Copyright (C) 2007 Turbolinux China, Inc. and others GreatTurbo Enterprise Server 11 Release Notes Table Of Contents Introduction kernel apache php virtualization security x-window Internationalization Known Issues Introduction Turbolinux is a leading Linux software company committed to providing the latest in Linux-based solutions. Turbolinux is providing much of the needed infrastructure for China's digital transformation. Linux software solutions from Turbolinux and its partners are helping form the backbone for both government and private networks that provide the crucial network infrastructure for China. Turbolinux is pleased to announce the new release of our flagship product ---- GreatTurbo Enterprise Server 11. The new release includes many significant features in performance improvements, security enhancement, availability and scalability. Kernel (2.6.18): Multi-core a new scheduler domain makes it possible to make smarter cpu scheduling decisions, improving performance greatly for some cases. power saving policy for the CPU scheduler on multicore/smt systems. High resolution timers hrtimers provide finer resolution and accuracy depending on system configuration and capabilities. These timers are currently used for itimers, POSIX timers, nanosleep and precise in-kernel timing. "Big Kernel Semaphore": turns the Big Kernel Lock into a semaphore reduces latency by breaking up long lock hold times and adding voluntary preemption, and it can improve perforcemance. New Pipe implementation 30-90% performance improvement in pipe bandwidth. circular buffer allows more buffering than blocking writers. kernel-headers package replaces the glibc-kernheaders package provides better suitability with the new headers_install feature of the 2.6.18 kernel kexec & kdump diskdump and netdump have been replaced by kexec and kdump, which ensure faster boot-up and creation of reliable kernel vmcores for diagnostic purposes. For more information and configuration instructions, please refer to /usr/share/doc/kexec-tools-/kexec-kdump-howto.txt (replace with the corresponding version of the kexec-tools package installed). Note that at present, virtualized kernels cannot use the kdump function. Multilevel security implementation for SELinux EXT3 support for Extended Attributes in the body of large inode in ext3: saves space and improves performance in some cases the EXT3 file system capacity has been extended beyond 8TB to a maximum of 16TB. NFS supports large reads and writes on the wire, The Linux NFS client now supports transfer sizes of up to 1MB. UFO (UDP Fragmentation Offload) UFO is a feature wherein the Linux kernel network stack will offload the IP fragmentation functionality of large UDP datagram to hardware. This will reduce the overhead of stack in fragmenting the large UDP datagram to MTU-sized packets. GSO (Generic Segmentation Offload) This can improve performance in some cases. Note that it needs to be enabled through ethtool. IOAT Support Intel(R) I/OAT DMA engine (driver name: ioatdma) SATA/libata enhancements, additional hardware support A completely reworked libata error handler; the result of all this work should be a more robust SATA subsystem which can recover from a wider range of errors. Native Command Queuing (NCQ), the SATA version of tagged command queuing - the ability to have several I/O requests to the same drive outstanding at the same time. Apache (2.2): Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache) A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions Support for proxy load balancing (mod_proxy_balancer) Support for handling large files (namely, greater than 2GB) on 32-bit platforms The following changes have been made to the default httpd configuration: The mod_cern_meta and mod_asis modules are no longer loaded by default. The mod_ext_filter module is now loaded by default. If you are upgrading from a previous release of GreatTurbo Enterprise Server, the httpd configuration will need to be updated for httpd 2.2. For more information, refer to http://httpd.apache.org/docs/2.2/upgrading.html. Note that any third-party modules compiled for httpd 2.0 must be rebuilt for httpd 2.2. PHP (5.1): Version 5.1 of PHP is now included in GreatTurbo Enterprise Server 11, which includes a number of changes to the language along with significant performance improvements. Some scripts might need to be edited for use with the new version; please refer to the link below for more information on migrating from PHP 4.3 to PHP 5.1: http://www.php.net/manual/en/migration5.php The /usr/bin/php executable is now built using the CLI command-line SAPI, rather than the CGI SAPI. Use /usr/bin/php-cgi for CGI SAPI. The php-cgi executable also includes FastCGI support. The following extension modules have been added: the mysqli extension, a new interface designed specifically for MySQL 4.1 (included in the php-mysql package) date, hash, Reflection, SPL and SimpleXML (built-in with the php package) pdo and pdo_psqlite (in the php-pdo package) pdo_mysql (in the php-mysql package) pdo_pgsql (in the php-pgsql package) pdo_odbc (in the php-odbc package) soap (in the php-soap package) xmlreader and xmlwriter (in the php-xml package) dom (replacing the domxml extension in the php-xml package) The following extension modules are no longer included: dbx dio yp overload domxml Virtualization XEN: GreatTurbo Enterprise Server 11 features Xen-based virtualization capabilities for i686 and x86-64, as well as the software infrastructure needed to manage a virtualized environment. The implementation of xen in GreatTurbo Enterprise Server 11 is based on the hypervisor, which facilitates extremely low overhead virtualization through paravirtualization. With Intel Virtualization Technology or AMD AMD-V capable processors, virtualization in GreatTurbo Enterprise Server 11 also allows unmodified operating systems to run in fully virtualized mode. Xen-based virtualization on GreatTurbo Enterprise Server 11 also features the following: Libvirt, a library that provides a consistent, portable API for managing virtual machines. Virtual Machine Manager, a graphical utility for monitoring and managing virtual machines. xen manager, an equivalent of Virtual Machine Manager, it has a easy used user interface looks like vmware. Virtual machine support in the installer, including the ability to kickstart virtual machines. At present, the Xen-based virtualization feature has the following limitations: When it is enabled, neither suspend to RAM nor suspend to disk are supported, and CPU frequency scaling cannot be performed. Hardware-virtualized guests cannot have more than 2GB of virtual memory. Fully virtualized guests cannot be saved, restored or migrated. The xm create command does not have a graphical equivalent in Virtual Machine Manager. Virtualization only supports the bridged networking component. All corresponding tools used by guests automatically choose this as the default. The default Turbolinux SELinux policy for virtualization only allows configuration files to be written to /etc/xen, log files to be written to /var/log/xen/, and disk files (including core dumps) to be written to /var/lib/xen. These defaults can be changed using the semanage tool. Paravirtualized domains currently do not support keymaps other than en-US. As such, other keyboards may not be able to type certain keystrokes. This will be addressed in a future update of GreatTurbo Enterprise Server 11. The xen-based virtualized kernel cannot use the kdump function. qcow and vmdk images are not supported. When manually configuring guests, images backed by a physical or logical device should use the phy: type. For file-backed images, set the image type to tap:aio: for paravirtualized guests and file: for fully virtualized guests. Profiling of fully virtual domains may be inaccurate. This issue will be addressed in the next minor release of GreatTurbo Enterprise Server 11. Paravirtualized domains can only auto-detect relative mouse movement, and pointer movement is rather erratic. This will be addressed in a future update of GreatTurbo Enterprise Server 11. Some dom0 serial console setups may require additional configuration. Refer to the Troubleshooting section of the Virtualization Guide for more details on recommended configurations. In order to have a working console for a paravirtualized guest, you need to specify console=xvc0 in the kernel command line. When guest operating systems are configured to use sparse files, dom0 can run out of disk space. Such occurences prevent guest disk writes from completing, and can cause data loss in guests. Further, guests that use sparse files do not synchronize I/O safely. As such, it is recommended that you use non-sparse files instead. To configure guests to use non-sparse files, use the option --nonsparse when conducting a virt-install. Virtualbox: InnoTek VirtualBox is a general-purpose full virtualizer for x86 hardware, with it you can create full virtualized guest os on any x86 hardware. it requires neither special hardware features nor modified operation system, so it does not have the limiations of Xen-based virtualization. Security: SSH Version 4.3 of openssh is included in GreatTurbo Enterprise Server 11. for the security reasons, it's not permitted to login system as root by ssh now. we encourage you login your system as your own account, and change to root by command su when needed. If you want to permit root to login system by ssh(we really do not recommend you to do it), edit file: /etc/ssh/sshd_config replace belowing belowing line PermitRootLogin no with PermitRootLogin yes then restart sshd service to load the new configuration: /etc/init.d/sshd restart SELinux For enhanced security, you can implement SELinux, which is a set of modifications to the standard Linux sources that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. It stops applications from misbehaving and prevents them from increasing their privileges beyond what you allow. This reduces or eliminates the harm a hacker can do to a system. To make using SELinux easier. this release includes the SELinux Troubleshooting Tool (setroubleshoot), which is a user-friendly tool for notification and diagnosis of access denials. SELinux normally reports policy violations in the logging system as access vector cache entries. With the SELinux Trouble Shooting Tool, alerts are also generated to the desktop with clearer information about the problem. Audit subsystem support for process-context based filtering more filter rule comparators Encrypted Swap Partitions and Non-root File Systems GreatTurbo Enterprise Server 11 now