Version 10.4.15 (2016-09-07)
These release notes are generic for all SUSE Linux Enterprise Server 10 based products. Some
parts may not apply to a particular architecture/product. Where this is
not obvious, the respective architectures are listed explicitly. The
instructions for installing this Service Pack can be found in the
README file on DVD1. There are also translations of
A startup and preparation guide are found under the
docu directory on the media. Any documentation
(if installed) can be found below
in the installed system.
This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request Novell will mail a copy of the source code. Requests should be sent by e-mail to mailto:email@example.com or as otherwise instructed at http://www.suse.com/download-linux/source-code.html. Novell may charge a fee to recover its reasonable costs of distribution.
Table of Contents
This SUSE Linux Enterprise Server 10 Service Pack 4 serves several purposes:
Provide all maintenance fixes (see Chapter 2, Driver Updates) released since GA of SLES 10.
Provide an easy update (see README) of your system or individual packages to the latest Service Pack level. This is especially useful if you cannot use online update mechanisms.
Provide an easy fresh install (see README) using the latest kernel, drivers, and installer updates.
Include PTFs (special fixes for customers) which were folded back into the SLES 10 common code base making them part of the maintained code base.
Provide useful additional information and documentation (see Chapter 4, Installation-Related Notes).
Through joint testing and maximum care, we try hard not to break any ISV certification with a Service Pack, but we recommend checking with your ISV about your application's certification status.
With the release of SUSE Linux Enterprise Server 10 Service Pack 4, the now obsoleted Service Pack 3 enters limited support status for the following 6 months, during which time Novell will continue to provide security updates and L3 support to maintain its customer's operations safe during the migration window. At the end of the six-month parallel support period, on October, 12th 2011, support for Service Pack 3 will be permanently discontinued.
Updated bnx2x driver to version 1.60.00
Added Chelsio T4 driver (cxgb4)
Updated tg3 driver to version 3.114b
Added ixgbevf driver in version 1.0.8
Added qlcnic driver in version 5.0.11
Updated benet driver to version 2.102.453s
Updated netxen driver to version 4.0.74
Updated Brocade 10G PCIe Ethernet (bna) driver to version 126.96.36.199
Updated bnx2 driver to version 2.0.17
Updated e1000e driver to version 1.2.17
Updated ixgbe driver to version 3.0.14
Updated igb driver to version 2.3.4
Add support for the Mellanox ConnectX QDR Infiniband card (IBM POWER) to the mlx4 driver.
FCoCEE NPIV Support (excluded: boot support) for IBM POWER.
Optimized Latency Mode (OLM) toleration on IBM System z. If Linux and other OSes (like z/OS) use a shared OSA Express3 device in Optimized Latency Mode, only a limited number of stacks can actually use the device. This feature provides a new return code such that subsequent stacks will be rejected with a new return code. It allows the user a more diffentiated reaction to solve the situation
qeth supports new CHPIDs OSX and OSM introduced with z196 on IBM System z. OSM for connectivity to intranode management network (INMN) from z196 to Unified Resource Manager, OSX for connectivity and access control to the intraensemble data network (IEDN) from z196 to Unified Resource Manager functions. qeth now recognizes these CHPIDs and handles them appropriately.
Updated Brocade FC/FCoE driver (bfa) to version 188.8.131.52
Updated aacraid driver to version 26400
Added LSI MPT Fusion SAS 2.0 Device driver (mpt2sas) in version 6.103.00.00
Updated lpfc driver to version 184.108.40.206
Updated cciss driver to version 3.6.28
Updated megaraid_sas to version 4.37
Updated PMC-Sierra driver (pmcraid)
Updated qla2xxx driver
Updated qla4xxx to version 5.02.03.00.10.4
Updated fusion driver to version 3.04.17
Update driver ipr for 64-bit PCI-E x8 Gen2 6Gb SAS adapters to version 220.127.116.11
FICON - HyperPAV support, a very flexible concept to massively improve device performance by using a set of subchannels as an ALIAS-pool, was added to IBM System z.
Power Virtual SCSI Next Generation (mulitpath-tools update) was added to IBM POWER. This allows for system administrators to more easily partition storage already allocated to them from their storage administrators, yet still use dual VIOS and dm-multipath for fault tolerance.
ntp was updated to version 4.2.8.
In addition to xntp, ntp (version 4.2.8) is now also available on the SLE 10 plattform.
In security critical environments, consider to remove xntp, switch to ntp, and adjust your configuration.
These are the most important differences:
The meaning of some parameters for the sntp commandline tool have
changed or have been dropped, for example
sntp -s is
sntp -S. Review any sntp usage in your own
scripts for required changes.
After having been deprecated for several years, ntpdc is now disabled by
default for security reasons. It can be re-enabled by adding the line
enable mode7 to
ntpq should be used instead.
With ntp on SLE 10 , do not use yast2-ntp-client for configuration.
