Release Notes for SUSE Linux Enterprise Server 10 SP 1 for IBM(R) zSeries(R)

SP1 and GA Release Notes

These release notes cover the following areas:

General

Restrictions installing on System z9

When installing SLES 10 on a System z9, some restrictions apply through hardware or software. Some of these restrictions are part of these Release Notes. For an updated list, refer to http://www-128.ibm.com/developerworks/linux/linux390/october2005_restrictions.html.

SNIPL

SNIPL (simple network IPL) was added to SLES10.

SNIPL in the z/VM environment

Please look into redbook "Systems Management Application Programming" (http://www.redbooks.ibm.com/redpapers/pdfs/redp3882.pdf) on page 2.

SNIPL in the LPAR environment

To use SNIPL in the LPAR environment the Support Element (SE) has to be configured.

Steps one to four have to be repeated on the HMC.

Novell AppArmor

This release of SUSE Linux Enterprise Server ships with Novell AppArmor. The AppArmor intrusion prevention framework builds a firewall around your applications by limiting the access to files, directories, and POSIX capabilities to the minimum required for normal operation. AppArmor protection can be enabled via the AppArmor control panel, located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see the documentation in /usr/share/doc/packages/apparmor-docs.

The AppArmor profiles included with SUSE Linux have been developed with our best efforts to reproduce how most users use their software. The profiles provided work unmodified for many users, but some users find our profiles too restrictive for their environments.

If you discover that some of your applications do not function as you expected, you may need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. Place all your profiles into learning mode with the following: aa-complain /etc/apparmor.d/*

When a program generates many complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.

Fine-Tuning Firewall Settings

SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP, Samba ("Network Neighborhood"), and some games. You can fine-tune the firewall settings using YaST.

vsftpd with xinetd

Starting with SUSE Linux Enterprise 10, vsftpd can be configured independently or over the xinetd. The default is stand-alone. In previous versions, the default was xinetd.

To run it over xinetd, make sure that the service is enabled in the xinetd configuration (/etc/xinetd.d/vsftpd) and set the following line in /etc/vsftpd.conf:

listen=NO

Online Update From Behind a Mandatory Proxy Server

If you cannot access https://update.novell.com directly but via a mandatory proxy server, proceed as explained in the Technical Information Document (TID) at http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3377050&sliceId=SAL_Public

Required service Level of z/VM 5.1

To run SLES 10 Service Pack 1 on z/VM 5.1 it is required that the service level is 0502 or higher.

This service level includes APAR VM63742. For further information please look at http://www.vm.ibm.com/service/rsu/

KDE and IPv6 Support

By default, IPv6 support is not enabled for KDE. You can enable it using the /etc/sysconfig editor of YaST. This feature is disabled because IPv6 addresses are not properly supported by all Internet service providers and, as a consequence, would lead to error messages while browsing the Web and delays while displaying Web pages.

Realtime Applications

When running real-time applications on larger systems, lower maximum latencies can be achieved by employing the new disable_buffer_lru kernel command-line option. This disables the per-CPU LRU in the buffer cache, and may thus decrease overall filesystem performance.

Heartbeat 2

Heartbeat 2 documentation in addition to that provided in the SLES 10 Administration Guide can be found at http://www.novell.com/documentation/sles10/hb2/data/hb2_config.html.

The sapinit RPM package

The "sapinit" RPM package has been updated to version 2.0.1. This version fixes a long standing problem of not being able to adequately setting various kernel parameters for an SAP system.

With this new version, it is now possible easily to set various important kernel parameters by usage of the configuration parameters found in the file "/etc/sysconfig/SAPinit", either using YaST or by directly editing this file, although this usually should not be necessary, while the various parameters are now also assigned reasonable default values taken from the relevant SAP notes.

The configuration file "/etc/sysctl.conf" as well as "/etc/fstab" is now automatically updated by the "/usr/sbin/SAPinit" script (which is run at each restart of the system, or manually from the command line by the user), to reflect the defined values used for the various kernel parameters as defined in "/etc/sysconfig/SAPinit".

For further informations, refer to "/etc/sysconfig/SAPinit", "/usr/share/doc/packages/sapinit/README", and "/usr/sbin/SAPinit".

Update

Supported Update Paths

Updates from SLES 9 to SLES 10 are supported starting from one of the following bases:

Update a system by starting the SLES 10 installation system and choosing Update instead of New installation. To verify whether one of the above variants is installed, you can use the tool SPident -vv. This shows the current level of your system.

Migration to SP1 with Kernel Module Packages / Add-on products installed

SUSE Linux Enterprise 10 products offer various migration paths for updating the system to Service Pack 1. We recommend to pay extra attention if you plan to migrate your system that has an Add-on product or Kernel Module Packages (e.g 3rd party drivers from ATI/nVidia) installed.

