SLE 12 SP1 shipped with coreutils 8.22. SLE 12 SP2 ships with coreutils 8.25. This new release brings a number of changes in behavior:

chroot

openSSL has been updated from version 1.0.1 to 1.0.2 which is a compatible minor version update. This will help future maintenance, and also brings many bug fixes.

The update to openSSL 1.0.2 should be transparent to existing programs.

However, there were some functional changes were done: SSL 2 support is now fully disabled and certain weak ciphers are no longer built in.

With SLE 12 SP2, the packages perl-Cyrus-IMAP and perl-Cyrus-SIEVE-managesieve have been removed from the media.

librpcsecgss (packages: librpcsecgss3, librpcsecgss-devel) has been removed. With the release of libtirpc, the development of libsecgss stopped and it fell out of use. We recommend using libtirpc instead.

Functionality previously shipped in the packages libusnic_verbs-rdmav2 and libusnic_verbs-rdmav2-pingpong has been integrated into libibverbs.

The packages listed below were removed with the major release of SUSE Linux Enterprise Server 12.

The packages listed below were removed with the release of SUSE Linux Enterprise Server 12 SP2.

To be compliant with the upstream version of OpenMPI, the source configuration option --with-devel-header has been removed. This only affects developers of OpenMPI plugins outside of the source tree.

Developers of plugins outside of the source tree need to recompile the source with the option --with-devel-header added. All other users are not affected.

Byebug is a simple-to-use, feature-rich Ruby 2 debugger that is also used to debug YaST. It uses the TracePoint API and the Debug Inspector API. For speed, it is implemented as a C extension.

It allows you to see what is going on inside a Ruby program while it executes and offers traditional debugging features such as stepping, breaking, evaluating, and tracking.

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.

The maximum file size above can be larger than the file system's actual size due to usage of sparse blocks. Note that unless a file system comes with large file support (LFS), the maximum file size on a 32-bit system is 2 GB (2^31 bytes). Currently all of our standard file systems (including Ext3 and ReiserFS) have LFS, which gives a maximum file size of 2^63 bytes in theory. The numbers in the above tables assume that the file systems are using 4 KiB block size. When using different block sizes, the results are different, but 4 KiB reflects the most common standard.

In this document: 1024 Bytes = 1 KiB; 1024 KiB = 1 MiB; 1024 MiB = 1 GiB; 1024 GiB = 1 TiB; 1024 TiB = 1 PiB; 1024 PiB = 1 EiB. See also http://physics.nist.gov/cuu/Units/binary.html.

NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported.

The version of Samba shipped with SUSE Linux Enterprise Server 12 SP2 delivers integration with Windows 7 Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 12 SP2.

The following table lists supported and unsupported Btrfs features across multiple SLES versions.