Performance Co-Pilot (package
pcp) was updated to
version 3.6.10. This update obsoletes
libpcp.so.2. As a result, any in-house or
third-party applications developed using
libpcp.so.2 will need to be re-based against
The new library and corresponding development header files are
provided as part of the
On SUSE Linux Enterprise Server 10 Service Pack 4 the packages coreutils, gdb and nagios-plugins contain code which is licensed under the GNU General Public License Version 3.
Added libservicelog and servicelog to provide support for serviceability and server management tools. Customer can query servicelog for events requiring attention like failing PCI card (IBM POWER).
Added ppc64-diag on POWER to provide an API and tools by which external serviceability and diagnostics can access Vital Product Data, consisting of hardware present on a system, the characteristics of that hardware, and hardware state.
Added vhostmd on i586 and x86-64.
Added mozilla-xulrunner192 for MozillaFirefox 3.6.
This update also brings updates of Mozilla NSPR and Mozilla NSS libraries. Mozilla NSS libraries contain cryptographic enhancements, including TLS 1.2 support.
It comes with PDF.js, which now replaces the Acroread PDF plugin.
Added openssl-certs, which contains additional CA certificates for openssl.
Added sces-client, a client for the SUSE Cloud License Manager.
Added suse-ami-tools for running SUSE Linux Enterprise on Amazon EC2.
Updated bind to version 9.5.2-P4.
Updated samba to version 3.4.
Updated clamav to version 0.96.1.
Updated gdb to version 7.1.
Updated OFED tools to latest 1.4 and/or 1.5.2 release.
Updated iprutils to version 2.3.2 to support 6GB SAS RAID on Power7.
Updated openssh to version 5.1p1.
Updated IBM Javas to latest service releases.
Updated sblim-cim-client to version 18.104.22.168. Includes new support for IPv6, TLS and DBCS authentication.
Ext2/Ext3 utilities were fixed for filesytems larger than 8TB.
Refreshed openssl-ibmca for hardware crypto 4K keys usage (IBM System z).
Additional 31bit compat library for c++ Boost to enable use of TM1/Cognos OLAP (IBM System z).
zipl integration of device mapper devices (IBM System z).
Allow installation of and booting from a boot record on logical devices, i.e. devices managed by device mapper or multipath devices. These setups must confirm to a set of rules: physical device is of type DASD or SCSI, all blocks on the logical device correspond to blocks on the same physical device, adjacent blocks on the logical device correspond to adjacent blocks on the physical device, access to block 0 of the physical device.
snIPL enhancement to trigger SCSI dump on remote container (IBM System z)
Configurable dump and IPL parameters to prevent infinite panic-dump-ipl loop (IBM System z)
Librtas was updated for new RTAS event fields on IBM POWER. These updates allow customers that decipher RTAS events to properly see this new information.
Power7 & ISA 2.06 support on IBM POWER. Detect POWER7 as a platform for potential user space application acceleration.
powerpc-utils update for Power7 (IBM POWER). Allows customers to tune application to exploit simultaneous multithreading usage for the best performance.
Updated lsvpd to version 1.6.7.
This section includes installation-related information for this Service Pack.
Installation using Persistent Device names
If you plan to add additional storage devices to your system after the OS installation, we strongly recommend to use persistent device names for all storage devices during installation. The installer by default uses the kernel device names.
How to proceed:
During installation, enter the partitioner. For each partition, select "Edit" and go to the "FStab Options" dialog. Any mount option except "Device name" provide you persistent devicenames.
To switch an already installed system to using persistent device names, proceed as described above for all existing partitions. In addition, rerun the boot loader module in YaST to switch the bootloader to using the persistent device name also. Just start the module and select "Finish" to write the new proposed configuration to disk. This needs to be done before adding new storage devices.
For further information please look at http://en.opensuse.org/SDB:Persistent_storage_device_names.
Network-based root file systems must not be accessed through a bridge device.
Booting a network-based filesystem (e.g. iSCSI) that is accessed through a bridge does not work. The workaround is to create a networkpath that does not go through a bridge.
MD Devices on top of iSCSI not possible
iSCSI devices cannot be used for Linux Software RAID. Using MD devices on top of iSCSI triggers a cyclic dependency that leads to a crash.
Using qla3xxx and qla4xxx driver at the same time
QLogic iSCSI Expansion Card for IBM BladeCenter provides both Ethernet and iSCSI functions. Some parts on the card are shared by both functions. The current qla3xxx (ethernet) and qla4xxx (iSCSI) drivers support Ethernet and iSCSI function individually. They do not support using both functions at the same time. Using both Ethernet and iSCSI functions at the same time may hang the device and cause data lost and filesystem corruptions on iSCSI devices or network disruptions on Ethernet.
Using iSCSI Disks When Installing
To use iSCSI disks during installation it is necessary to
add the following parameter to the kernel parameter line:
During installation, an additional screen appears that provides the possibility to attach iSCSI disks to the system and use them in the installation process.