provides basic support for encrypted swap partitions and non-root file systems. To use these features, run luks-manager to config it. X-Window GNOME GNOME is update to version 2.16, which is the default x window in this release. if you want to set kde as the default x window, run: switchdesk kde Control Panel The control panel provides centralized system configuration, includes network, authentication, security, services, language, etc. AIGLX and Compiz They are updated X11 components with OpenGL enhancements to bring 3-D effects to the desktop. AIGLX aims to enable GL-accelerated effects on a standard desktop. The project consists of the following: a lightly modified X server an updated Mesa package that adds new protocol support By installing these components, you can have GL-accelerated effects on your desktop with very few changes, as well as the ability to enable and disable them at will without replacing your X server. AIGLX also enables remote GLX applications to take advantage of hardware GLX acceleration. Compiz is an OpenGL-accelerated compositing window manager for the X Window System. The integration allows it to perform compositing effects in window management, such as a minimization effect and a cube workspace. Compiz also act as an OpenGL compositing manager that use Compiz use EXT_texture_from_pixmap OpenGL extension extension for binding redirected top-level windows to texture objects. Compiz uses 3D hardware acceleration to render effects such as live thumbnail windows, window drop shadows, animated window minimizing and transitions between virtual desktops. Internationalization Input Methods SCIM (Smart Common Input Method) is a user friendly and full featured input method user interface and also a development platform to make life easier for Input Method developers. It has supported 39 inputs, such as Chinese, Japanese, Korean, French, Swedish, Greek, Russian, Arabic, Hebrew, Serbian, etc. Language Installation To enable additional language support for some Asian languages, you need to install the necessary language support packages. Below is a list of these languages and the command you need to run (as root) to install their corresponding language support packages: Assamese -- yum install fonts-bengali m17n-db-assamese scim-m17n Bengali -- yum install fonts-bengali m17n-db-bengali scim-m17n Chinese -- yum install fonts-chinese scim-chewing scim-pinyin scim-tables-chinese Gujarati -- yum install fonts-gujarati m17n-db-gujarati scim-m17n Hindi -- yum install fonts-hindi m17n-db-hindi scim-m17n Japanese -- yum install fonts-japanese scim-anthy Kannada -- yum install fonts-kannada m17n-db-kannada scim-m17n Korean -- yum install fonts-korean scim-hangul Malayalam -- yum install fonts-malayalam m17n-db-malayalam scim-m17n Marathi -- yum install fonts-hindi m17n-db-marathi scim-m17n Oriya -- yum install fonts-oriya m17n-db-oriya scim-m17n Punjabi -- yum install fonts-punjabi m17n-db-punjabi scim-m17n Sinhala -- yum install fonts-sinhala m17n-db-sinhala scim-m17n Tamil -- yum install fonts-tamil m17n-db-tamil scim-m17n Telugu -- yum install fonts-telugu m17n-db-telugu scim-m17n It is also recommended that you install scim-bridge-gtk and scim-qtimm when enabling additional language support. The scim-bridge-gtk package prevents possible binary conflicts with third-party applications linked against older versions of libstdc++. Known Issues Anaconda choice of kernel on 32 bit systems. For safest first time operation, the default kernel on i386 class systems is non-PAE enabled. This causes the kernel to only be able to see around 3.2 GB of memory on most PAE enabled CPU's. Installing/selecting the PAE kernels for booting will fix this issue. Systems known to be affected are some AMD-64 and Intel 64bit motherboards when installing the i386 distribution on it. Host bus adapters that use the MegaRAID driver must be set to operate in "Mass Storage" emulation mode, not in "I2O" emulation mode. To do this, perform the following steps: 1. Enter the MegaRAID BIOS Set Up Utility. 2. Enter the Adapter settings menu. 3. Under Other Adapter Options, select Emulation and set it to Mass Storage. When you install a fully virtualized guest configured with vcpus=2, the fully virtualized guest may take an unreasonably long time to boot up. To work around this, destroy the slow-booting guest using the command xm destroy and then use xm create to start the same guest afterwards. Boot-time logging to /var/log/boot.log is not available in this release GreatTurbo Enterprise Server 11. An equivalent functionality will be added in a future update of GreatTurbo Enterprise Server 11. Neither kexec nor kdump are able to dump onto disks attached to an accraid controller. To work around this issue, use scp for network dumping. Alternatively, you can also dump onto a disk through a different controller. Running ethtool eth0 outputs incomplete information about the ethernet card settings. This only occurs in systems running a virtualized kernel, since the Virtualization feature uses a networking setup where the physical ethernet device is identified as peth0. As such, the correct command for retrieving information about the physical ethernet device is ethtool peth0. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0, available at http://www.opencontent.org/openpub/