Release Notes #

openSUSE Leap Micro is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services.

openSUSE Leap Micro 5.2 has a 4-year life cycle. For more information, see https://www.suse.com/lifecycle and the Support Policy page at https://www.suse.com/support/policy.html.

There are two types of installation media of openSUSE Leap Micro. The installer ISO allows to install via YaST or AutoYaST, with the possibility to fully customize the installation. The pre-built images contain a system image already pre-configured. Neither of the media is intended to be used for upgrades from the previous version of openSUSE Leap Micro.

There are slight differences between these two:

The images have two things in common:

To upgrade from the previous version, use the transactional-update command. Neither of the media is needed for that.

For web-based management of a single node, Cockpit is included. For details, refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-cockpit.

Compared to the previous release, Cockpit has been updated to the latest version. Due to limited functionality, the Dashboard screen has been removed with this release.

SUSE Manager can be used to manage openSUSE Leap Micro hosts. There are certain limitations:

We intend to resolve these issues in the future maintenance updates of openSUSE Leap Micro on SUSE Manager.

openSUSE Leap Micro includes SELinux with base system policies. Before enabling SELinux, make sure to install the necessary policies for your workload.

If you are running openSUSE Leap Micro as KVM virtualization host, the use of SELinux is strongly discouraged and not supported.

Note that the pre-built images enable SELinux by default in the permissive mode.

openSUSE Leap Micro provides the toolbox container. However, it is not part of the media and needs to be downloaded from https://registry.suse.com. To download from the registry, the system needs network access. For details refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-toolbox.

The toolbox container does not include or inherit a software repository setup from the underlying system. If the underlying system is registered properly, zypper will enable a basic set of repositories (Basesystem and Server Applications modules of SUSE Linux Enterprise Server 15 SP3) when you execute zypper inside the toolbox container. Then you can install additional software into the container.

openSUSE Leap Micro supports Kernel Live Patching, for details refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/cha-images-procedure.html#sec-slemicro-live-patching.

Note that kernel live patching is only available for the x86-64 and s390x architectures. It is also not available for the real-time kernel.

openSUSE Leap Micro includes needed packages for Intel Secure Device Onboard. Intel Secure Device Onboard helps onboard any device to any device management system. With this release, the SDO client has been replaced with FDO client, which is a portable implementation of the FIDO Device Onboard Spec. The packages are only provided as a technology preview and do not offer full support. Using Intel Secure Device Onboard needs proper integration into your target environment and only works on supported hardware.

openSUSE Leap Micro does not support init script of system services, which are usually located in /etc/init.d directory. Even if this directory still exists, it is empty on purpose. systemd unit files should be used instead of initscripts. To start system services or to configure their status on boot, use the systemctl command instead.

The microos_sssd_ldap pattern has been renamed to microos-sssd_ldap (the first dash has been replaced with an underscore). This new name is consistent with other pattern names. Note that your AutoYaST profile may need updating.

The installation workflow for manual installation is described in https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/part-manual-installation.html.

Installing openSUSE Leap Micro with AutoYaST is described in https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/book-autoyast.html.

To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi. Installation with Yomi is a technology preview.

openSUSE Leap Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. openSUSE Leap Micro is also provided as images for specific hardware device with a customized software selection.

For a procedure of deploying an image refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/part-raw-image.html

Upgrade from Leap Micro 5.1 is only possible via the transactional-update tool. For the upgrade procedure, refer to https://en.opensuse.org/Portal:LeapMicro/html/SLE-Micro-all/book-upgrade.html.

When booting the system with SELinux enabled, the console reports:

Failed to transition into init label 'system_u:system_r:init_t:s0'

This message is harmless.

When reloading firewalld via firewall-cmd --reload, all Podman-related rules go missing. For this reason, firewalld is not enabled by default during installation. For more information, see https://github.com/containers/podman/issues/5431.

When booting the pre-built images the first time, two IP addresses may be reported by the ip a command or other tools. This issue only happens on the first boot of the image, on the following boots only a single IP address is assigned to the network interface.

The YaST installer offers installation via VNC. The installer also tries to make it possible to use the final system the same way that the system was initially installed. Therefore, the installer will attempt to install appropriate software and open appropriate firewall ports for later access to the system. However, the VNC server package is only available during the installation, but not for the installed system.

As the VNC server package cannot be installed, the installer will issue a warning. You can safely ignore this warning.

Leap Micro supports SELinux as the security framework, however, some AppArmor packages are still included because of package dependencies. Since they have been reduced since Leap Micro 5.1, it may happen that there are error messages showing in the system journal after upgrade. If this happens, make sure that the apparmor.service service is not enabled in your system.