Since SUSE Linux Enterprise Server 10 SP1 booting from an iSCSI server on i386, x86_64 and ppc is supported, when an iSCSI enabled firmware is used.
On ppc, a single bootfile (zImage.initrd) instead of yaboot is used.
Using EDD Information for Storage Device Identification
If you want to use EDD information
identify your storage devices, change the installer default
settings using an additional kernel parameter.
BIOS provides full EDD information (found in
Disks are signed with a unique MBR signature (found in
use_edd=1 to the kernel
parameters during initial installation.
The device-id list in the installer shows the EDD ID (such as edd_dev80_part1) instead of the default device-id name.
Select those device IDs for installation and
runtime (for example, in
Automatic installation with Autoyast in an LPAR (System z)
For automatic installation with Autoyast in an LPAR, it is required, that the parmfile used for such an installation has blank characters at the beginning and the end of each line (the first line need not to start with a blank). The number of character in one line should not exceed 80 characters.
linuxrc doesn't accept its proposed default values in System z LPAR installation
Pressing "Send" (enter) in linuxrc to confirm the proposed default value leads to no input. This can cause "*** Invalid Input." errors.
Recommendation: When running linuxrc in a System z LPAR console, instead of pressing "Send" (enter) to take the proposed default value, enter the value explicitly.
Adding DASD or zFCP disks during installation (System z)
The adding of DASD or zFCP disks is not only possible during the installation workflow, but also when the installation proposal is shown. To add disks at that stage please click on the "Expert" tab and scroll down. There the DASD and/or zFCP entry is shown. These added disks are not shown in the partitioner. To get the disks into the partitioner, you have to click on the expert label and select "reread partition table". This may reset any previously entered information.
Creating LVM or EVMS Volumes with DASDs (System z)
If want to create a LVM or EVMS volume with DASDs that are not formatted or partitioned this will fail. The DASDs can be formatted in the DASD activation panel. Creating a partition can be done in the partitioner by hitting the [create] button and specifying "do not format" and removing any mountpoints indicated.
Installation loops during network configuration if incorrect or incomplete parameters are entered. (System z)
In case of an erroneous configuration of a (e.g. qeth) device, the device does not get ungrouped automatically.
Perform the following steps to recover from a network device setup failure:
Enter "x" to get to the expert menu, then "3" to start a shell.
Enter "cd /sys/bus/ccwgroup/devices/<read channel number>" to get to the sysfs directory of the network device.
Enter "echo 0 >online" to put the device offline.
Enter "echo 1 >ungroup" to ungroup the device's channels.
Enter "exit" to return to linuxrc.
Enter "0" to continue with the installation.
Now you are ready to retry the network setup.
cxgb3 Adapter Support During Installation
If support for the cxgb3 adapter is required during the installation phase already, please make sure to also select the packages "ofed-1.4.1" and "ofed-kmp-ppc64-1.3.1" in the package selection of the installer.
This section includes update-related information for this Service Pack.
Technical Instruction Document 7008357 (http://www.novell.com/support/documentLink.do?externalID=7008357) contains additional documentation for upgrading an installed system to SUSE Linux Enterprise Server 10 Service Pack 4;
SPident reports an old Service Pack level
SPident is a tool to identify the Service Pack level of the current installation. It may report that the system has not reached the level of this Service Pack. This happens, when optional updates that are not automatically installed by YOU are not manually selected during update. If you use or need any packages which have optional updates, select these in order to reach the current Service Pack level.
Registration at the Novell Customer Center (NCC) may fail at the frist try.
During the update an connection error while doing the registration for NCC might happen due to a timing issue. Please go back and register again to solve the timing issue.
This release of SUSE Linux Enterprise Server ships with Novell AppArmor.
The AppArmor intrusion prevention framework builds a firewall around your
applications by limiting the access to files, directories, and POSIX
capabilities to the minimum required for normal operation. AppArmor
protection can be enabled via the AppArmor control panel, located
in YaST under Novell AppArmor. For detailed information about using Novell
AppArmor, see the documentation in
The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments.
If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. Place all your profiles into learning mode with the following: aa-complain /etc/apparmor.d/*
When a program generates many complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.
LD_ASSUME_KERNEL Environment Variable
Do not set the
variable any longer. In the past, it was possible to use it to
enforce LinuxThreads support, which was dropped. If you set
LD_ASSUME_KERNEL to a kernel version lower
than 2.6.5, everything breaks because ld.so
looks for libraries in a version that does not exist anymore.
New version of Tomcat
A version update of Tomcat was done, which requires more and new RPMs.
New on disk format of new Sysstat package
The new features of the new Sysstat package needs a new on disk format of the data files. After the update of the sysstat package the old collected data can no longer be used.
Changed order of starting network interface
The order in which network interfaces will be started has changed. The new order is now bond interfaces first, then vlan, dialup tunnel and finally bridge interfaces.
