Deployment Guide
- About This Guide
- 1 Planning for SUSE Linux Enterprise Desktop
- I Manual Deployment
- 2 Deployment Strategies
- 3 Installation with YaST
- 4 Updating SUSE Linux Enterprise
- 5 Setting Up Hardware Components with YaST
- 6 Installing or Removing Software
- 7 Installing Add-On Products
- 8 Installing Multiple Kernel Versions
- 9 Managing Users with YaST
- 10 Changing Language and Country Settings with YaST
- 11 Remote Installation
- 12 Advanced Disk Setup
- 13 Subscription Management
- II Imaging and Creating Products
- III Automated Installations
- A Documentation Updates
- B GNU Licenses
4 Updating SUSE Linux Enterprise
SUSE® Linux Enterprise (SLE) allows to update an existing system to the new version, for example, going from SLE 11 SP3 to SLE 12. No new installation is needed. Existing data, such as home and data directories and system configuration, is kept intact. You can update from a local CD or DVD drive or from a central network installation source.
If you are familiar with SUSE Linux Enterprise updates, upgrades and service packs in general, you can check the terminology section for news and then dive right into the update overview section. This shows the available update possibilities and guides you in planning the overall update, and the subsequent sections: step-by-step update instructions to the current release, SUSE Linux Enterprise Desktop 12.
The rest of the chapter gives background information on the SUSE product lifecycles and Service Pack releases, recommended upgrade policies, how SUSE Linux Enterprise software is current despite non-current version numbers ("backports"), and further material referenced by the step-by-step update instructions.
4.1 Background Info: Terminology #
This chapter uses several terms. In order to understand the information, read the definitions below:
- Backporting
Backporting is the act of adapting specific changes from a newer version of software and applying it to an older version. The most commonly used case is fixing security holes in older software components. Usually it is also part of a maintenance model to supply enhancements or (less commonly) new features.
- Delta RPM
A delta RPM consists only of the binary diff between two defined versions of a package, and therefore has the smallest download size. Before being installed, the full RPM package is rebuilt on the local machine.
- Downstream
A metaphor of how software is developed in the open source world (compare it with upstream). The term downstream refers to people or organizations like SUSE who integrate the source code from upstream with other software to build a distribution which is then used by end users. Thus, the software flows downstream from its developers via the integrators to the end users.
- Extensions, Add-On Products
Extensions (also known as add-on products) provide additional functionality of product value to SUSE Linux Enterprise Desktop. They are provided by SUSE and by SUSE partners, and they are registered and installed on top of the base product SUSE Linux Enterprise Desktop.
- Modules
Modules are fully supported parts of SUSE Linux Enterprise Desktop with a different life cycle. They have a clearly defined scope and are delivered via online channel only. Registering at the SUSE Customer Center is a prerequisite for being able to subscribe to these channels.
- Online Migration
Updating to a Service Pack (SP) by using the online update tools (rather than the installation media) to install the respective patches. It updates all packages of the installed system to the latest state—including updates—of SP3 plus SP2 updates.
- Package
A package is a compressed file in
rpmformat that contains all files for a particular program, including optional components like configuration, examples, and documentation.- Patch
A patch consists of one or more packages and may be applied by means of delta RPMs. It may also introduce dependencies to packages that are not installed yet.
- Major Release, General Availability (GA) Version
The Major Release of SUSE Linux Enterprise (or any software product) is a new version which brings new features and tools, decomissions previously deprecated components and comes with backwards incompatible changes.
- Service Packs (SP)
Combines several patches into a form which is easy to install or deploy. Service packs are numbered and usually contain security fixes, updates, upgrades, or enhancements of programs.
- Upstream
A metaphor of how software is developed in the open source world (compare it with downstream). The term upstream refers to the original project, author or maintainer of a software that is distributed as source code. Feedback, patches, feature enhancements, or other improvements flow from end users or contributors to upstream developers. They decide if the request will be integrated or rejected.
If the project members decide to integrate the request, it will show up in newer versions of the software. An accepted request will benefit all parties involved.
If a request is not accepted, it may be for different reasons. Either it is in a state which is not compliant with the project's guidelines, it is invalid, it is already integrated, or it is not in the interest or roadmap of the project. An unaccepted request makes it harder for upstream developers as they need to synchronize their patches with the upstream code. This practice is generally avoided, but sometimes it is still needed.
- Update
Installation of a newer minor version of a package.
