SUSE Linux Enterprise Server for SAP applications Release Notes #

For the most up-to-date version of the documentation for SUSE Linux Enterprise Server for SAP applications, see:

This section contains information specific to Beta4. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.

Installation of SAP HANA Database System failed.
  Installation of SAP HANA Database failed
    Installation failed
      error installing
        Cannot create system
          Cannot copy file /hana/shared/PBO/global/hdb/saphostagent_setup/sapinit' => '/etc/init.d/sapinit'
            Destination directory /etc/init.d not found: No such file or directory

 Installing SAP Host Agent version 7.22.62...
  Starting SAP HANA Database system...
Installation of SAP HANA Database System failed.
  Installation of SAP HANA Database failed
    Installation failed
      error installing
        Cannot create Instance
          Cannot start system
            Start instance 00 on host 'susetest' (worker) failed.
              Cannot establish http connection to unix domain socket '/tmp/.sapstream50013' (No such file or directory)
            Check the log file for SAP HANA Database error messages

>ERROR     2025-01-22 16:07:29.467 (root/sapinst) (startInstallation) [CSiStepExecute.cpp:1104] id=controller.stepExecuted errno=FCO-00011 >CSiStepExecute::execute()
>The step createPorts with step key >|NW_ABAP_ASCS|ind|ind|ind|ind|0|0|NW_System|ind|ind|ind|ind|system|0|NW_SAPHostAgent|ind|ind|ind|ind|hostagent|0|createPorts was executed with status ERROR (Last error reported by the step: Node /etc/services does not exist).

This section contains information specific to Beta2. We are working on fixing the problems mentioned here. The content of this section will be removed for the final released product.

2.3.1 Not possible to SSH after installation #

 

After installation of SUSE Linux Enterprise Server for SAP applications, SSH is not enabled by default.

To enable SSH during installation, provide a SSH public key for the root user.

Note

This behavior differs between SUSE Linux Enterprise Server and SUSE Linux Enterprise Server for SAP Applications. In SUSE Linux Enterprise Server, SSH is enabled by default during installation even if public key for root is not provided.

This section lists features and packages that were removed from SUSE Linux Enterprise Server for SAP applications or will be removed in upcoming versions.

The full list of changed packages compared to 15 SP7 can be seen at this URL:

https://documentation.suse.com/package-lists/sle/16.0/package-changes_SLE-15-SP7-GA_SLE-16.0-GA.txt

The full list of changed modules compared to 15 SP7 can be seen at this URL:

https://documentation.suse.com/package-lists/sle/16.0/module-changes_SLE-15-SP7-GA_SLE-16.0-GA.txt

To receive support, you need an appropriate subscription with SUSE. For more information, see https://example.com/support.

The following definitions apply:

For contracted customers and partners, SUSE Linux Enterprise Server is delivered with L3 support for all packages, except for the following:

SUSE will only support the usage of original packages. That is, packages that are unchanged and not recompiled.

To learn about supported features and limitations, refer to the following sections in this document:

Technology previews are packages, stacks, or features delivered by SUSE to provide glimpses into upcoming innovations. Technology previews are included for your convenience to give you a chance to test new technologies within your environment. We would appreciate your feedback! If you test a technology preview, contact your SUSE representative and let them know about your experience and use cases. Your input is helpful for future development.

Technology previews come with the following limitations:

This is most likely due to the Nouveau open-source Nvidia driver being used and not working properly. As a workaround, first disable Nouveau before installation by adding this kernel parameter:

rd.driver.blacklist=nouveau

Then install the proprietary NVIDIA driver.

Currently, libpulp supports ULP (user space live patching) of glibc and openssl binaries on the following architectures:

For more information see https://documentation.suse.com/sles/15-SP7/html/SLES-all/cha-ulp.html

The util-linux mount command has switched from the old string-based method to the new kernel mountfd API. This change introduces new features but also comes with some minor incompatibilities.

There is a special case that cannot be handled by mountfd and needs to be handled by applications:

If the first mount is read-only, then the physical filesystem is mounted read-only, and later mounting of the same file system as read-write is not possible. To solve this problem, the first mount needs to be read-only on the virtual layer only, keeping the physical layer read-write. The userspace fix is simple. Instead of:

mount -oro

use

mount -oro=vfs

This will keep the physical layer read-write, but the virtual file system layer (and the userspace access) read-only.

The persistent network naming scheme used in SLES 15 became legacy with the switch to the systemd predictable network names. For complicated setups, we recommend using systemd.link.

For more information, see:

Note

In the future, when upgrading from SL Micro to SLES 16.1 (so-called "SLE merge"), some systems will have net.ifnames=0 set on their kernel command line (this is the case for new installations of SL Micro 6.0 and 6.1). This boot option will prevent the system from switching to the predictable naming scheme and it will need to be removed.

