Production release: CloudLinux 7 hybrid with 4.18 kernel
Today, I’m here to let you know that CloudLinux OS 7 hybrid with a 4.18 kernel is released to production. Now you can take all the advantages of all new features and opportunities of CloudLinux OS 7 hybrid with a 4.18 kernel. We’re also keen to know what you think and how our software is performing. You can give your feedback via the helpdesk or in the comments below.New features and what they mean to you
Memory
- Memory management supports 5-level page tables, increasing the physical memory upper limit to 64 TB.
- Non-Uniform Memory Access (NUMA) node count has been increased from 4 NUMA nodes to 8 NUMA nodes, for even bigger servers.
Security
- Code implementing the ext4 file system has been cleaned up, making it better at preventing malicious file system images.
- The TCP listener handling is now completely lockless, making TCP servers faster and more scalable, and improving protection against DDoS attacks.
Performance
- Spectre V2 mitigation default changed from IBRS to Retpolines for better performance.
- Intel Omni-Path Architecture (OPA) provides Host Fabric Interface (HFI) hardware with initialization and setup for high-performance data transfers. This gives you high bandwidth, high message rates, and low latency between compute and I/O nodes in clustered environments.
- IOMMU passthrough is now enabled by default. This is beneficial for customers who want to pass-through hardware devices to virtual machines.
- A new
writecache
module has been implemented for the Device Mapper, allowing SSD drives or other persistent memory to be used as a cache for block write operations. (Note, Caching of read operations is not implemented, since such operations are cached in the RAM pages cache.) - A flexible process flow control mode (
cgroup.type
threaded) was added to thecgroup
mode to allow process threads to be managed as a single entity. With this mode, threads in the same process don’t have to belong to the same group. They can be separated into different groups, but they must be threaded and placed in the samecgroup
hierarchy. - Improvements were made to on-the-fly resizing of file systems that use
bigalloc
. - On ext4 file systems, inode generation scalability on SMP systems is improved.
Additional notes
- Symlink Owner Match Protection is enabled by default.
/etc/sysctl.conf
parameterproc_can_see_other_uid
is the same as in CloudLinux 7 now (before, it was more restrictive, see details here).- OOM killer is native in the classic 4.18 kernel. And we are keeping up to speed and in the future, we will probably improve them considering your feedback.
How to install
The process of converting from standard to hybrid CloudLinux OS 7 is the same as for version 6. You can read about it here.
- First, install CloudLinux OS 7.
- Next, run the following commands as root.
yum update rhn-client-tools rhn-check rhn-setup
normal-to-hybrid
reboot - To CRIU proper work, make sure
mod_lsapi 1.1-43
andcriu-lve 3.12-1
packages are installed.
Note: If you installed CloudLinux 7 hybrid kernel and lve-kmod package from the beta repository earlier, make sure you have installed kernel 4.18.0-80.7.2
and lve-kmod 2.0-6
packages.