ALP Release Notes #
This document provides an overview of high-level general features, capabilities, and limitations of ALP and important product updates.
1 About the release notes #
These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.
Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.
Release notes usually only list changes that happened between two subsequent releases. +Certain important entries from the release notes of previous product versions are repeated. +To make these entries easier to identify, they contain a note to that effect.
However, repeated entries are provided as a courtesy only. +Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. +If you are only reading the release notes of the current release, you could miss important changes.
1.1 Documentation and other information #
1.1.1 Available on the product media #
Read the READMEs on the media.
Get the detailed change log information about a particular package from the RPM (where
FILENAME.rpm
is the name of the RPM):rpm --changelog -qp FILENAME.rpm
Check the
ChangeLog
file in the top level of the installation medium for a chronological log of all changes made to the updated packages.Find more information in the
docu
directory of the installation medium of ALP . +This directory includes PDF versions of the ALP Installation Quick Start Guide.Get list of manual pages with usage information about a particular package from the RPM (where
FILENAME.rpm
is the name of the RPM):rpm --docfiles -qp FILENAME.rpm | grep man
1.1.2 Online documentation #
For the most up-to-date version of the documentation for ALP , see:
2 SUSE Linux Enterprise Micro #
SUSE Linux Enterprise Micro is a modern operating system primarily targeted for edge computing. This document provides a high-level overview of features, capabilities, and limitations of SUSE Linux Enterprise Micro 6.0.
2.1 Changes affecting all architectures #
Information in this section applies to all architectures supported by SLE Micro 6.0.
2.2 Installation #
2.2.1 Installation media #
Image based deployment images
Base OS Image (Base OS + podman only)
Plus QCOW version of this image (x86_64, aarch64. S390x)
Plus VMware (VMDK) version of this image (x86_64)
OS image (Base OS, salt-minion, KVM + libvirt packages)
Plus QCOW version of this image (x86_64, aarch64. S390x)
Plus VMware (VMDK) version of this image (x86_64)
OS image with RT kernel (x86_64 only), no KVM support on this image
Base OEM image – self-installation image (Base OS + podman only) for x86_64
OEM image – self-installation image (Base OS, salt-minion, KVM + libvirt packages) for x86_64
OEM image with RT kernel – self-installation image, no KVM support on this image for x86_64
Images other than QCOW or VMDK target bare metal deployments.
2.2.2 Additional container images #
SUSE Toolbox container for debugging, based on current SLE 15 SP, provided via registry.suse.com
PCP container image (unmodified)
2.2.3 High-level requirements #
Use of SLE Micro without a container runtime is only supported when SLE Micro is used as a KVM host and workloads are installed into KVM virtual machines. +Running workloads directly on the OS is not supported, with the exception of system management software.
2.2.4 Installation modes #
SUSE Linux Enterprise Micro 6.0 only supports deployment via images. +An installer based installation method is not offered.
Customization of the installation process with the provided images can be done with Ignition and Combustion (pre-configured images and self-installing images).
We will offer select images with support for cloud-init with a later milestone.
2.2.5 Supported architectures #
Intel/AMD 64bit (
x86_64
)Arm 64bit (
aarch64
)IBM Z (
s390x
)
2.2.6 Upgrade path #
An online migration of existing SUSE Linux Enterprise Micro 5.5 installations to SUSE Linux Enterprise Micro 6.0 is possible and is fully supported.
+Upgrading from SUSE Linux Enterprise Micro 5.5 is only possible via the transactional-update
tool.
+For the upgrade procedure, refer to https://documentation.suse.com/sle-micro/6.0/html/SLE-Micro-all/book-upgrade-slemicro.html
2.2.7 Change in installation methods #
With previous releases we supported manual installation via a YaST based image. +With SLE Micro we have dropped support for this installation method and only focus on RAW image based deployments. +The SelfInstall image variant has been extended to allow setting of various parameters to direct it and also enable an unattended installation using the SelfInstall image.
2.2.8 Installing SUSE Linux Enterprise Micro #
2.2.8.1 Unattended installation with Yomi (technology preview) #
To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi. +Installation with Yomi is a technology preview.
2.2.8.2 Deploying pre-built images #
SLE Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. +SLE Micro is also provided as images for specific hardware device with a customized software selection.
For a procedure of deploying an image refer to https://documentation.suse.com/sle-micro/6.0/html/SLE-Micro-all/part-raw-image.html
In addition to media provided by SLE Micro 5.4, this release includes qcow2 images for aarch64 and x86_64.
2.3 General features and fixes #
2.3.1 Full-disk encryption #
SLE Micro is focused on distributed infrastructures/Edge deployments, which means systems running SLE Micro are not necessarily within DCs or secure locations. +We therefore have improved our security story and added support for full disk encryption (FDE) to SLE +Micro.