Main configuration files have been moved from /etc to /usr. This ensures that main configuration files have lower precedence, allowing them to be overriden by package-supplied drop-in snippets.

Local configuration should be created by either modifying the default file in /usr (or a copy of it placed in /etc if the original file is shipped in /usr), or by creating drop-in snippets in the appropriate directory in (for example, /etc/systemd/coredump.conf.d/) - this is recommended.

Remove configurations in /etc to restore defaults.

Previously, it was possible to SSH as root using password-based authentication. In SLES 16.0 only key-based authentication is allowed by default. Systems upgraded to 16.0 from a previous version will carry over the old behavior. New installations will enforce the new behavior.

Installing the package openssh-server-config-rootlogin restores the old behavior and allows password-based login for the root user.

SUSE Linux Enterprise Server 16.0 requires hardware to meet requirements on these architectures:

Note

POWER9 systems may work with SLES 16.0 but are not supported by IBM, the hardware vendor.

Due to FIPS 140-3 certification requirements, the SHA1 cryptographic algorithm will be disabled or marked unapproved when running in FIPS mode.

The tuned package contains a daemon that tunes system settings dynamically.

This is a new feature in madvise() that installs a lightweight guard region into a specified address range.

See madvise() man page for more information.

The following messages are sometimes displayed when launching specific applications:

These messages are harmless and can be ignored.

NFS over TLS is now supported for storage traffic.

In SLES 16.0, sapconf is replaced with saptune. saptune will also be enabled with a base tuning, similar to sapconf. Base tuning only will be enabled if saptune was not configured before (no SAP Notes or Solutions selected).

The himmelblau package has been added. It provides interoperability with for Microsoft Azure Entra ID and Intune. It supports Linux authentication to Microsoft Azure Entra ID via PAM and NSS modules.

For more information see https://github.com/himmelblau-idm/himmelblau.

Legacy BIOS is still supported in SUSE Linux Enterprise Server 16.0. However, some features are not available when using it (for example, full-disk encryption with TPM). Finally, support for legacy BIOS will be discontinued in the future. For that reason we recommend switching to UEFI at the nearest opportunity.

In SUSE Linux Enterprise Server 16.0, /tmp is no longer persistent between reboots but uses tmpfs instead. See https://susedoc.github.io/doc-modular/main/html/SLE-comparison/index.html#sle16-tmp for more information.

SUSE Linux Enterprise Server 16.0 only supports 64-bit binaries. Support for 32-bit binaries (or 31-bit binaries on IBM Z) has been removed.

This means that statically-linked 32-bit binaries (or 31-bit binaries on IBM Z) and container images cannot be run anymore. 32-bit syscalls are still enabled by default on arm64, and can be enabled on x86_64 via the kernel parameter ia32_emulation. On other architectures it’s disabled without any option to enable it.

Customers who need to build kernel modules or rebuild the kernel must use the same compiler version the kernel was built with. The kernel is built with gcc version 13, which is not the default compiler. Install the gcc version 13 compiler using the gcc13 package and invoke it with the command gcc-13. This specific compiler version is only supported for building kernel modules and the kernel.

We have added support for the glibc-HWCAPS feature which loads optimized versions of libraries for specific newer CPUs automatically.

The build infrastructure for this feature is enabled for the following libraries:

Warning

If you install the system using only a root password and do not provide an SSH key for the root user, sshd will not be enabled automatically after installation. You will not be able to log in remotely as root using the password.

By default, remote password-based root login is disabled. The installer enables the sshd service only when an SSH key for root is configured during setup. To allow remote root login, configure an SSH key for root during installation.

Previously, all user accounts belonged to a single users group.

Now instead of being added to the common users group, each new user now gets their own primary group matching their username. This is due to USERGROUPS_ENAB being enabled in /usr/etc/login.defs. This change affects all new installations and upgraded systems that did not change the default /etc/login.defs. This has several consequences:

SysV init.d scripts have been deprecated since SLES 15 SP2.

In SLES 16.0, support of SysV init.d scripts has been removed.

The /etc/services file is just a dummy file that will be removed in the future. Software that appends to it without creating it should have its behavior changed.

Currently, the installer does not allow for setting up network interfaces using the UI. However, in the meantime you can use dracut-like command-line options, for example:

ifname=<interface>:<MAC>
ip=<interface>:dhcp

Additionally, the inst.copy_network is not available in Beta4.

For running SAP workloads on SUSE Linux Enterprise Server 16.0, do the following:

FIPS 140-3 installation has not been fully validated and may cause unexpected software failure or crashes. Therefore, we discourage you from using it on Beta4.

SUSE Linux Enterprise Server 16.0 requires a CPU that supports a so-called "x86-64-v2" microarchitecture. Due to this, running a SLES image using QEMU currently results in a kernel crash.