- Upgrade
Installation of a newer major version of a package or distribution, which brings new features.
4.2 Supported Upgrade Paths for SLE #
SUSE Linux Enterprise supports direct upgrades from one release to the next. For example, if you currently run SUSE Linux Enterprise 11 SP2, you will upgrade in two steps, first to SUSE Linux Enterprise 11 SP3 and then to SUSE Linux Enterprise 12.
It is not possible to skip an intermediate release when updating. For that reason, when you are running several versions back, like SUSE Linux Enterprise 10 or SUSE Linux Enterprise 11 SP1, SUSE recommends to consider a fresh installation instead of a long sequence of upgrades.
Important: Cross-architecture Upgrades Are Not Supported
Cross-architecture upgrades, such as upgrading from a 32-bit version of SUSE Linux Enterprise Desktop to the 64-bit version, or upgrading from big endian to little endian are not supported!
Specifically, SLE 11 SP3 on POWER (big endian) to SLE 12 on POWER (new: little endian!), is not supported.
Also, as SUSE Linux Enterprise 12 is 64bit only, upgrades from any 32bit SUSE Linux Enterprise 11 systems to SUSE Linux Enterprise 12 are not supported.
- Upgrading from SUSE Linux Enterprise 10 (any Service Pack)
There is no supported direct migration path to SUSE Linux Enterprise 12. A fresh installation is recommended instead.
- Upgrading from SUSE Linux Enterprise 11 GA or SUSE Linux Enterprise 11 SP1
There is no supported direct migration path to SUSE Linux Enterprise 12.
If you cannot do a fresh install, you need to first update from SUSE Linux Enterprise 11 GA to SP1, and then from SUSE Linux Enterprise 11 SP1 to SP2, before you can proceed. These steps are described in the SUSE Linux Enterprise 11 Deployment Guide (https://www.suse.com/documentation/sles11/).
Then proceed with the next step:
- Upgrading from SUSE Linux Enterprise 11 SP2
There is no supported direct migration path to SUSE Linux Enterprise 12.
If you cannot do a fresh install, you need to upgrade from SUSE Linux Enterprise 11 SP2 to SP3, before you can proceed. These steps are described in the SUSE Linux Enterprise 11 Deployment Guide (https://www.suse.com/documentation/sles11/).
Then proceed with the next step:
- Upgrading from SUSE Linux Enterprise 11 SP3 to SUSE Linux Enterprise 12
Refer to Section 4.4, “Upgrading to SUSE Linux Enterprise 12” for details.
4.3 General Preparations for Updating #
Before starting the update procedure, make sure your system is properly prepared. Among others, preparation involves backing up data and checking the release notes.
4.3.1 Check the Release Notes #
In the release notes you can find additional information on what has changed since the previous release of SUSE Linux Enterprise. Please verify there if your specific hardware or set up needs special considerations, which of your favorite specific software packages have changed significantly, and which precautions you should take in addition to the general recommendations of this section. The Release Notes also provide last minute information and known issues, that couldn't make it to the manual on time.
The current version of the release notes document containing the latest information on SUSE Linux Enterprise Desktop can be read online at http://www.suse.com/doc/.
4.3.2 Make a Backup #
Before updating, copy existing configuration files to a separate medium
(such as tape device, removable hard disk, etc.) to back up the data.
This primarily applies to files stored in /etc as
well as some of the directories and files in /var
and /opt. You may also want to write the user data
in /home (the HOME directories) to a
backup medium. Back up this data as root. Only root has read
permissions for all local files.
If you have selected as the
installation mode in YaST, you can choose to do a (system) backup at a
later point in time. You can choose to include all modified files and
files from the /etc/sysconfig directory. However,
this is not a complete backup, as all the other important directories
mentioned above are missing. Find the backup in the
/var/adm/backup directory.
4.3.3 Partitioning and Disk Space #
Before starting your update, make note of the root partition. The
command df / lists the device name of the root
partition. For example, in Example 4.1, “List with df -h”, the root
partition to write down is /dev/sda3 (mounted as
/).
Example 4.1: List with df -h #
Filesystem Size Used Avail Use% Mounted on /dev/sda3 74G 22G 53G 29% / tmpfs 506M 0 506M 0% /dev/shm /dev/sda5 116G 5.8G 111G 5% /home /dev/sda1 39G 1.6G 37G 4% /windows/C /dev/sda2 4.6G 2.6G 2.1G 57% /windows/D
Software tends to “grow” from version to version.