Updating the system via PatchCD is only possible if no further installation source (e.g. SDK) was registered previously. In case you depend on this update path the workaround is to provide the PatchCD via FTP/NFS/HTTP as installation source.

Please find further information at http://developer.novell.com/wiki/index.php/Migration_to_SP1_with_Add-on_and_kmps

Changed tar behavior in SLES 10

Under SLES 9, when extracting a directory from a tar archive that already existed as a symbolic link in the target directory, tar would overwrite the symlink with an actual directory. Under SLES 10, tar leaves the symlink and places the contents of the archive within it.

To enforce the old behavior please use the option --no-overwrite-dir when extracting an archive.

Switching from Heimdal to MIT Kerberos

MIT Kerberos is now used instead of heimdal. Converting an existing Heimdal configuration automatically is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf are converted, but check whether the results match your expectations.

Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the command kadmin -l dump -d heimdal-db.txt. This way, you can create a list of available principals that you can restore one-by-one using kdc from MIT Kerberos. Find more information about setting up a KDC in the documentation in the "krb5-doc" package.

To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for "Standard Domain", "Standard Realm", and "KDC Server Address".

LD_ASSUME_KERNEL Environment Variable

Do not set the LD_ASSUME_KERNEL environment variable any longer. In the past, it was possible to use it to enforce LinuxThreads support, which was dropped. If you set LD_ASSUME_KERNEL to a kernel version lower than 2.6.5, everything breaks because ld.so looks for libraries in a version that does not exist anymore.

ulimits

SUSE Linux Enterprise Server 9 set up the user environment with an unlimited stack size resource limit to work around restrictions in stack handling of multithreaded applications. With SUSE Linux Enterprise Server 10, this is no longer necessary and has been removed. The login environment now defaults to the kernel default stack size limit. To restore the old behavior, add "ulimit -Ss unlimited" to /etc/profile.local. If you want an automatic configuration of your resource limits suited to protect desktop systems, you may want to install the "ulimit" package.

Upgrading MySQL from SLES9 to SLES10

During the upgrade from SLES9 to SLES10 also MySQL is upgraded from 4.x to 5.x. To complete this migration you have also to upgrade your data as described in the MySQL documentation.

Migrating from PHP 4 to PHP 5

Although most existing PHP 4 code should work without changes, there are a few backwards-incompatible changes. Find a list of these changes at:

http://www.zend.com/manual/migration5.incompatible.php

Installation

Using iSCSI Disks When Installing

To use iSCSI disks during installation it is necessary to add the following parameter to the kernel parameter line:

withiscsi=1

During installation, an additional screen appears that provides the possibility to attach iSCSI disks to the system and use them in the installation process.

SLES10 SP1 supports booting from an iSCSI server on i386, x86_64 and ppc, when an iSCSI enabled firmware is used.

On ppc, a single bootfile (zImage.initrd) instead of yaboot is used.

MD Devices on top of iSCSI

iSCSI devices cannot be used for Linux Software RAID. Using MD devices on top of iSCSI triggers a cyclic dependency that leads to a crash.

Using qla3xxx and qla4xxx driver at the same time

QLogic iSCSI Expansion Card for IBM BladeCenter provides both Ethernet and iSCSI functions. Some parts on the card are shared by both functions. The current qla3xxx and qla4xxx drivers support Ethernet and iSCSI function individually. They do not support using both functions at the same time. Using both Ethernet and iSCSI functions at the same time may hang the device and cause data lost and filesystem corruptions on iSCSI devices or network disruptions on Ethernet.

The qla3xxx (ethernet) and qla4xxx (iSCSI) drivers work good individually. However, when both drivers are active at the same time, one of the driver would hang or lost connection. The consiquences are network disruption and iSCSI target filesystem corruption.

Caveats with root on LVM

Do not use the /dev/mapper device path for the root= kernel parameter. /dev/mapper is an internal name of the LVM2 system. Instead use the proper LVM notation /dev/VG/LV, as in /dev/system/root for the logical volume root on volume group system.

Adding DASD or zFCP disks during installation

The adding of DASD or zFCP disks is not only possible during the installation workflow, but also when the installation proposal is shown. To add disks at that stage please click on the "Expert" tab and scroll down. There the DASD and/or zFCP entry is shown. These added disks are not shown in the partitioner. To get the disks into the partitioner, you have to click on the expert label and select "reread partition table". This may reset any previously entered information.

Using Disks in z/VM

If SLES 10 is installed on disks in z/VM, which reside on the same physical disk, the created access path (/dev/disk/by-id/) is not unique. The ID of a disk is the ID of the underlaying disk. So if two or more disk are on the same physical disk, they all have the same ID.