As a workaround you can run QEMU with the -cpu host argument.

The libnsl.so.1 library has been deprecated in SLES 15 and finally removed in SUSE Linux Enterprise Server 16.0.

As a workaround for applications that cannot be installed without it (but presumaly do not use it for anything), we provide the libnsl-stub1 package that includes ABI-compatible but otherwise function-less stub of the library file.

Due to an upstream bug, firewalld might take a long time or time out when adding many interfaces. The error occurs when firewalld is restarted after applying such a configuration. The following message appears in the system logs:

ERROR:dbus.proxies:Introspect error on :1.18:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply.
Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.

See https://github.com/firewalld/firewalld/issues/1399 for more information.

SUSE Linux Enterprise Server 16.0 has switched from YaST to Cockpit for manual system administration. We have enhanced Cockpit with new modules with the intention to upstream them later. Despite being functional, bugs might appear and features might be missing.

New modules

Enhanced modules

Upstream modules

cockpit, cockpit-bridge, cockpit-kdump, cockpit-machines, cockpit-networkmanager, cockpit-podman, cockpit-selinux, cockpit-storaged, cockpit-system, cockpit-ws: these modules are updated to the recent stable base version 332 (or their respective).

Default selection

Installation of the pattern cockpit will pull in the following modules: cockpit, cockpit-bridge, cockpit-networkmanager, cockpit-packagekit, cockpit-packages, cockpit-repos, cockpit-selinux, cockpit-storaged, cockpit-subscriptions, cockpit-system, cockpit-ws.

In SUSE Linux Enterprise Server 16.0 dovecot has been upgraded to version 2.4. The configuration of this version is incompatible with the previous versions.

Configuration has to be updated manually. For more information see https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html.

Currently, choosing disk configurations other than "An existing disk" (installation to a single disk) suffer from poor usability. This is expected to change in a future update.

There is currently a known issue that adds a non-functioning zypper repository which prevents zypper from working correctly.

To fix this issue, remove the repository in question and add the installation medium repository manually:

SUSE Linux Enterprise Server 16.0 uses cgroup v2 by default and v1 is unsupported. If you need to use cgroup v1, SLES 15 SP6 can be switched to hybrid mode using a boot parameter.

In SLES 16.0, the default Linux CPU frequency scaling driver for AMD EPYC Turin (and later processors) has shifted to the AMD P-State driver to enable autonomous frequency scaling.

With the AMD P-State driver, it enables the use of the Energy Performance Preference (EPP) for more granular control over performance versus power efficiency to adjust the CPU frequencies based on workload and hardware feedback dynamically.

The ability to run KVM Guests in an LPAR is a new feature in PowerVM Firmware 1060.10 release and supported in SUSE Linux Enterprise Server 16.0. This enables users to run KVM guests in a PowerVM LPAR bringing industry standard Linux KVM virtualization stack to IBM PowerVM, which easily integrates with existing Linux virtualization ecosystem. This enables a lot of interesting usecases which were earlier difficult to realize in a PowerVM LPAR.

KVM in a PowerVM LPAR is a new type of LPAR (logical partition) that allows the SUSE Linux Enterprise Server 16.0 kernel to host KVM guests inside an LPAR on PowerVM. A KVM enabled LPAR allows standard Linux KVM tools (for example, virsh) to create and manage lightweight Linux Virtual Machines (VM). A KVM Linux LPAR uses dedicated cores which enables Linux to have full control of when Linux VMs are scheduled to run, just like KVM on other platforms.

If you install SUSE Linux Enterprise Server for POWER with the GNOME desktop on LPAR and try to login via the HMC virtual terminal, the login may time out while entering your credentials.

To work around this issue, disable the Plymouth graphical boot screen by appending the boot parameter plymouth.enable=0 to the kernel command line.

SLES 16.0 includes driver enablement for the following System-on-Chip (SoC) chipsets:

Note

Driver enablement is done as far as available and requested. Refer to the following sections for any known limitations.

Some systems might need additional drivers for external chips, such as a Power Management Integrated Chip (PMIC), which may differ between systems with the same SoC chipset.

For booting, systems need to fulfill either the Server Base Boot Requirements (SBBR) or the Embedded Base Boot Requirements (EBBR), that is, the Unified Extensible Firmware Interface (UEFI) either implementing the Advanced Configuration and Power Interface (ACPI) or providing a Flat Device Tree (FDT) table. If both are implemented, the kernel will default to the Device Tree; the kernel command line argument acpi=force can override this default behavior.

Check for SUSE YES! certified systems, which have undergone compatibility testing.

The following features and packages have been removed in this release.

The following features and packages are deprecated and will be removed in a future version of SUSE Linux Enterprise Server.