Therefore, take a look at the available partition space with
df before updating. If you suspect you are running
short of disk space, secure your data before updating and repartitioning
your system. There is no general rule regarding how much space each
partition should have. Space requirements depend on your particular
partitioning profile and the software selected.
4.3.4 Shut Down Virtual Machine Guests #
If your machine serves as a VM Host Server for KVM or Xen, make sure to properly shut down all running VM Guests prior to the update. Otherwise you may not be able to access the guests after the update.
4.4 Upgrading to SUSE Linux Enterprise 12 #
Upgrading from SUSE Linux Enterprise 11 SP3 (or higher) to SUSE Linux Enterprise 12 is supported using one of the following methods:
Manual upgrade, booting from an installation medium (see Section 4.4.1, “Manual Upgrade from SLE 11 SP3 to SLE 12, Using an Installation Source”).
Semi-automated migration, possible via SSH
4.4.1 Manual Upgrade from SLE 11 SP3 to SLE 12, Using an Installation Source #
To upgrade your system this way, you need to boot from an installation source, like you would do for a fresh installation. However, when the boot screen appears, you need to select (instead of ). The installation source to boot from can be one of the following:
A local installation medium (like a DVD, or an ISO image on a USB mass storage device). For detailed instructions, see Section 4.4.1.1, “Upgrading from an Installation Medium”.
A network installation source. You can either boot from the local medium and then select the respective network installation type, or boot via PXE. For detailed instructions, see Section 4.4.1.2, “Upgrading from a Network Installation Source”.
4.4.1.1 Upgrading from an Installation Medium #
The procedure below describes booting from a DVD as an example, but you can also use another local installation medium like an ISO image on a USB mass storage device. The way to select the boot method and to start up the system from the medium depends on the system architecture and on the fact if the machine has a traditional BIOS or UEFI. For details, see the links below.
Procedure 4.1: Manually Upgrading from SLE 11 SP3 to SLE 12, Using a DVD #
Insert DVD 1 of the SUSE Linux Enterprise 12 installation media and boot your machine. A screen is displayed, followed by the boot screen.
Select the respective boot method to start the system from the medium (see Section 3.1, “Choosing the Installation Method”).
Start up the system from the medium (see Section 3.2, “System Start-up for Installation”).
Proceed with the upgrade process as described in Section 4.4.3, “Starting the Upgrade Process After Booting”.
4.4.1.2 Upgrading from a Network Installation Source #
If you want to start an upgrade from a network installation source, make sure that the following requirements are met:
Requirements for Upgrading from a Network Installation Source #
- Network Installation Source
A network installation source is set up according to Section 11.2, “Setting Up the Server Holding the Installation Sources”.
- Network Connection and Network Services
Both the installation server and the target machine have a functioning network connection. The network must provide the following services: a name service, DHCP (optional, but needed for booting via PXE), and OpenSLP (optional).
- Installation Media
You have a SUSE Linux Enterprise DVD 1 (or a local ISO image) at hand to boot the target system or a target system that is set up for booting via PXE according to Section 11.3.5, “Preparing the Target System for PXE Boot”. Refer to Chapter 11, Remote Installation for in-depth information on starting the upgrade from a remote server.
When upgrading from network installation source, you can either boot from the local medium and then select the respective network installation type, or boot via PXE. Select the method of your choice and proceed as described in Procedure 4.2 or Procedure 4.3.
Procedure 4.2: Manually Upgrading from SLE 11 SP3 to SLE 12 via Network Installation Source—Booting from DVD #
This procedure describes booting from a DVD as an example, but you can also use another local installation medium like an ISO image on a USB mass storage device. The way to select the boot method and to start up the system from the medium depends on the system architecture and on the fact if the machine has a traditional BIOS or UEFI. For details, see the links below.
Insert DVD 1 of the SUSE Linux Enterprise 12 installation media and boot your machine. A screen is displayed, followed by the boot screen.
Select the type of network installation source you want to use (FTP, HTTP, NFS, SMB, or SLP). Usually you get this choice by pressing F4, but in case your machine is equipped with UEFI instead of a traditional BIOS, you may need to manually adjust boot parameters. For details, see Installing from a Network Server in Chapter 3, Installation with YaST.
Proceed with the upgrade process as described in Section 4.4.3, “Starting the Upgrade Process After Booting”.