To avoid this ambiguity, please use the access path by-path. This can be specified during the installation when the mount points are definied.

To change from by-id to by-path please perform the following steps:

Creating LVM or EVMS Volumes

If want to create a LVM or EVMS volume with DASDs that are not formatted or partitioned this will fail.

The DASDs can be formatted in the DASD activation panel.

Creating a partition can be done in the partitioner by hitting the [create] button and specifying "do not format" and removing any mountpoints indicated.

EVMS Volumes Might Not Appear When Using iSCSI

If you have installed and configured an iSCSI SAN and have created and configured EVMS Disks or Volumes on that iSCSI SAN, your EVMS volumes might not be visible or accessible. This problem is caused by EVMS starting before the iSCSI service. iSCSI must be started and running before any disks or volumes on the iSCSI SAN can be accessed.

To resolve this problem, enter either chkconfig evms on or chkconfig boot.evms on at the Linux server console of every server that is part of your iSCSI SAN. This ensures that EVMS and iSCSI start in the proper order each time your servers reboot.

Installation using Persistent Device names

If you plan to add additional storage devices to your system after the OS installation, we strongly recommend to use persistent device names for all storage devices during installation. The installer by default uses the kernel device names.

How to proceed:

During installation, enter the partitioner. For each partition, select "Edit" and go to the "FStab Options" dialog. Any mount option except "Device name" provide you persistent devicenames.

To switch an already installed system to using persistent device names, proceed as described above for all existing partitions. In addition, rerun the boot loader module in YaST to switch the bootloader to using the persistent device name also. Just start the module and select "Finish" to write the new proposed configuration to disk. This needs to be done before adding new storage devices.

For forther information please look at http://en.opensuse.org/Persistant_Storage_Device_Names.

Patches Required for SLES 10 on z/VM

If SLES 10 should run on z/VM, it is required that the following APARs and patches are installed:

For further information please look at http://www-1.ibm.com/support/docview.wss?uid=isg1VM63771

Installing SLES 10 on z/VM

When using re-IPL for Linux on zSeries z/VM guests, ensure that you have installed the PTFs for APAR VM63742:

Otherwise reboot under z/VM will not work anymore.

Using a VSWITCH on z/VM

If SLES 10 should use a VSWITCH on z/VM, it is required that the APAR VM63705 and the following patches are installed:

In addition to the above, the APAR PQ83743 for th TCP/IP stack and its prerequired APARs should be installed.

Using QIOassist

To install SLES 10 SP1 on z990 with QIOassist=on requires
EC Level: J13484 MCL No: 177

When using VMguest the following APAR is required
zVM APAR VM63838

Install on z9 with QIOassist=on is not supported yet.
Workaround is to install with QIOassist=off

Automatic installation with Autoyast in an LPAR

For automatic installation with Autoyast in an LPAR, it is required, that the parmfile used for such an installation has blank characters at the beginning and the end of each line (the first line need not to start with a blank). The number of character in one line should not exceed 80 characters.

Mounting Encrypted Partitions

With SUSE Linux Enterprise Server 10, we switched to "cryptoloop" as the default encryption module. SUSE Linux Enterprise Server 9 used twofish256 using loop_fish2 with 256 bits. Now we are using twofish256 using cryptoloop with 256 bits. The old twofish256 is available as twofishSL92.

Bootloader and mount by UUID or LABEL

When the way the root device is mounted (by UUID or by label) is changed in YaST, the boot loader configuration needs to be saved again to make the change effective for the boot loader.

The "mount by" setting displayed in the YaST2 boot loader module is the setting that will be in effect after saving the configuration.

Technical

JFS: Not Supported Anymore

JFS is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.

Loading unsupported kernel drivers

To load unsupported kernel drivers automatically during boot, set the sysconfig variable LOAD_UNSUPPORTED_MODULES_AUTOMATICALLY in /etc/sysconfig/hardware/config to "yes".

Hotplug Events Handled by the udev Daemon

Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead udevd calls all hotplug helper tools directly, according to its rules. udev rules and helper tools are provided by udev and various other packages.

XFS Performance degradation

Users of the XFS filesystem may see degraded performance when upgrading from SLES10 to SLES10-SP1. Typical symptoms will be slow file creation, removal and attribute manipulation. The degraded performance may be seen on LVM, device mapper or MD/RAID1 based filesystems and are a result of barriers being incorrectly enabled on these devices. Performance can be restored by applying the "nobarrier" mount option in /etc/fstab.

Becoming Superuser Using su

By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change the default behavior of su.

Forwarding xauth keys between users with sux

The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.

