Production release: CloudLinux 7 hybrid with 4.18 kernel

b2ap3_large_CloudLinuxOS7hybridProduction
Today, I’m here to let you know that CloudLinux OS 7 hybrid with a 4.18 kernel is released to production. Now you can take all the advantages of all new features and opportunities of CloudLinux OS 7 hybrid with a 4.18 kernel. We’re also keen to know what you think and how our software is performing. You can give your feedback via the helpdesk or in the comments below.

New features and what they mean to you

Memory

  • Memory management supports 5-level page tables, increasing the physical memory upper limit to 64 TB.
  • Non-Uniform Memory Access (NUMA) node count has been increased from 4 NUMA nodes to 8 NUMA nodes, for even bigger servers.

Security

  • Code implementing the ext4 file system has been cleaned up, making it better at preventing malicious file system images.
  • The TCP listener handling is now completely lockless, making TCP servers faster and more scalable, and improving protection against DDoS attacks.

Performance

  • Spectre V2 mitigation default changed from IBRS to Retpolines for better performance.
  • Intel Omni-Path Architecture (OPA) provides Host Fabric Interface (HFI) hardware with initialization and setup for high-performance data transfers. This gives you high bandwidth, high message rates, and low latency between compute and I/O nodes in clustered environments.
  • IOMMU passthrough is now enabled by default. This is beneficial for customers who want to pass-through hardware devices to virtual machines.
  • A new writecache module has been implemented for the Device Mapper, allowing SSD drives or other persistent memory to be used as a cache for block write operations. (Note, Caching of read operations is not implemented, since such operations are cached in the RAM pages cache.)
  • A flexible process flow control mode (cgroup.type threaded) was added to the cgroup mode to allow process threads to be managed as a single entity. With this mode, threads in the same process don’t have to belong to the same group. They can be separated into different groups, but they must be threaded and placed in the same cgroup hierarchy.
  • Improvements were made to on-the-fly resizing of file systems that use bigalloc.
  • On ext4 file systems, inode generation scalability on SMP systems is improved.

Additional notes

  • Symlink Owner Match Protection is enabled by default.
  • /etc/sysctl.conf parameter proc_can_see_other_uid is the same as in CloudLinux 7 now (before, it was more restrictive, see details here).
  • OOM killer is native in the classic 4.18 kernel. And we are keeping up to speed and in the future, we will probably improve them considering your feedback.

How to install

The process of converting from standard to hybrid CloudLinux OS 7 is the same as for version 6. You can read about it here.

  1. First, install CloudLinux OS 7.
  2. Next, run the following commands as root.
    yum update rhn-client-tools rhn-check rhn-setup
    normal-to-hybrid
    reboot
  3. To CRIU proper work, make sure mod_lsapi 1.1-43 and criu-lve 3.12-1 packages are installed.

Note: If you installed CloudLinux 7 hybrid kernel and lve-kmod package from the beta repository earlier, make sure you have installed kernel 4.18.0-80.7.2 and lve-kmod 2.0-6 packages.

Production release: CloudLinux 7 hybrid with 4.18 kernel

b2ap3_large_CloudLinuxOS7hybridProduction
Today, I’m here to let you know that CloudLinux OS 7 hybrid with a 4.18 kernel is released to production. Now you can take all the advantages of all new features and opportunities of CloudLinux OS 7 hybrid with a 4.18 kernel. We’re also keen to know what you think and how our software is performing. You can give your feedback via the helpdesk or in the comments below.

New features and what they mean to you

Memory

  • Memory management supports 5-level page tables, increasing the physical memory upper limit to 64 TB.
  • Non-Uniform Memory Access (NUMA) node count has been increased from 4 NUMA nodes to 8 NUMA nodes, for even bigger servers.

Security

  • Code implementing the ext4 file system has been cleaned up, making it better at preventing malicious file system images.
  • The TCP listener handling is now completely lockless, making TCP servers faster and more scalable, and improving protection against DDoS attacks.

Performance

  • Spectre V2 mitigation default changed from IBRS to Retpolines for better performance.
  • Intel Omni-Path Architecture (OPA) provides Host Fabric Interface (HFI) hardware with initialization and setup for high-performance data transfers. This gives you high bandwidth, high message rates, and low latency between compute and I/O nodes in clustered environments.
  • IOMMU passthrough is now enabled by default. This is beneficial for customers who want to pass-through hardware devices to virtual machines.
  • A new writecache module has been implemented for the Device Mapper, allowing SSD drives or other persistent memory to be used as a cache for block write operations. (Note, Caching of read operations is not implemented, since such operations are cached in the RAM pages cache.)
  • A flexible process flow control mode (cgroup.type threaded) was added to the cgroup mode to allow process threads to be managed as a single entity. With this mode, threads in the same process don’t have to belong to the same group. They can be separated into different groups, but they must be threaded and placed in the same cgroup hierarchy.
  • Improvements were made to on-the-fly resizing of file systems that use bigalloc.
  • On ext4 file systems, inode generation scalability on SMP systems is improved.

Additional notes

  • Symlink Owner Match Protection is enabled by default.
  • /etc/sysctl.conf parameter proc_can_see_other_uid is the same as in CloudLinux 7 now (before, it was more restrictive, see details here).
  • OOM killer is native in the classic 4.18 kernel. And we are keeping up to speed and in the future, we will probably improve them considering your feedback.

How to install

The process of converting from standard to hybrid CloudLinux OS 7 is the same as for version 6. You can read about it here.

  1. First, install CloudLinux OS 7.
  2. Next, run the following commands as root.
    yum update rhn-client-tools rhn-check rhn-setup
    normal-to-hybrid
    reboot
  3. To CRIU proper work, make sure mod_lsapi 1.1-43 and criu-lve 3.12-1 packages are installed.

Note: If you installed CloudLinux 7 hybrid kernel and lve-kmod package from the beta repository earlier, make sure you have installed kernel 4.18.0-80.7.2 and lve-kmod 2.0-6 packages.

imunify-logo

WEB SERVER SECURITY BLOG

Subscribe to CloudLinux Newsletter