Procedure 4.3: Manually Upgrading from SLE 11 SP3 to SLE 12 via Network Installation Source—Booting via PXE #
To perform an upgrade from a network installation source using PXE Boot, proceed as follows:
Adjust the setup of your DHCP server to provide the address information needed for booting via PXE. For details, see Section 11.3.5, “Preparing the Target System for PXE Boot”.
Set up a TFTP server to hold the boot image needed for booting via PXE. Use DVD 1 of your SUSE Linux Enterprise 12 installation media for this or follow the instructions in Section 11.3.2, “Setting Up a TFTP Server”.
Prepare PXE Boot and Wake-on-LAN on the target machine.
Initiate the boot of the target system and use VNC to remotely connect to the installation routine running on this machine. For more information, see Section 11.5.1, “VNC Installation”.
Proceed with the upgrade process as described in Section 4.4.3, “Starting the Upgrade Process After Booting”.
4.4.2 Automated Migration from SLE 11 SP3 to SLE 12 #
To perform an automated migration, proceed as follows:
Procedure 4.4: Automated Migration from SUSE Linux Enterprise 11 SP3 to SUSE Linux Enterprise 12 #
Copy the installation Kernel
linuxand the fileinitrdfrom/boot/x86_64/loader/of your first installation DVD to your system's/bootdirectory:cp-vi DVDROOT/boot/x86_64/loader/linux /boot/linux.upgradecp-vi DVDROOT/boot/x86_64/loader/initrd /boot/initrd.upgradeDVDROOT denotes the path where your system mounts the DVD, usually
/run/media/$USER/$DVDNAME.Open the GRUB legacy configuration file
/boot/grub/menu.lstand add another section. For other boot loaders, edit the respective configuration file(s). Adjust device names accordingly. For example:title Linux Upgrade Kernel kernel (hd0,0)/boot/linux.upgrade root=/dev/sda1 upgrade=1 OPTIONAL_PARAMETERS initrd (hd0,0)/boot/initrd.upgrade
OPTIONAL_PARAMETERS denote additional boot parameters which you might need to boot your system and perform the upgrade. These may be kernel parameters needed for your system—check if you to need review and copy those from an existing GRUB entry. They also may be SUSE linuxrc parameters, documented online (http://en.opensuse.org/Linuxrc).
If the upgrade should be done automated , add the
autoupgrade=1to the end of thekernelline in your GRUB configuration.Reboot your machine and select the newly added section from the boot menu (here: Linux Upgrade Kernel). You can use
grubonceto preselect the newly created GRUB entry for an unattended automatic reboot into the newly created entry. You can also userebootto initiate the reboot from the command line.Proceed with the usual upgrade process as described in Section 4.4.3, “Starting the Upgrade Process After Booting”.
After the upgrade process was finished successfully, remove the installation Kernel and initrd files (
/boot/linux.upgradeand/boot/initrd.upgrade). They are useless now and are not needed anymore.
4.4.3 Starting the Upgrade Process After Booting #
After you have booted (either from an installation medium or the network), select the entry on the boot screen.
Warning: Wrong Choice May Lead to Data Loss
If you select instead of , data may be lost later. You need to be extra careful to not destroy your data partitions by doing a fresh installation, e.g. by repartitioning the disks (which can destroy the existing partitions) or by reformatting the data partitions (which erases all data on them).
Make sure to select here.
YaST starts the installation system.
On the screen choose and and accept the license agreement. Proceed with .
YaST checks your partitions for already installed SUSE Linux Enterprise systems.
On the screen, select the partition to upgrade and click .
YaST mounts the selected partition and displays all repositories that have been found on the partition that you wan to upgrade.
On the screen, adjust the status of the repositories: enable those you want to include in the upgrade process and disable any repositories that are no longer needed. Proceed with .
On the screen, select whether to register the upgraded system now (by entering your registration data and clicking ) or if to . For details on registering your system, see Section 7.2, “Registering Your System”.
The following screen is the last step before the upgrade starts.
Review the for the upgrade, especially the . Choose between the following options:
, in which case you might miss new features shipped with the latest SUSE Linux Enterprise version.
. Click if you want to enable or disable patterns and packages according to your wishes.