Becoming Superuser Using su
By default, calling su to become root does
not set the PATH for root. Either call su - to
start a login shell with the complete environment for root
/etc/default/su if you want to change the default
behavior of su.
Forwarding xauth keys between users with sux
The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.
NTP-Related Files Renamed
For reasons of compatibility with LSB (Linux Standard Base),
most configuration files and the init script were renamed from
Changed tar behavior in SUSE Linux Enterprise Server 10
Under SUSE Linux Enterprise Server 9, when extracting a directory from a tar archive that already existed as a symbolic link in the target directory, tar would overwrite the symlink with an actual directory. Under SUSE Linux Enterprise Server 10, tar leaves the symlink and places the contents of the archive within it.
To enforce the old behavior please use the option
--no-overwrite-dir when extracting an archive.
SUSE Linux Enterprise Server 9 set up the user environment with an unlimited stack size resource limit to work around restrictions in stack handling of multithreaded applications. With SUSE Linux Enterprise Server 10, this is no longer necessary and has been removed. The login environment now defaults to the kernel default stack size limit. To restore the old behavior, add
ulimit -Ss unlimited
/etc/profile.local. If you want an automatic
configuration of your resource limits suited to protect desktop
systems, you may want to install the
Mounting Encrypted Partitions
With SUSE Linux Enterprise Server 10, we switched to "cryptoloop" as the default encryption
module. SUSE Linux Enterprise Server 9 used twofish256 using
with 256 bits. Now we are using twofish256 using
cryptoloop with 256 bits. The old twofish256
is available as
Reconfiguring Intel and Nvidia Sound Drivers
When updating a system with the
module (for Intel, SIS, AMD, and Nvidia on-board chips), the
system might be unable to load the module at reboot, because the
joystick was removed from the
newer version. To fix the problem, reconfigure the sound system
Upgrading MySQL from SLES9 to SLES10
During the upgrade from SUSE Linux Enterprise Server9 to SUSE Linux Enterprise Server10 also MySQL is upgraded from 4.x to 5.x. To complete this migration you have also to upgrade your data as described in the MySQL documentation.
Migrating from PHP 4 to PHP 5
Although most existing PHP 4 code should work without changes, there are a few backwards-incompatible changes. Find a list of these changes at: http://www.zend.com/manual/migration5.incompatible.php
Switching from Heimdal to MIT Kerberos
MIT Kerberos is now used instead of heimdal. Converting an
existing Heimdal configuration automatically is not always
possible. During a system update, backup copies of configuration
files are created in
/etc with the suffix
.heimdal. YaST-generated configuration
/etc/krb5.conf are converted,
but check whether the results match your expectations.
Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the command
kadmin -l dump -d heimdal-db.txt
. This way, you can create a list of available principals that you can restore one-by-one using kdc from MIT Kerberos. Find more information about setting up a KDC in the documentation in the "krb5-doc" package.
To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for "Standard Domain", "Standard Realm", and "KDC Server Address".
MDNS and .local domain names
The .local top level domain is treated as link-local domain by the resolver. DNS requests are send as multicast DNS requests instead of normal DNS requests. If you already use the .local domain in your nameserver configuration you will have to switch this option off in /etc/host.conf. Please also read the host.conf manual page, more information on multicast DNS can be found on http://www.multicastdns.org.
MDNS can be disabled during installation by booting with the
nomdns option set.
Fine-Tuning Firewall Settings
SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP and Samba ("Network Neighborhood"). You can fine-tune the firewall settings using YaST.
CD/DVD device name on pSeries changed
With SUSE Linux Enterprise Server 10 SP1, the built-in CD/DVD drive on POWER3/POWER4 pSeries models p610/p615/p630 will be accessed with the libata kernel driver because it is more reliable. On all POWER5 models the libata driver is used to allow DLPAR hotplug operations.
This changes the kernel device name from
vsftpd with xinetd
Starting with SUSE Linux Enterprise Server 10, vsftpd can be configured independently or over the xinetd. The default is stand-alone. In previous versions, the default was xinetd.
To run it over xinetd, make sure that the service is enabled in the
xinetd configuration (
and set the following line in
Setting Up D-BUS for Interprocess Communication in .xinitrc
Many applications now rely on D-BUS for interprocess communication
(IPC). Calling dbus-launch starts
dbus-daemon. The systemwide
dbus-launch to start the window manager.
If you have a local
~/.xinitrc file, you
must change it accordingly. Otherwise applications might fail.
Save your old
Then copy the new template file into your home directory with:
cp /etc/skel/.xinitrc.template ~/.xinitrc
Finally, add your customizations from the saved
KDB is no longer available as a loadable module on all architectures except Itanium. KDB is only supported in the debug kernel.
cardmgr no longer manages PC cards. Instead,
as with Cardbus cards and other subsystems, a kernel module
manages them. All necessary actions are executed by
pcmcia start script
has been removed and cardctl is replaced by
For more information, see
Technology Preview features are not supported or only supported limitedly. These features are mainly included for customer convenience and may not be functionally complete, unstable or in other ways not suitable for production use.
