openSUSE Leap Micro 5.2

Release Notes

Abstract

openSUSE Leap Micro is a modern operating system primarily targeted for edge
computing. This document provides a high-level overview of features,
capabilities, and limitations of openSUSE Leap Micro 5.2.

These release notes are updated periodically. The latest version of these
release notes is always available at https://doc.opensuse.org. General
documentation can be found at https://en.opensuse.org/Portal:LeapMicro.

Publication Date: 2022-05-02, Version: 5.2.20220427

1 openSUSE Leap Micro
2 About the release notes
3 Changes affecting all architectures
4 General features and fixes
5 Installing openSUSE Leap Micro
6 Known issues
7 Obtaining source code
8 Legal notices

1 openSUSE Leap Micro

openSUSE Leap Micro 5.2 is a modern operating system primarily targeted for
edge computing.

1.1 Documentation and other information

1.1.1 Available on the product media

  o Read the READMEs on the media.

  o Get the detailed change log information about a particular package from the
    RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm

  o Check the ChangeLog file in the top level of the installation medium for a
    chronological log of all changes made to the updated packages.

  o Find more information in the docu directory of the installation medium of
    openSUSE Leap Micro 5.2. This directory includes PDF versions of the
    openSUSE Leap Micro 5.2 Installation Quick Start Guide.

1.1.2 Online documentation

  o For the most up-to-date version of the documentation for openSUSE Leap
    Micro 5.2, see https://en.opensuse.org/Portal:LeapMicro.

  o Find a collection of White Papers in the openSUSE Leap Micro Resource
    Library at https://www.suse.com/products/server#resources.

1.2 Support and life cycle

openSUSE Leap Micro is backed by award-winning support from SUSE, an
established technology leader with a proven history of delivering
enterprise-quality support services.

openSUSE Leap Micro 5.2 has a 4-year life cycle. For more information, see
https://www.suse.com/lifecycle and the Support Policy page at https://
www.suse.com/support/policy.html.

2 About the release notes

These Release Notes are identical across all architectures, and the most recent
version is always available online at https://doc.opensuse.org.

Entries are only listed once but they can be referenced in several places if
they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent
releases. Certain important entries from the release notes of previous product
versions are repeated. To make these entries easier to identify, they contain a
note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you
are skipping one or more service packs, check the release notes of the skipped
service packs as well. If you are only reading the release notes of the current
release, you could miss important changes.

3 Changes affecting all architectures

Information in this section applies to all architectures supported by openSUSE
Leap Micro 5.2.

4 General features and fixes

Information in this section applies to all architectures supported by openSUSE
Leap Micro 5.2.

4.1 Installation media

There are two types of installation media of openSUSE Leap Micro. The installer
ISO allows to install via YaST or AutoYaST, with the possibility to fully
customize the installation. The pre-built images contain a system image already
pre-configured. Neither of the media is intended to be used for upgrades from
the previous version of openSUSE Leap Micro.

There are slight differences between these two:

  o the software selection for the default installation from the ISO contains
    fewer packages than the pre-built image

  o firewalld is only installed from the ISO if the firewall is enabled during
    installation

The images have two things in common:

  o SELinux is not enabled by default

  o firewalld is not enabled by default

To upgrade from the previous version, use the transactional-update command.
Neither of the media is needed for that.

4.2 Cockpit web-based node management system

For web-based management of a single node, Cockpit is included. For details,
refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/
article-administration-slemicro.html#sec-admin-cockpit.

Compared to the previous release, Cockpit has been updated to the latest
version. Due to limited functionality, the Dashboard screen has been removed
with this release.

4.3 Managing openSUSE Leap Micro with SUSE Manager

SUSE Manager can be used to manage openSUSE Leap Micro hosts. There are certain
limitations:

  o openSUSE Leap Micro host cannot be monitored with SUSE Manager

  o SUSE Manager does not provide integrated container management yet. As a
    workaround, you can use Salt via cmd.run podman.

  o SUSE Manager can manage the openSUSE Leap Micro hosts ony with the Salt
    stack; the traditional stack is not supported

  o Ansible control node cannot be instaled on openSUSE Leap Micro

We intend to resolve these issues in the future maintenance updates of openSUSE
Leap Micro on SUSE Manager.

4.4 Enabling SELinux

openSUSE Leap Micro includes SELinux with base system policies. Before enabling
SELinux, make sure to install the necessary policies for your workload.

If you are running openSUSE Leap Micro as KVM virtualization host, the use of
SELinux is strongly discouraged and not supported.

Note that the pre-built images enable SELinux by default in the permissive
mode.

4.5 toolbox container

openSUSE Leap Micro provides the toolbox container. However, it is not part of
the media and needs to be downloaded from https://registry.suse.com. To
download from the registry, the system needs network access. For details refer
to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/
article-administration-slemicro.html#sec-admin-toolbox.

The toolbox container does not include or inherit a software repository setup
from the underlying system. If the underlying system is registered properly,
zypper will enable a basic set of repositories (Basesystem and Server
Applications modules of SUSE Linux Enterprise Server 15 SP3) when you execute
zypper inside the toolbox container. Then you can install additional software
into the container.