Note: Choice of Desktop
If you used KDE before upgrading to SUSE Linux Enterprise 12 (
DEFAULT_WMin/etc/sysconfig/windowmanagerwas set tokde*), your desktop environment will automatically be replaced with GNOME after the upgrade. By default, KDM display manager will be replaced with GDM.To change the choice of desktop environment or window manager, adjust the software selection by clicking .
If all settings are according to your wishes, start the installation and removal procedure by clicking .
4.4.4 Updating via SUSE Manager #
SUSE Manager is a server solution for providing updates, patches, and security fixes for SUSE Linux Enterprise clients. It comes with a set of tools and a Web-based user interface for management tasks.
The SUSE Manager documentation at http://www.suse.com/doc/ gives an overview of its features as well as instructions on how to set up server and clients.
4.5 Background info: The Product Lifecycle of SUSE Linux Enterprise #
SUSE Linux Enterprise Server has a 13-year life-cycle: 10 years of general support and 3 years of extended support.
SUSE Linux Enterprise Desktop has a 10-year life-cycle: 7 years of general support and 3 years of extended support.
Major releases are made every 4 years. Service packs are made every 18 months.
SUSE supports previous service packs for 6 months after the release of the new service pack. Figure 4.1, “Major Releases and Service Packs” depicts some of the mentioned aspects.
Figure 4.1: Major Releases and Service Packs #
If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support you get an additional 12 to 36 months in twelve month increments, giving you a total of 3 to 5 years of support on any given service pack (see Figure 4.2, “Long Term Service Pack Support”).
Figure 4.2: Long Term Service Pack Support #
4.5.1 Support Levels #
The range for extended support levels starts from year 10 and ends in year 13. These contain continued L3 engineering level diagnosis and reactive critical bug fixes. These support levels proactively update trivial local root exploits in Kernel or other root exploits directly executable without user interaction. Furthermore they support existing workloads, software stacks, and hardware with limited package exclusion list. Find an overview in Table 4.1, “Security Updates and Bug Fixes”.
Table 4.1: Security Updates and Bug Fixes #
|
General Support for Most Recent Service Pack (SP) |
General Support for Previous SP, with LTSS |
Extended Support with LTSS | |||
|---|---|---|---|---|---|
|
Feature |
Year 1-5 |
Year 6-7 |
Year 8-10 |
Year 4-10 |
Year 10-13 |
|
Technical Services |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Access to Patches and Fixes |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Access to Documentation and Knowledge Base |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Support for Existing Stacks and Workloads |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Support for New Deployments |
Yes |
Yes |
Limited (Based on partner and customer requests) |
Limited (Based on partner and customer requests) |
No |
|
Enhancement Requests |
Yes |
Limited (Based on partner and customer requests) |
Limited (Based on partner and customer requests) |
No |
No |
|
Hardware Enablement and Optimization |
Yes |
Limited (Based on partner and customer requests) |
Limited (Based on partner and customer requests) |
No |
No |
|
Driver updates via SUSE SolidDriver Program (formerly PLDP) |
Yes |
Yes |
Limited (Based on partner and customer requests) |
Limited (Based on partner and customer requests) |
No |
|
Backport of Fixes from recent SP |
Yes |
Yes |
Limited (Based on partner and customer requests) |
N/A |
N/A |
|
Critical Security Updates |
Yes |
Yes |
Yes |
Yes |
Yes |
|
Defect Resolution |
Yes |
Yes |
Limited (Severity Level 1 and 2 defects only) |
Limited (Severity Level 1 and 2 defects only) |
Limited (Severity Level 1 and 2 defects only) |
4.5.2 Repository Model #
The repository layout corresponds to the product lifecycles. Table 4.2, “Repository Layout for SUSE Linux Enterprise 11 SP2 and SP3 and for SUSE Linux Enterprise 12” contains a list of all repositories from SUSE Linux Enterprise 11 SP2 to SUSE Linux Enterprise 12.
Table 4.2: Repository Layout for SUSE Linux Enterprise 11 SP2 and SP3 and for SUSE Linux Enterprise 12 #
|
Type |
SLES |
SLED | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Required Repositories |
11 SP2
11 SP3
12
|
11 SP2
11 SP3
12
| ||||||||||||||||||||
|
Optional Repositories |
11 SP2
11 SP3
12
|
11 SP2
11 SP3
12
| ||||||||||||||||||||
|
NEW: Module Specific Repositories |
12
|
12 |
Description of Required Repositories #
- Updates
Maintenance updates to packages in the corresponding
CoreorPoolrepository.- Pool
Containing all binary RPMs from the installation media, plus pattern information and support status metadata.