Hot-Add of Memory
Hot-Add-memory is currently only supported on the following machines:
IBM xSeries x260
IBM xSeries single node x460
IBM xSeries x3800
IBM xSeries x3850
IBM xSeries single node x3950
If your machine is not listed, please call support, whether the machine has been successfully tested. Else a maintenance update will explicitly mention the general availability of this feature.
Huge Page Memory support via HMC on POWER
Huge Page Memory support (16GB pages, enabled via HMC) is not yet supported under Linux. Problems occur if huge pages are assigned to a partition in combination with eHEA / eHCA adapters. eHEA: Network interfaces can't be setup if huge page memory is assigned to the same partition.
The libhugetlbfs project shipped with SUSE Linux Enterprise Server 10 is a preview of application provision with transparent access to system huge pages. While the library provides an application with easy access to huge pages when sufficient huge pages have been previously allocated on the system, additional development and testing is required to provide a stable transition to normal pages in a production environment.
Read-Only Root Filesystem
It is possible to run SUSE Linux Enterprise Server 10 from Service Pack 2 on on a read-only root filesystem. Due to the huge number of possible configurations, this is currently not a supported scenario.
directories needs to be on a separate partition and cannot be
After the installation has finished and all services are configured, login as root and do the following modifications:
/etc/fstab and add "ro" to the mount
options of the root filesystem entry.
rm /etc/mtab ln -s /proc/mounts /etc/mtab mkdir /var/lib/hwclock mv /etc/adjtime /var/lib/hwclock ln -s /var/lib/hwclock/adjtime /etc/adjtime # the following two steps are only necessary if you use dhcp: mv /etc/resolv.conf /var/lib/misc/ ln -s /var/lib/misc/resolv.conf /etc/resolv.conf # Now mount root filesystem read-only and reboot mount -o remount,ro / reboot
The following list of current functionality is deprecated and will be removed with the next Service Pack or major SUSE Linux Enterprise Server release.
The JFS filesystem is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.
For the future strategy and development with respect to volume- and storage-management on SUSE Linux Enterprise System, please see: http://www.novell.com/linux/volumemanagement/strategy.html
The ippl package is deprecated and will be removed with SUSE Linux Enterprise Server 11.
powertweak package is deprecated and will be removed with SUSE Linux Enterprise Server 11.
CTC, ESCON, and IUCV IP interfaces are no longer officially supported. For compatibility reasons, they are still usable, but with the next release of SUSE Linux Enterprise Server, the support of these interfaces will be dropped completely.
For reasons of compatibility with SUSE Linux Enterprise Server 9, the mapped-base functionality is present in SUSE Linux Enterprise Server 10. This functionality is used by 32-Bit applications that need a larger dynamic data space (such as database management systems).
With SUSE Linux Enterprise Server 10, a similar functionality called flexmap is available. Because this is now the preferred way, mapped-base is deprecated and will vanish in future releases.
Individual Timeout Value for Each Direct AutoFS Mount
If there were two direct mounts with different timeouts configured, the second one was ignored and the first timeout value was used for both mount points.
AutoFS was patched to support individual timeout values for each direct mount.
Boot Device Larger Than 2 TiB
Due to limitations in the legacy x86/x86_64 BIOS implementations booting from devices larger than 2 TiB is technically not possible using legacy partition tables (DOS MBR).
To boot such systems, configure a separate boot partition with the YaST partitioner.
EVMS and /boot partition
In some cases it can happen, that the /boot partition
in an EVMS setup is no longer mountable after an update.
In this case please specify
as kernel boot option.
Known issue with the 8Gb/s LPe1200x HBAs and firmware version 2.00a3.
It has been found that possible issues may be encountered when the SLES10-SP4 distribution kernel is used with the in-box LPFC driver, on a system with 8Gb/s LPe1200x HBAs and firmware version 2.00a3. These issues could be encountered during fabric faults with multipathing, and visible symptoms include loss of LUNs and/or FC host hang.
If these issues are encountered it is recommended to do one of the following:
Downgrade the firmware revision of the 8Gb/s LPe1200x HBA to revision 1.11a5:
Modify the LPFC drivers lpfc_enable_npiv module parameter to zero:
You can accomplish this by doing either of the following:
When loading the LPFC driver from the initrd image (that is at system boot time), add the following line in the /etc/modprobe.conf file:
options lpfc lpfc_enable_npiv=0
and then re-build the initrd image.
When loading the LPFC driver dynamically, include the lpfc_enable_npiv=0 option in the insmod or modprobe command line.
For additional information on how to set the LPFC driver module parameters, refer to the Emulex Drivers for Linux User Manual.
