Copyright (C) 2007 Turbolinux China, Inc. and others
GreatTurbo Enterprise Server 11 Release Notes
Table Of Contents
Introduction
kernel
apache
php
virtualization
security
x-window
Internationalization
Known Issues
Introduction
Turbolinux is a leading Linux software company committed to providing the
latest in Linux-based solutions. Turbolinux is providing much of the needed
infrastructure for China's digital transformation. Linux software solutions
from Turbolinux and its partners are helping form the backbone for both
government and private networks that provide the crucial network infrastructure
for China.
Turbolinux is pleased to announce the new release of our flagship product
---- GreatTurbo Enterprise Server 11. The new release includes many significant
features in performance improvements, security enhancement, availability and
scalability.
Kernel (2.6.18):
Multi-core
a new scheduler domain makes it possible to make smarter cpu
scheduling decisions, improving performance greatly for some cases.
power saving policy for the CPU scheduler on multicore/smt systems.
High resolution timers
hrtimers provide finer resolution and accuracy depending on system
configuration and capabilities. These timers are currently used for
itimers, POSIX timers, nanosleep and precise in-kernel timing.
"Big Kernel Semaphore": turns the Big Kernel Lock into a semaphore
reduces latency by breaking up long lock hold times and adding
voluntary preemption, and it can improve perforcemance.
New Pipe implementation
30-90% performance improvement in pipe bandwidth.
circular buffer allows more buffering than blocking writers.
kernel-headers package
replaces the glibc-kernheaders package
provides better suitability with the new headers_install feature
of the 2.6.18 kernel
kexec & kdump
diskdump and netdump have been replaced by kexec and kdump, which
ensure faster boot-up and creation of reliable kernel vmcores for
diagnostic purposes. For more information and configuration instructions,
please refer to /usr/share/doc/kexec-tools-<version>/kexec-kdump-howto.txt
(replace <version> with the corresponding version of the kexec-tools
package installed).
Note that at present, virtualized kernels cannot use the kdump function.
Multilevel security implementation for SELinux
EXT3
support for Extended Attributes in the body of large inode in ext3:
saves space and improves performance in some cases
the EXT3 file system capacity has been extended beyond 8TB to a maximum
of 16TB.
NFS
supports large reads and writes on the wire, The Linux NFS client now
supports transfer sizes of up to 1MB.
UFO (UDP Fragmentation Offload)
UFO is a feature wherein the Linux kernel network stack will offload
the IP fragmentation functionality of large UDP datagram to hardware.
This will reduce the overhead of stack in fragmenting the large UDP
datagram to MTU-sized packets.
GSO (Generic Segmentation Offload)
This can improve performance in some cases.
Note that it needs to be enabled through ethtool.
IOAT
Support Intel(R) I/OAT DMA engine (driver name: ioatdma)
SATA/libata enhancements, additional hardware support
A completely reworked libata error handler; the result of all this
work should be a more robust SATA subsystem which can recover from a
wider range of errors.
Native Command Queuing (NCQ), the SATA version of tagged command
queuing - the ability to have several I/O requests to the same drive
outstanding at the same time.
Apache (2.2):
Improved caching modules (mod_cache, mod_disk_cache, mod_mem_cache)
A new structure for authentication and authorization support, replacing
the authentication modules provided in previous versions
Support for proxy load balancing (mod_proxy_balancer)
Support for handling large files (namely, greater than 2GB) on
32-bit platforms
The following changes have been made to the default httpd configuration:
The mod_cern_meta and mod_asis modules are no longer loaded by default.
The mod_ext_filter module is now loaded by default.
If you are upgrading from a previous release of GreatTurbo Enterprise
Server, the httpd configuration will need to be updated for httpd 2.2.
For more information, refer to
http://httpd.apache.org/docs/2.2/upgrading.html.
Note that any third-party modules compiled for httpd 2.0 must be rebuilt
for httpd 2.2.
PHP (5.1):
Version 5.1 of PHP is now included in GreatTurbo Enterprise Server 11,
which includes a number of changes to the language along with significant
performance improvements. Some scripts might need to be edited for use
with the new version; please refer to the link below for more information
on migrating from PHP 4.3 to PHP 5.1:
http://www.php.net/manual/en/migration5.php
The /usr/bin/php executable is now built using the CLI command-line SAPI,
rather than the CGI SAPI. Use /usr/bin/php-cgi for CGI SAPI. The php-cgi
executable also includes FastCGI support.
The following extension modules have been added:
the mysqli extension, a new interface designed specifically for MySQL
4.1 (included in the php-mysql package)
date, hash, Reflection, SPL and SimpleXML (built-in with the php package)
pdo and pdo_psqlite (in the php-pdo package)
pdo_mysql (in the php-mysql package)
pdo_pgsql (in the php-pgsql package)
pdo_odbc (in the php-odbc package)
soap (in the php-soap package)
xmlreader and xmlwriter (in the php-xml package)
dom (replacing the domxml extension in the php-xml package)
The following extension modules are no longer included:
dbx
dio
yp
overload
domxml
Virtualization
XEN:
GreatTurbo Enterprise Server 11 features Xen-based virtualization
capabilities for i686 and x86-64, as well as the software infrastructure
needed to manage a virtualized environment.