Description of Optional Repositories #
- Debuginfo-Pool, Debuginfo-Updates
These repositories contain static content. Of these two, only the
Debuginfo-Updatesrepository receives updates. Enable these repositories if you need to install libraries with debug information in case of an issue.
4.5.2.1 Origin of Packages #
SUSE Linux Enterprise 11 SP3.
With the update to SP3 there are only two repositories available:
SLED11-SP3-Pool
and
SLED11-SP3-Updates.
Any previous repositories from SP2 are visible, but not enabled. These
disabled repositories are only needed for users who have particular
needs.
SUSE Linux Enterprise 12.
With the update to SUSE Linux Enterprise 12 there are only two repositories available:
SLED12-GA-Pool
and
SLED12-GA-Updates.
Any previous repositories from SUSE Linux Enterprise 11 SP3 are disabled.
4.5.2.2 Working with Repositories #
On registration, the system receives repositories from the SUSE Customer Center. The
repository names map to specific URIs in the customer center (see
https://scc.suse.com/). To list all available repositories on your
system, use zypper as follows:
zypper repos -u
This gives you a list of all available repositories on your system.
Each repository is listed by its alias, name and whether it is enabled
and will be refreshed. The option -u gives you also
the URI from where it originated.
If you want to remove old repositories (for example, from SP1), use
zypper removerepo and the names of the repositories.
For example, to remove the old SP1 and SP2 repositories, use the
following command:
zypper removerepo SLES11-SP1-Pool SLES11-SP1-Updates \
SLE11-SP1-Debuginfo-Pool SLE11-SP1-Debuginfo-Updates \
SLES11-SP2-Core SLES11-SP2-Updates \
SLE11-SP2-Debuginfo-Core SLES11-SP2-Extension-Store\
SLE11-SP2-Debuginfo-UpdatesIf you want to re-add some of your repositories, log in to https://scc.suse.com/ and select from the menu › . There you can see a list of URIs; Only repositories from this list of products can be added. For example, to add the SP2 Extension Store, use the following command (one line, without the backslash):
zypper addrepo -n SLES11-SP2-Extension-Store \
https://nu.novell.com/repo/\$RCE/SLES11-SP2-Extension-Store/nu_novell_com:SLES11-SP2-Extension-Store4.6 Background: Backporting Source Code #
SUSE extensively uses backports, i.e. the migration of current software fixes and features into released SUSE Linux Enterprise packages. The information in this section helps you understand why it can be deceptive to compare version numbers in order to judge the capabilities and the security of SUSE Linux Enterprise software packages. You'll understand how SUSE keeps the system software secure and current while maintaining compatibility for your application software on top of SUSE Linux Enterprise products. You'll also learn how to check which public security issues actually are addressed in your SUSE Linux Enterprise system software, and how current your software really is.
4.6.1 Why Backporting? #
Upstream developers are primarily concerned with advancing the software they develop. In many cases they combine fixing bugs with introducing new features which have not yet received extensive testing and which may introduce new bugs.
For distribution developers, it is important to distinguish between:
bugfixes with a limited potential for disrupting functionality; and
changes that may disrupt existing functionality.
In most cases, distribution developers do not follow all upstream changes once a package has become part of a released distribution. Usually they stick instead with the upstream version that they initially released and create patches based on upstream changes to fix bugs. This practice is known as backporting.
Distribution developers generally will only introduce a newer version of software in two cases:
when the changes between their packages and the upstream versions have become so large that backporting is no longer feasible, or
for software that inherently ages badly, like anti-malware software.
4.6.2 Reasons for Backporting #
SUSE uses backports extensively as we strike a good balance between a number of concerns for enterprise software. The most important of these are:
Having stable interfaces (APIs) that software vendors can rely on when building products for use on SUSE's enterprise products.
Ensuring that packages used in the release of SUSE's enterprise products are of the highest quality and have been thoroughly tested, both in themselves and as part of the whole enterprise product.
Maintaining the various certifications of SUSE's enterprise products by other vendors, like certifications for Oracle or SAP products.
Allowing SUSE's developers to focus on making the next version of the product as good as they can make it, rather than them having to spread their focus thinly across a wide range of releases.
Keeping a clear view of what is in a particular enterprise release, so that our support can provide accurate and timely information about it.