Booting on machines with more than 480 GB RAM
64bit Machines with more than 480 GB RAM may refuse to boot with the following error message:
(XEN) **************************************** (XEN) Panic on CPU 0: (XEN) Not enough RAM for DOM0 reservation. (XEN) ****************************************
To avoid this error, it is recommended to always specify the Domain 0 Memory size with the boot parameter dom0_mem=VALUE on machine equipped with large amounts of RAM. Set the VALUE at or below the boundary of 480 GB—the difference is reserved for the hypervisor (to be used for guest VMs).
Permanently add this parameter to your boot loader configuration by adding the parameter dom0_mem=VALUE to your Xen kernel boot configuration. Either use YaST > System > Boot Loader or edit /boot/grub/menu.lst. See Section 2.3, “Managing Domain 0 Memory” (page 11) for more information.
Direct Device Assingment in XEN in a System with a PCIe switch.
Configuring Xen or KVM to do direct device assignment in a system that has a PCIe switch in the direct assignment path may result in unpredictable system behavior.
An I/O device directly assigned to a domain that uses guest physical addresses in upstream memory requests may conflict with the host physical memory addresses configured in the PCIe switch base address. When these I/O devices are connected through such a PCIe switch, the switch may mis-route these requests as peer-to-peer traffic. This could result in unpredictable system behavior, which may include incorrect data written into other unprotected devices or virtual machine.
Both systems and addin cards may contain a PCIe switch. Customers should check with their vendors to determine if a PCIe switch exists on their platforms or any of their add in cards. If there is such a switch on the platform, then the customer should not assign a PCIe device down stream from such a switch to a guest virtual machine.
As detailed in the following paragraph customers can use the output of the command `lspci' and `lspci -t' to see if there is a PCIe switch in their system and, if so, if any devices should not be directly assgned because they are downstream from that switch. Note that if the output of `lspci' does not show the presence of a PCIe switch then there is no danger in doing any direct assginment of PCI devices.
Consider the following synthetic example where the output of `lspci' contains:
00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 12) 01:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network Connection (rev 01) 0a:00.0 PCI bridge: PES4T4 PCI Express Switch 0d:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5751 Gigabit Ethernet PCI Express (rev 01)
Since there is a switch (device 0a:00.0) on this system the output of `lspci -t' shows:
-[0000:00]-+-00.0 +-01.0-[0000:01-02]--+-00.0 | +-0a.0-[0000:0d-0e]--+-00.0
From this topology it can be seen that there are 2 PCIe devices that can potentially be directly assigned, 01:00.0 and 0d:00.0. Since the first device, 01:00.0, is down stream from a bridge it is safe to directly assign that device to a virtual machine. The second device, 0d:00.0, is down stream from a PCIe switch and should not be directly assigned.
Suspend Power Management Features
The suspend power management features (specifically hibernate and sleep/standby) are not supported on servers running SUSE Linux Enterprise Server 10. These features may work on many systems, but cannot be guaranteed.
i586 and i686 Machine with more than 16 GB of Memory
Depending on the workload, i586 and i686 machines with 16GB-48GB of
memory can run into instabilities. Machines with more than 48GB
of memory are not supported at all. To run on such a machine,
lower the memory with the
mem= kernel boot option.
On such memory scenarios we strongly recommend to use a x86-64 with 64-bit SUSE Linux Enterprise Server and run the x86 applications on it.
Bootloader and mount by UUID or LABEL
When the way the root device is mounted (by UUID or by label) is changed in YaST, the boot loader configuration needs to be saved again to make the change effective for the boot loader.
The "mount by" setting displayed in the YaST2 boot loader module is the setting that will be in effect after saving the configuration.
EVMS Volumes Might Not Appear When Using iSCSI
If you have installed and configured an iSCSI SAN and have created and configured EVMS Disks or Volumes on that iSCSI SAN, your EVMS volumes might not be visible or accessible. This problem is caused by EVMS starting before the iSCSI service. iSCSI must be started and running before any disks or volumes on the iSCSI SAN can be accessed.
To resolve this problem, enter either chkconfig evms on or chkconfig boot.evms on at the Linux server console of every server that is part of your iSCSI SAN. This ensures that EVMS and iSCSI start in the proper order each time your servers reboot.
Reset behavior of MAC addresses on POWER 6 eHEA Adapter
The reset behavior of the Power 6 eHEA (Host Ethernet Adapter) depends on the firmware level and the way the Linux system is restarted. The system can be restarted in one of the four ways:
Reboot triggered from within the LPAR
Via HMC: Use "Restart" command
Via HMC: Use "Shut Down" command. Then use "Activate" command.
Restart entire Machine, then activate the partition.
The firmware behavior concerning MAC address resetting differs between the methods described above and between different firmware revisions. The relevant firmware version is encoded in the last 3 digits of the EC number shown in the update menu of the HMC.
Value of 330 or bigger: Mac addresses are reset to default values for all four restart methods
Value smaller than 330:
Mac addresses are not reset for restart method 1, 2, 3.
Mac addresses are reset to default values for method 4.