CPU scheduler on machines with Multiple CPUs

By default, the kernel tries to keep threads on the local CPU (and local node on NUMA machines). Depending on the application, this may not deliver the best performance, especially applications with a large working set for each thread tend to perform better when being scheduled to different nodes because they can then use caches of multiple nodes.

With the following sysctl, this behavior is changed. By setting the sysctl variable kernel.affinity_load_balancing to 1, the scheduler no longer tries to keep thread local to a CPU.

WARNING

Using this sysctl on the wrong application scenario may degrade system performance.

JPackage Standard for Java Packages

Java packages are changed to follow the JPackage Standard (http://www.jpackage.org/). Read the documentation in /usr/share/doc/packages/jpackage-utils/ for information.

Locale Settings in ~/.i18n

If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes, for example, use LANG instead of RC_LANG. For information about locales in general, see "Language and Country-Specific Settings" in the Reference Manual.

Setting Up D-BUS for Interprocess Communication in .xinitrc

Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.

If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise applications might fail. Save your old ~/.xinitrc. Then copy the new template file into your home directory with:

cp /etc/skel/.xinitrc.template ~/.xinitrc

Finally, add your customizations from the saved .xinitrc.

NTP-Related Files Renamed

For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:

/etc/slp.reg.d/ntp.reg

/etc/init.d/ntp

/etc/logrotate.d/ntp

/usr/sbin/rcntp

/etc/sysconfig/ntp

Known Problems with KDB

Entering KDB code breakpoints on multiple CPUs in parallel can lead to deadlocks.

mapped-base Functionality

For reasons of compatibility with SLES 9, the mapped-base functionality is present in SLES 10. This functionality is used by 32-Bit applications that need a larger dynamic data space (such as database management systems).

With SLES 10, a similar functionality called flexmap is available. Because this is now the preferred way, mapped-base is deprecated and will vanish in future releases.

CTC, ESCON, and IUCV IP interfaces are no longer supported

CTC, ESCON, and IUCV IP interfaces are no longer officially supported. For compatibility reasons, they are still usable, but with the next release of SUSE Linux Enterprise Server, the support of these interfaces will be dropped completely.

I/O Scheduler

SLES 10 provides different I/O schedulers. The scheduler can be set per disk. The general default is deadline. This default may be modified by the device driver or by the user with

echo keyword > /sys/block/dasda/queue/scheduler

where keyword is one of the following:

noop anticipatory deadline cfq

WARNING

Changing the scheduler may seriously impact the system performance.

The default (by the kernel or the device driver) has been shown to be the best selection. There may be setups where this is not true.

Restriction When Using cpint/hcp

When using the cpint/hcp interface, the guest should not have more than 2 GByte of storage. If the guest has more storage, the command may fail.

libhugetlbfs

The libhugetlbfs project shipped with SLES 10 is a preview of application provision with transparent access to system huge pages. While the library provides an application with easy access to huge pages when sufficient huge pages have been previously allocated on the system, additional development and testing is required to provide a stable transition to normal pages in a production environment.

Multipath and Device Mapper

The default mdadm.conf (and lvm.conf) do not work properly with multipathed devices. By default, both md and LVM2 scan physical devices only and ignore any symlinks or device-mapper devices.

This does not work for multipathed devices as there we have to omit all physical devices and scan devices in /dev/disk/by-name only (as these are the correct multipathed devices).

If there was a previous MD installation you'll have either modify mdadm.conf to handle the devices correctly (by using the line 'DEVICES /dev/disk/by-name/*') or clear the md superblock altogether.

Root Partition on Multipath

A root partition on multipath is only supported if the /boot partition is on a separate, nonmultipathed partition. Otherwise no bootloader is written.

Preventing the Loading of Unused Drivers

During boot, there may be drivers loaded that are not needed at runtime. To prevent this load at boot time, insert the following line into /etc/modprobe.conf.local:

install driver-name /bin/true

Replace driver-name with the actual name of the module.

WARNING

Be very careful. Inserting the wrong module name may lead to an unusable system.

HP MSA1000 SAN

With SLES 10 running on a HP MSA1000 SAN, whenever a disk fails or faults, MSA1000 SAN requires the failed or faulted disk to be removed from the disk array and re-created. By re-creating the disk, the disk array reshuffles the order of the disks in the SAN. The re-created disk will be pushed to the last device in the array.

Local Mounts of iSCSI Shares

An iSCSI shared device should never be mounted directly on the local machine. In an OCFS2 environment, doing so cause all hardware to hard hang.

Providing Feedback to Our Products

On the top level of the first CD, find a very detailed ChangeLog. Also read the READMEs on the CD.

If you encounter a bug, please report it through your support contact.

Your SUSE Linux Enterprise Team

Sat Nov 10 01:02:08 UTC 2007