4.6.3 Reasons against Backports #
It is a general policy rule that no new upstream versions of a package are introduced into our enterprise products. This rule is not an absolute rule however. For a limited class of packages, in particular anti-virus software, security concerns weigh heavier than the conservative approach that is preferable from the perspective of quality assurance. For packages in that class, occasionally newer versions are introduced into a released version of an enterprise product line.
Sometimes also for other types of packages the choice is made to introduce a new version rather than a backport. This is done when producing a backport is not economically feasible or when there is a very relevant technical reason to introduce the newer version.
4.6.4 The Implications of Backports for Interpreting Version Numbers #
Because of the practice of backporting, one cannot simply compare version numbers to determine whether a SUSE package contains a fix for a particular issue or has had a particular feature added to it. With backporting, the upstream part of a SUSE package's version number merely indicates what upstream version the SUSE package is based on. It may contain bug fixes and features that are not in the corresponding upstream release, but that have been backported into the SUSE package.
One particular area where this limited value of version numbers when backporting is involved can cause problems is with security scanning tools. Some security vulnerability scanning tools (or particular tests in such tools) operate solely on version information. These tools/tests are thus prone to generating “false positives” (claims that a vulnerable piece of software has been found which in fact is not vulnerable) when backports are involved. When evaluating reports from security scanning tools, one should always investigate whether an entry is based on a version number or on an actual test of whether an actual vulnerability exists.
4.6.5 How to Check Which Bugs are Fixed and Which Features are Backported and Available #
There are a number of locations where information regarding backported bug fixes and features is stored:
The package's changelog:
rpm -q --changelog name-of-installed-package rpm -qp --changelog packagefile.rpm
The output briefly documents the change history of the package.
The package changelog may contain entries like
bnc#1234that refer to bugs in Novell's Bugzilla tracking system or links to other bugtracking systems. (Because of confidentiality policies, not all such information may be accessible to you).A package may contain a
/usr/share/doc/packagename/README.SUSEorREADME.SuSEfile which contains general, high-level information specific to the SUSE package.The RPM source package contains the patches that were applied during the building of the regular binary RPMs as separate files that can be interpreted if you are familiar with reading source code. See Section “Installing or Downloading Source Packages”, Chapter 7, Managing Software with Command Line Tools, Administration Guide for installing sources of SUSE Linux Enterprise software, see Section “Installing and Compiling Source Packages”, Chapter 7, Managing Software with Command Line Tools, Administration Guide for building packages on SUSE Linux Enterprise and see the Maximum RPM (http://www.rpm.org/max-rpm/) book for the inner workings of SUSE Linux Enterprise software package builds.
For security bug fixes, the SUSE security announcements (http://www.suse.com/support/security/#1). These often refer to bugs through standardized names like
CAN-2005-2495which are maintained by the Common Vulnerabilities and Exposures (http://cve.mitre.org) project.
4.7 Background: Migration Hooks for YaST Wagon #
Migration hooks allow you to run a custom external script at some point during the migration process. These scripts allow you to handle specific problems that cannot be handled via the usual RPM scripts, or allow you to perform any extra actions that might be needed during migration (not required during normal package update).
The migration hooks are executed with root privileges so it is possible to do any maintenance tasks in the scripts (starting/stopping services, data backup, data migration, etc...). The scripts must not be interactive; STDIN and STDOUT are redirected to pipes when running in YaST. The X session should not be used, as it might not be available in all cases (for example, when running in text mode). Do not forget to set the executable permission for the hook scripts.
Migration hooks are supported in
yast2-wagon package
version 2.17.32.1 (provided as an update for SLES11-SP2) or 2.17.34
(included in SLES11-SP3) or higher versions.
4.7.1 Hook Script Location and Name Conventions #
The scripts are searched in
/var/lib/YaST2/wagon/hooks/ directory. The expected
script name is in the format
step_seq_prefix_name, where:
- step
is a predefined migration step name, describing the current migration step.
- seq
is a sequence number in range 00...99, which makes it possible to set the order in which the scripts are executed. (It is important to keep the zeros at the beginning to enable correct sorting!)
- prefix
should be unique to avoid conflicts (like a namespace). Use package name (if it is part of a package) or your vendor name, Internet domain name, etc., anything that can be considered sufficiently unique
- name
can be any string (used to differentiate the scripts). Some descriptive name is recommended.