4.6 Kernel Live Patching

openSUSE Leap Micro supports Kernel Live Patching, for details refer to https:/
/en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/cha-images-procedure.html#
sec-slemicro-live-patching.

Note that kernel live patching is only available for the x86-64 and s390x
architectures. It is also not available for the real-time kernel.

4.7 Intel Secure Device Onboard (SDO)

openSUSE Leap Micro includes needed packages for Intel Secure Device Onboard.
Intel Secure Device Onboard helps onboard any device to any device management
system. With this release, the SDO client has been replaced with FDO client,
which is a portable implementation of the FIDO Device Onboard Spec. The
packages are only provided as a technology preview and do not offer full
support. Using Intel Secure Device Onboard needs proper integration into your
target environment and only works on supported hardware.

4.8 System V init scripts

openSUSE Leap Micro does not support init script of system services, which are
usually located in /etc/init.d directory. Even if this directory still exists,
it is empty on purpose. systemd unit files should be used instead of
initscripts. To start system services or to configure their status on boot, use
the systemctl command instead.

4.9 Rename of the microos-sssd_ldap pattern

The microos_sssd_ldap pattern has been renamed to microos-sssd_ldap (the first
dash has been replaced with an underscore). This new name is consistent with
other pattern names. Note that your AutoYaST profile may need updating.

5 Installing openSUSE Leap Micro

openSUSE Leap Micro 5.2 can be installed in the following ways:

  o Section 5.1, "Manually installing with YaST"

  o Section 5.2, "Unattended installation with AutoYaST"

  o Section 5.3, "Unattended installation with Yomi (technology preview)"

  o Section 5.4, "Deploying pre-built images"

5.1 Manually installing with YaST

The installation workflow for manual installation is described in https://
en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/
part-manual-installation.html.

5.2 Unattended installation with AutoYaST

Installing openSUSE Leap Micro with AutoYaST is described in https://
en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/book-autoyast.html.

5.3 Unattended installation with Yomi (technology preview)

To learn how to install a system with Yomi, see the SUSE Manager documentation,
section Install using Yomi. Installation with Yomi is a technology preview.

5.4 Deploying pre-built images

openSUSE Leap Micro is provided as raw images which can be deployed directly to
a storage device, for example, a memory card, a USB stick, or a hard drive.
openSUSE Leap Micro is also provided as images for specific hardware device
with a customized software selection.

For a procedure of deploying an image refer to https://en.opensuse.org/
Portal:LeapMicro/html/SLE-Micro-all/part-raw-image.html

5.5 Upgrade from previous version

Upgrade from Leap Micro 5.1 is only possible via the transactional-update tool.
For the upgrade procedure, refer to https://en.opensuse.org/Portal:LeapMicro/
html/SLE-Micro-all/book-upgrade.html.

6 Known issues

6.1 Error on console while booting with SELinux enabled

When booting the system with SELinux enabled, the console reports:

Failed to transition into init label 'system_u:system_r:init_t:s0'

This message is harmless.

6.2 Podman and firewalld

When reloading firewalld via firewall-cmd --reload, all Podman-related rules go
missing. For this reason, firewalld is not enabled by default during
installation. For more information, see https://github.com/containers/podman/
issues/5431.

6.3 Pre-built images report two IP addresses on first boot

When booting the pre-built images the first time, two IP addresses may be
reported by the ip a command or other tools. This issue only happens on the
first boot of the image, on the following boots only a single IP address is
assigned to the network interface.

6.4 VNC package cannot be installed during installation

The YaST installer offers installation via VNC. The installer also tries to
make it possible to use the final system the same way that the system was
initially installed. Therefore, the installer will attempt to install
appropriate software and open appropriate firewall ports for later access to
the system. However, the VNC server package is only available during the
installation, but not for the installed system.

As the VNC server package cannot be installed, the installer will issue a
warning. You can safely ignore this warning.

6.5 AppArmor error messages in log after upgrade

Leap Micro supports SELinux as the security framework, however, some AppArmor
packages are still included because of package dependencies. Since they have
been reduced since Leap Micro 5.1, it may happen that there are error messages
showing in the system journal after upgrade. If this happens, make sure that
the apparmor.service service is not enabled in your system.

7 Obtaining source code

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires SUSE to provide the source code that
corresponds to the GPL-licensed material. The source code is available for
download at https://en.opensuse.org/Portal:LeapMicro on Medium 2. For up to
three years after distribution of the SUSE product, upon request, SUSE will
mail a copy of the source code. Send requests by e-mail to
sle_source_request@suse.com. SUSE may charge a reasonable fee to recover
distribution costs.

8 Legal notices

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Refer to https://www.suse.com/company
/legal/ for more information on exporting SUSE software. SUSE assumes no
responsibility for your failure to obtain any necessary export approvals.

Copyright (C) 2021-2022 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see the SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

(C) 2022 SUSE