Setting up bonding on a POWER 6 eHEA Adapter
eHEA ethernet devices can be bound to a bonding device. When removing the bonding device it is important to detach all ehea ethernet devices from the bonding device before unloading the bonding module. Otherwise the unload operation will hang.
modprobe bonding mode=active-backup miimon=10 ifconfig bond0 A.B.C.D up ifenslave bond0 eth0 [where eth0 is an ehea] ....systemstart finished... ....shutdown started... ifenslave -d bond0 eth0 #<--- this is important rmmod bonding
cpio and files larger 4GB
cpio is not able to add files larger than 4GB to an archive.
KDE and IPv6 Support
By default, IPv6 support is not enabled for KDE. You can enable it using the /etc/sysconfig editor of YaST. This feature is disabled because IPv6 addresses are not properly supported by all Internet service providers and, as a consequence, would lead to error messages while browsing the Web and delays while displaying Web pages.
Installing/Updating on IBM System z9
When installing SUSE Linux Enterprise Server 10 on a System z9, some restrictions apply through hardware or software. Some of these restrictions are part of these Release Notes. For an updated list, refer to http://www-128.ibm.com/developerworks/linux/linux390/october2005_restrictions.html.
For IBM System z9 machines ensure to have MCF RJ9967101E or IBM System z9 GA3 base driver installed. Otherwise Linux reboot will not work.
Using Disks in z/VM (System z)
If SUSE Linux Enterprise Server 10 is installed on disks in z/VM, which reside on
the same physical disk, the created access path
/dev/disk/by-id/) is not unique.
The ID of a disk is the ID of the underlying disk. So if two
or more disk are on the same physical disk, they all have the same ID.
To avoid this ambiguity, please use the access path by-path. This can be specified during the installation when the mount points are defined.
The above restriction does not apply for SLES10 SP2 (which has a fix for Problem-ID 34345 and 43704), if you have the z/VM PTF for APAR VM64273, with which z/VM provides a unique identifier that allows to distinguish between virtual disks on the same real device. Udev rules that provide both old and new /dev/disk/by-id paths are included. To use the new IDs in your multipath setup, please replace the getuid_callout "/sbin/dasdinfo -u -b %n" with "/sbin/dasdinfo -x -b %n" in your multipath configuration for DASD devices. Please see the man page for the dasdinfo tool for additional information.
Local Mounts of iSCSI Shares
An iSCSI shared device should never be mounted directly on the local machine. In an OCFS2 environment, doing so causes all hardware to hard hang.
Restriction When Using cpint/hcp (System z)
When using the cpint/hcp interface with z/VM 5.1 or earlier, the guest should not have more than 2 GByte of storage. If the guest has more storage, the command may fail.
YaST2 CD-Creator and YUM installation sources
The YaST2 CD-Creator module does not support YUM installation sources like our update server provides. For this reason, it is not possible to create a medium with updates included. If you want to create a medium with updates included, use YaST2 Product-Creator.
YaST2 Product-Creator is a successor of YaST2 CD-Creator. It includes a GUI for the kiwi imaging system. This way it is also possible to create a Live-CD, XEN image, etc. from the same configuration used in the CD Creator. The Product-Creator will get shipped together with the SDK.
Be aware that selecting all patterns will cause the VMI kernel to be installed and set as the default boot kernel. VMI is intended only for VMware guests and is not guaranteed to boot on bare metal.
If you do not intend to install the VMI kernel, deselect the package by choosing "Details", then search for VMI package and clear the installation checkbox.
Firmware for Brocade FC adapter
If a Brocade FC adapter is installed after the installation of the OS, please make sure to install the firmware via YaST Software Management (package brocade-firmware) in addition. Otherwise the driver will fail to support the new device.
Issues when trying to install with 128GB of physical memory
During the installation on the x86_64 platform you may encounter the following error message when the system has 128 Gigabytes (GB) of physical memory installed:
CI-Direct Memory Access (DMA): Using software bounce buffering for I/O (SWIOTLB) low bootmem alloc of 67108864 bytes failed! Kernel panic - not syscing: Out of low memory.
This can be solved by adding the parameter "swiotlb=512" to "Boot Options" at the beginning of the installation screen.
This Service Pack contains all the latest bugfixes for each package released via the maintenance Web since the GA version.
This Service Pack contains all the latest security fixes for each package released via the maintenance Web since the GA version.
Program Temporary Fixes
This Service Pack contains all the PTFs (Program Temporary Fix) for each package released via the maintenance Web since the GA version which were suitable for integration into the maintained common codebase.
This section contains a number of technical changes and enhancements for the experienced user.
OCFS2 options needed for SAP
As part of our collaboration with SAP, we have worked intensively on improving the performance of our ocfs2 cluster filesystem to meet the high demands in the SAP BIA/BWA environment. Some improvements (like the better handling of huge numbers of locks) benefit all customers automatically, while some others need specific mkfs and mount options. These will be shortly described here. There are a few specific tradeoffs to be made:
data consistency vs. write performance
Sidenote: ocfs2 only supported writeback until SLES10SP1.