Example 4.2: Hook Script with Full Path #
/var/lib/YaST2/wagon/hooks/before_package_migration_00_postgresql_backup
4.7.2 Hook Script Exit Value #
The script should return exit value 0. If it fails (any non-zero exit value) an error message is displayed in Wagon and it is possible to restart the script, ignore the failure (and continue with other scripts) or completely cancel the hooks for the current step and stage.
4.7.3 Idempotent Scripts #
The hook scripts can be potentially run more times (when going back and forth in the Wagon dialogs, Wagon might restart itself or some steps might be executed multiple times in the migration workflow), so the scripts have to cope with that fact (they can check at the beginning whether they need to do the action or the action has been already done or they can create a simple temporary stamp file or otherwise solve multiple runs properly).
4.7.4 List of Supported Hooks #
Some hooks are optional (because the depend on the previous results or depend on user selected values). Note that some hooks are called multiple times (for example, registration is called before migration and after migration). Here is the list of supported hooks (step names) in execution order:
before_initstarted at the very beginning (note: it is called again after Wagon restarts)
before_welcome,after_welcomestarted before/after displaying the welcome dialog
before_registration_check,after_registration_checkWagon checks the registration status (if registration of some products has expired the migration might fail). If everything is OK, no dialog is displayed and Wagon automatically continues with the next step
before_custom_url,after_custom_urlrepository manager is started (optional, in Patch CD mode only)
before_self_update,after_self_updatecalled before/after Wagon updates itself (to ensure the latest version is used for migration)
before_installing_migration_products,after_installing_migration_productscalled before/after installing the migration products
before_selecting_migration_source,after_selecting_migration_sourceWagon asks the user to migrate via SUSE Customer Center repositories or using a custom repository; the next step depends on the user selection
before_registration,after_registrationrunning SUSE register (to add migration repositories)
before_repo_selection,after_repo_selectionmanual repository management
before_set_migration_repo,after_set_migration_reposelecting migration repositories (full/minimal migration when using SUSE Customer Center) or update repository selection (custom repository migration)
before_package_migrationbefore package update starts, after this step the real migration starts and it is not possible to go back to the previous state automatically (aborting in this phase results in an inconsistent (half upgraded) system, and manual rollback is needed)
before_registration,after_registrationrunning SUSE register (to register updated products)
before_congratulate,after_congratulatebefore/after Wagon displays the congratulation dialog as a result of a successful migration
before_exitcalled just before Wagon exits (always, regardless the migration result, also after abort and at restart)
4.7.5 Abort Hooks #
These are special abort hooks which are called when the user aborts the migration. These hooks can be called in any step in the migration workflow therefore the execution order cannot be guaranteed. The scripts need to check the current state if they rely on the results of other hooks.
before_abortuser confirmed aborting the migration
before_abort_rollback,after_abort_rollbackuser confirmed rollback after abort (reverting to the old products installed before starting migration). These hooks are called after before_abort and skipped when the user does not confirm rollback.
4.7.6 Restart Hooks #
These hooks are called whenever Wagon restarts itself.
before_restartWagon is finishing and will be started again
after_restartWagon has restarted and runs the next step in the migration workflow
4.7.7 Usually Used Hooks #
The list of hooks is fairly large, but many of them only make sense in special cases. In normal use cases these should be given preference:
To do some action before the system is migrated (still running the previous version) use the
before_package_migrationhook.At this point it is clear that the migration is ready and is about to start, whereas in all steps before it was possible to abort the migration.
To do some action after the system has migrated (the system is running the new migrated version, but some things might not be active yet, for example, updated kernel requires reboot, updated services might need restart etc..), use
before_congratulateorafter_congratulatehook.This can be also used for cleaning up the temporary results of the
before_package_migrationhook. At this point the migration has successfully finished.To reverse the changes if the migration is aborted, use one of the abort hooks depending on the case. Keep in mind that the abort hooks can be called anytime, so the revert might not be needed (the hook that does the changes might not have been called yet). The abort hooks need to check the current state.
4.7.8 Obsolete Hooks #
Older versions of Wagon supported only two hook scripts:
/usr/lib/YaST2/bin/wagon_hook_init and
/usr/lib/YaST2/bin/wagon_hook_finish. The problem
was that only one script could be run as a hook and it was not possible
to put hooks directly into RPM packages.
These old hook scripts are still supported in newer versions of Wagon
for backward compatibility, but the new hooks
before_init and before_exit should
be used instead of the obsolete ones.