The implementation of xen in GreatTurbo Enterprise Server 11 is
based on the hypervisor, which facilitates extremely low overhead
virtualization through paravirtualization. With Intel Virtualization
Technology or AMD AMD-V capable processors, virtualization in GreatTurbo
Enterprise Server 11 also allows unmodified operating systems to run in
fully virtualized mode.
Xen-based virtualization on GreatTurbo Enterprise Server 11 also features
the following:
Libvirt, a library that provides a consistent, portable API for managing
virtual machines.
Virtual Machine Manager, a graphical utility for monitoring and managing
virtual machines.
xen manager, an equivalent of Virtual Machine Manager, it has a easy
used user interface looks like vmware.
Virtual machine support in the installer, including the ability to
kickstart virtual machines.
At present, the Xen-based virtualization feature has the following
limitations:
When it is enabled, neither suspend to RAM nor suspend to disk are
supported, and CPU frequency scaling cannot be performed.
Hardware-virtualized guests cannot have more than 2GB of virtual memory.
Fully virtualized guests cannot be saved, restored or migrated.
The xm create command does not have a graphical equivalent in Virtual
Machine Manager.
Virtualization only supports the bridged networking component. All
corresponding tools used by guests automatically choose this as the
default.
The default Turbolinux SELinux policy for virtualization only
allows configuration files to be written to /etc/xen, log files to
be written to /var/log/xen/, and disk files (including core dumps)
to be written to /var/lib/xen. These defaults can be changed using
the semanage tool.
Paravirtualized domains currently do not support keymaps other than
en-US. As such, other keyboards may not be able to type certain
keystrokes. This will be addressed in a future update of GreatTurbo
Enterprise Server 11.
The xen-based virtualized kernel cannot use the kdump function.
qcow and vmdk images are not supported. When manually configuring guests,
images backed by a physical or logical device should use the phy: type.
For file-backed images, set the image type to tap:aio: for paravirtualized
guests and file: for fully virtualized guests.
Profiling of fully virtual domains may be inaccurate. This issue will
be addressed in the next minor release of GreatTurbo Enterprise Server 11.
Paravirtualized domains can only auto-detect relative mouse movement,
and pointer movement is rather erratic. This will be addressed in a
future update of GreatTurbo Enterprise Server 11.
Some dom0 serial console setups may require additional configuration.
Refer to the Troubleshooting section of the Virtualization Guide for
more details on recommended configurations.
In order to have a working console for a paravirtualized guest, you
need to specify console=xvc0 in the kernel command line.
When guest operating systems are configured to use sparse files, dom0
can run out of disk space. Such occurences prevent guest disk writes
from completing, and can cause data loss in guests. Further, guests that
use sparse files do not synchronize I/O safely.
As such, it is recommended that you use non-sparse files instead. To
configure guests to use non-sparse files, use the option --nonsparse
when conducting a virt-install.
Virtualbox:
InnoTek VirtualBox is a general-purpose full virtualizer for x86
hardware, with it you can create full virtualized guest os on any x86
hardware. it requires neither special hardware features nor modified
operation system, so it does not have the limiations of Xen-based
virtualization.
Security:
SSH
Version 4.3 of openssh is included in GreatTurbo Enterprise Server 11.
for the security reasons, it's not permitted to login system as root by
ssh now. we encourage you login your system as your own account, and change
to root by command su when needed. If you want to permit root to login
system by ssh(we really do not recommend you to do it), edit file:
/etc/ssh/sshd_config
replace belowing belowing line
PermitRootLogin no
with
PermitRootLogin yes
then restart sshd service to load the new configuration:
/etc/init.d/sshd restart
SELinux
For enhanced security, you can implement SELinux, which is a set of
modifications to the standard Linux sources that confine user programs
and system servers to the minimum amount of privilege they require to
do their jobs. It stops applications from misbehaving and prevents them
from increasing their privileges beyond what you allow. This reduces or
eliminates the harm a hacker can do to a system.
To make using SELinux easier. this release includes the SELinux
Troubleshooting Tool (setroubleshoot), which is a user-friendly tool
for notification and diagnosis of access denials. SELinux normally reports
policy violations in the logging system as access vector cache entries.
With the SELinux Trouble Shooting Tool, alerts are also generated to the
desktop with clearer information about the problem.
Audit subsystem
support for process-context based filtering
more filter rule comparators
Encrypted Swap Partitions and Non-root File Systems
GreatTurbo Enterprise Server 11 now provides basic support for encrypted
swap partitions and non-root file systems. To use these features, run
luks-manager to config it.