2.3.2 Confidential compute #
We are offering capabilities for confidential compute on SLE Micro via the included virtualization stack.
2.3.3 1:1 web-based system management #
Since SUSE Linux Enterprise Micro is positioned to be used within decentralized infrastructures including Edge use cases and Industrial Edge, a system management based on current YaST2 is not within scope. +Specifically, for Industrial Edge, a basic web-based system management was required. We have chosen the cockpit project as a base for that. +Therefore, the cockpit packages are added to the common code base and adjusted for the Immutable OS setup of SUSE Linux Enterprise Micro.
2.3.4 Real-time kernel #
For the Intel/AMD 64bit architecture (x86_64) the real-time (rt) kernel is provided in addition to the default kernel. +Support for RT includes support for Kernel Live Patching on the RT kernel. +Note: When using the RT kernel, KVM is not supported, and workloads need to be run within containers +Containers need special treatment with RT.
2.3.5 Security/security framework #
With SUSE Linux Enterprise we fully support AppArmor and in addition provide the framework for SELinux – without providing and supporting a policy for SELinux. +On SUSE Linux Enterprise Micro we do not support AppArmor. +SUSE Linux Enterprise Micro only supports SELinux and in addition we ship a supported policy. +On top of that, we will look into providing dedicated SELinux policies for the containers we already provide or support on top of SUSE Linux Enterprise Micro (PCP and Nvidia). +SUSE Linux Enterprise Micro 6.0 will have SELinux in enforced mode as a default.
2.3.6 Podman upgrade from 4.3.X. to 4.7.1 #
Podman 4.7 is a major release with tons of new features and extensive bug fixes compared to Podman 4.3. Individual changes are to be found upstream https://github.com/containers/podman/blob/main/RELEASE_NOTES.md
Podman 4.x brings a new container network stack based on Netavark, the new container network stack and Aardvark DNS server in addition to the existing container network interface (CNI) stack used by Podman 3.x. +The new stack brings 3 important improvements:
Better support for containers in multiple networks
Better IPv6 support
Better performance
To ensure that nothing breaks with this major change, the old CNI stack will remain the default on existing installations. Bear in mind that Netavark will be released as part of a maintenance update.
Before testing Podman 4 and the new network stack, you will have to destroy all your current containers, images, and networks. +You must export/save any import containers or images on a private registry, or make sure that your Dockerfiles are available for rebuilding and scripts/playbooks/states to reapply any settings, regenerate secrets, etc.
If you have run Podman 3.x before upgrading to Podman 4, Podman will continue to use CNI plugins as it had before. +To begin using Podman 4 with Netavark, you need to run the command podman system reset. +The command will destroy all images, networks and all containers.
For a complete overview of the changes, please check out the upstream 4.0.0 but also 4.1.1, 4.2.0 and 4.3.0 to be informed about all the new features and changes.
2.3.7 Legacy BIOS boot support is deprecated #
With SUSE Linux Enterprise Micro 6.0 legacy BIOS boot support on Intel/AMD 64bit systems (x86_64) is deprecated and will be removed with a later release.
2.3.8 LTTng is deprecated #
SUSE Linux Enterprise Micro 6.0 provides support for LTTng (Linux Trace Toolkit: next generation). Support for LTTng will however be removed in a later SUSE Linux Enterprise Micro version in favor of alternative solutions for tracing like bpftrace.
2.3.9 Cockpit web-based node management system #
For web-based management of a single node, Cockpit is included. For details, refer to https://documentation.suse.com/sle-micro/6.0/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-Cockpit.
There have been new Cockpit modules added to the product. Due to the amount of dependencies, not all of the Cockpit modules are part of the raw images and some have to be installed additionally.
When enabling a firewall via the Cockpit user interface, be aware that your connection to the host may be interrupted unless the Cockpit port is configured to be open in advance.
The SELinux module for Cockpit provides basic functionality for users to troubleshoot their configuration.
+With this release the functionality has been extended with the introduction of the setroubleshoot-server
package.
2.3.10 Managing SUSE Linux Enterprise Micro with SUSE Manager #
SUSE Manager can be used to manage SUSE Linux Enterprise Micro hosts. There are certain limitations:
SUSE Linux Enterprise Micro host cannot be monitored with SUSE Manager
SUSE Manager does not provide integrated container management yet. +As a workaround, you can use Salt via cmd.run podman.
SUSE Manager can manage the SUSE Linux Enterprise Micro hosts only with the Salt stack; the traditional stack is not supported
Ansible control node cannot be installed on SUSE Linux Enterprise Micro
We intend to resolve these issues in the future maintenance updates of SUSE Linux Enterprise Micro on SUSE Manager.