This puts constraints how the OS can optimize the ordering of writes to storage. The journal option implements data journaling; this is the mode safest against data loss by power loss or such, but will result in all data being written to storage twice, thus having a serious impact on write performance. The ordered option will write data just once and will make sure that the metadata updates in the journal and the data writes are ordered such that no stale data would be exposed. writeback provides the best performance, but can result in lost writes in case of power outage. For SAP BIA, this risk is uncritical (a table will need to be rebuilt).
sparse support vs. fragmentation
Sidenote: sparse files in ocfs2 are only supported since SP2.
The support for sparse files results in a higher tendency for the filesystem to fragment. The old allocator that did not have to deal with sparse files and which can be selected by the mount option legacy_prealloc (if the FS is created without sparse support) does a decent job at avoiding fragmentation at the expense of not being as space efficient. Use mkfs --fs-features=nosparse and mount -o legacy_prealloc to use the non-sparse allocator.
Other options: We additionally recommend a cluster size -C 64k (mkfs option) and to use the mount option noatime for SAP BIA.
Locale Settings in
If you are not satisfied with locale system defaults, change
the settings in
~/.i18n. Entries in
~/.i18n override system defaults from
/etc/sysconfig/language. Use the same
variable names but without the
prefixes, for example, use
LANG instead of
RC_LANG. For information about locales in
general, see "Language and Country-Specific Settings" in the
Configuration of kdump
The kernel is crashing or otherwise misbehaving and a kernel core dump needs to be captured for analysis.
A description on how to setup kdump can be found under the following URL: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3374462&sliceId=SAL_Public
When running real-time applications on larger systems, lower
maximum latencies can be achieved by employing the new
disable_buffer_lru kernel command-line option.
This disables the per-CPU LRU in the buffer cache, and may thus
decrease overall filesystem performance.
JPackage Standard for Java Packages
Java packages are changed to follow the JPackage Standard
(http://www.jpackage.org/). Read the
Loading unsupported kernel drivers
To load unsupported kernel drivers automatically during boot,
set the sysconfig variable
/etc/sysconfig/hardware/config to "yes".
Already introduced for SUSE Linux Enterprise Server 9 on the x86-64 (AMD64) architecture with 64-bit kernels, the Linux kernel in SUSE Linux Enterprise Server also supports nonexecutable stack (NX) on x86 for CPUs that support it (Intel Prescott and AMD64) with 32-bit kernels. For this to work, the kernel with PAE support, kernel-bigsmp, must be installed. Go into YaST and install that kernel instead of your default kernel. For 64-bit kernels, all kernels support NX.
The nonexecutable stack improves the security of your system. Many security vulnerabilities are stack overflows, where an attacker overwrites the stack of your program by feeding oversized data to the application that fails to properly check the length. Depending on the details of the program, with nonexecutable stack, these vulnerabilities may either not be exploitable (and only crash the program, resulting in a DoS) or at least be significantly harder to exploit.
Some applications do require executable stacks. The compiler detects this during compilation and marks the binaries accordingly. The kernel enable an executable stack for them to allow them to work.
On x86-64, to provide a higher level of security, the user can
noexec=on on the kernel command line.
The kernel then uses a nonexecutable stack unconditionally and
also marks the data section of a program nonexecutable. This
provides a higher protection level than just the nonexecutable
stack, but potentially causes problems for some applications.
Novell has not found any problems during testing the most commonly
used applications and services. Because it is not the default,
this has not been tested as extensively as the stack protection
alone, so Novell only recommends this setup for servers after the
administrator has verified that all needed services continue
to function properly.
Start server with plain vga and displayed messages
In some cases, the usage of a special vga mode parameter (e.g. "vga=0x317") might slow down the boot process of a SLES server. The boot process can be quickened by setting the kernel parameter "vga=normal" in /boot/grub/menu.lst instead of using a special vga mode.
Moreover, to be able to see an occurring kernel oops or similar on the console, it's useful to remove the kernel parameter "splash=silent" from the respective entry in /boot/grub/menu.lst.
Read the READMEs on the DVDs.
Get the detailed changelog information about a particular package from the RPM (with filename <FILENAME>):
rpm --changelog -qp <FILENAME>.rpm
ChangeLog file in the top level of DVD1 for
a chronological log of all changes made to the updated packages.
Find more information in the
of DVD1 of the SUSE Linux Enterprise Server 10 DVDs. This directory includes PDF versions
of the SUSE Linux Enterprise Server 10 startup and preparation guides.
http://www.suse.com/documentation/sles10/ contains additional or updated documentation for SUSE Linux Enterprise Server 10.
These Release Notes are identical across all architectures. The latest version is available online at http://www.suse.com/releasenotes/x86_64/SUSE-SLES/10-SP4/, http://www.suse.com/releasenotes/s390x/SUSE-SLES/10-SP4/, etc.
Visit http://www.suse.com for the latest Linux product news from SUSE and http://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.