X-Window
GNOME
GNOME is update to version 2.16, which is the default x window in
this release. if you want to set kde as the default x window, run:
switchdesk kde
Control Panel
The control panel provides centralized system configuration, includes
network, authentication, security, services, language, etc.
AIGLX and Compiz
They are updated X11 components with OpenGL enhancements to bring
3-D effects to the desktop.
AIGLX aims to enable GL-accelerated effects on a standard desktop.
The project consists of the following:
a lightly modified X server
an updated Mesa package that adds new protocol support
By installing these components, you can have GL-accelerated effects
on your desktop with very few changes, as well as the ability to
enable and disable them at will without replacing your X server.
AIGLX also enables remote GLX applications to take advantage of
hardware GLX acceleration.
Compiz is an OpenGL-accelerated compositing window manager for the
X Window System. The integration allows it to perform compositing effects
in window management, such as a minimization effect and a cube workspace.
Compiz also act as an OpenGL compositing manager that use Compiz use
EXT_texture_from_pixmap OpenGL extension extension for binding redirected
top-level windows to texture objects.
Compiz uses 3D hardware acceleration to render effects such as live
thumbnail windows, window drop shadows, animated window minimizing and
transitions between virtual desktops.
Internationalization
Input Methods
SCIM (Smart Common Input Method) is a user friendly and full featured
input method user interface and also a development platform to make life
easier for Input Method developers. It has supported 39 inputs, such as
Chinese, Japanese, Korean, French, Swedish, Greek, Russian, Arabic,
Hebrew, Serbian, etc.
Language Installation
To enable additional language support for some Asian languages, you need
to install the necessary language support packages. Below is a list of
these languages and the command you need to run (as root) to install their
corresponding language support packages:
Assamese -- yum install fonts-bengali m17n-db-assamese scim-m17n
Bengali -- yum install fonts-bengali m17n-db-bengali scim-m17n
Chinese -- yum install fonts-chinese scim-chewing scim-pinyin
scim-tables-chinese
Gujarati -- yum install fonts-gujarati m17n-db-gujarati scim-m17n
Hindi -- yum install fonts-hindi m17n-db-hindi scim-m17n
Japanese -- yum install fonts-japanese scim-anthy
Kannada -- yum install fonts-kannada m17n-db-kannada scim-m17n
Korean -- yum install fonts-korean scim-hangul
Malayalam -- yum install fonts-malayalam m17n-db-malayalam scim-m17n
Marathi -- yum install fonts-hindi m17n-db-marathi scim-m17n
Oriya -- yum install fonts-oriya m17n-db-oriya scim-m17n
Punjabi -- yum install fonts-punjabi m17n-db-punjabi scim-m17n
Sinhala -- yum install fonts-sinhala m17n-db-sinhala scim-m17n
Tamil -- yum install fonts-tamil m17n-db-tamil scim-m17n
Telugu -- yum install fonts-telugu m17n-db-telugu scim-m17n
It is also recommended that you install scim-bridge-gtk and scim-qtimm
when enabling additional language support. The scim-bridge-gtk package
prevents possible binary conflicts with third-party applications linked
against older versions of libstdc++.
Known Issues
Anaconda choice of kernel on 32 bit systems. For safest first time
operation, the default kernel on i386 class systems is non-PAE
enabled. This causes the kernel to only be able to see around 3.2 GB
of memory on most PAE enabled CPU's. Installing/selecting the PAE
kernels for booting will fix this issue. Systems known to be
affected are some AMD-64 and Intel 64bit motherboards when
installing the i386 distribution on it.
Host bus adapters that use the MegaRAID driver must be set to operate
in "Mass Storage" emulation mode, not in "I2O" emulation mode. To do
this, perform the following steps:
1. Enter the MegaRAID BIOS Set Up Utility.
2. Enter the Adapter settings menu.
3. Under Other Adapter Options, select Emulation and set it to Mass
Storage.
When you install a fully virtualized guest configured with vcpus=2,
the fully virtualized guest may take an unreasonably long time to boot up.
To work around this, destroy the slow-booting guest using the command
xm destroy <guest id> and then use xm create <guest id> to start the
same guest afterwards.
Boot-time logging to /var/log/boot.log is not available in this release
GreatTurbo Enterprise Server 11. An equivalent functionality will be added
in a future update of GreatTurbo Enterprise Server 11.
Neither kexec nor kdump are able to dump onto disks attached to an
accraid controller.
To work around this issue, use scp for network dumping. Alternatively,
you can also dump onto a disk through a different controller.
Running ethtool eth0 outputs incomplete information about the ethernet
card settings. This only occurs in systems running a virtualized kernel,
since the Virtualization feature uses a networking setup where the physical
ethernet device is identified as peth0. As such, the correct command for
retrieving information about the physical ethernet device is ethtool peth0.
This material may be distributed only subject to the terms and conditions
set forth in the Open Publication License, v1.0, available at
http://www.opencontent.org/openpub/