2.3.11 Public Cloud Images #
The Public Cloud instance initialization code has been changed from using Ignition and Afterburn to cloud-init in AWS EC2, cloud-init and the Azure agent in Azure, and the Google guest environment for GCE. This means configuration of instances through user data now behaves the same as SUSE Linux Enterprise Server, any version, instances. This also addresses the issue in Azure with the state detection of the VM. The web console will now properly show a VM in "Running" state instead of appearing to be stuck in "Provisioning". This also allows user configuration through the web console in Azure and user configuration using the customary ways in AWS EC2 and GCE.
2.3.12 Default container registries #
The container registry entries for Docker Hub and openSUSE Registry, which were previously included by default, have now been removed.
+If you want to pull container images from either of them, add them to the /etc/containers/registries.conf
file.
2.3.13 Miscellaneous #
2.3.13.1 IMA EVM signing plugin #
A RPM plugin for IMA (Integrity Measurement Architecture)/EVM (Linux Extended Verification Module) signing has been added. +The plugin is installed as part of the following package:
rpm-imaevmsign
2.4 Arm 64-bit-specific features and fixes (AArch64) #
Information in this section applies to SLE Micro 6.0.
2.4.1 System-on-Chip driver enablement #
SLE Micro 6.0 includes driver enablement for the following +System-on-Chip (SoC) chipsets:
Ampere* X-Gene*, eMAG*, Altra*, Altra Max, AmpereOne*
AWS* Graviton, Graviton2, Graviton3
Broadcom* BCM2837/BCM2710, BCM2711
Fujitsu* A64FX
Huawei* Kunpeng* 916, Kunpeng 920
Marvell* ThunderX*, ThunderX2*; OCTEON TX*; Armada* 7040, Armada 8040
NVIDIA* Grace; Tegra* X1, Tegra X2, Xavier*, Orin; BlueField*, BlueField-2, BlueField-3
NXP* i.MX 8M, 8M Mini; Layerscape* LS1012A, LS1027A/LS1017A, LS1028A/LS1018A, LS1043A, LS1046A, LS1088A, LS2080A/LS2040A, LS2088A, LX2160A
Rockchip RK3399
Socionext* SynQuacer* SC2A11
Xilinx* Zynq* UltraScale*+ MPSoC
Driver enablement is done as far as available and requested. +Refer to the following sections for any known limitations.
Some systems might need additional drivers for external chips, such as a +Power Management Integrated Chip (PMIC), which may differ between systems +with the same SoC chipset.
For booting, systems need to fulfill either the Server Base Boot Requirements (SBBR)
+or the Embedded Base Boot Requirements (EBBR),
+that is, the Unified Extensible Firmware Interface (UEFI) either
+implementing the Advanced Configuration and Power Interface (ACPI) or
+providing a Flat Device Tree (FDT) table. If both are implemented, the kernel
+will default to the Device Tree; the kernel command line argument acpi=force
can
+override this default behavior.
Check for SUSE YES! certified systems, +which have undergone compatibility testing.
2.4.2 NVIDIA Orin minimum firmware requirements #
SLES 15 SP5 and SLE Micro 5.5 added initial enablement for the +NVIDIA Orin* SoC (T234), which is found on Jetson* AGX Orin, +Jetson Orin NX and Jetson Orin Nano System-on-Modules (SoM) +as well as NVIDIA IGX Orin based systems.
NVIDIA JetPack* 6.0 boot firmware and Linux kernel 6.5 +changed the Application Binary Interface (ABI) +for numbering General Purpose Input/Output (GPIO) pins — specifically the main GPIO ports X, Y, Z, AC, AD, AE, AF and AG — referenced in the machine-specific vendor Device Tree (DT) binary +for NVIDIA Orin based systems.
SLE Micro 6.0 adopts the behavior of the latest kernels +and requires NVIDIA JetPack 6.0 or later boot firmware to be flashed +on any NVIDIA Orin based platforms.
Refer to your system vendor’s documentation for how to enter Recovery Mode and
+to flash the boot firmware.
+For example: sudo ./flash.sh device-identifier-and-boot-medium external
3 Obtaining source code #
This SUSE product includes materials licensed to SUSE under the GNU +General Public License (GPL). +The GPL requires SUSE to provide the source code that corresponds to the +GPL-licensed material. +The source code is available for download at https://www.suse.com/download/sle-micro/ on Medium 2. +For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. +Send requests by e-mail to sle_source_request@suse.com. +SUSE may charge a reasonable fee to recover distribution costs.
4 Legal notices #
SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. +Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.
Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. +Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. +You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. +You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. +You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. +Refer to https://www.suse.com/company/legal/ for more information on exporting SUSE software. +SUSE assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2024-2024 SUSE LLC. +
This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.
SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. +In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.
For SUSE trademarks, see the SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). +All third-party trademarks are the property of their respective owners.