CentOS 8 Released - What's New In It?
So, here’s the CentOS 8! After the commencement of CentOS in the year 2008, people have enjoyed the service amazingly. On September 24th, 2019, CentOS version 8 got released to preserve the awesomeness it is been reputed with many years. Now, we have got the latest version of the CentOS 8 in our hands.
So, the people using CentOS 8 are all awarded with the stability, efficiency as well as reliability. In this article, we will go into details that are imparted into CentOS 8.
Fresh and new features of CentOS 8:
1. Your desktop background:
- > The GUI version of CentOS 8’S GNOME Shell rebased to version 3.28.
- > The GNOME session, as well as the GNOME display manager, use the Wayland like the default display server.
Wayland has the following features:
- > Stronger security model
- > Improved multi-monitor handling
- > Improved user interface (UI) scaling
- > The desktop controlling the window handling directly.
2. The networking arena:
The networking part of the CentOS 8 has been spruced with the following changes:
- > CentOS is now distributed with the TCP networking stack version 4.16, that provides higher performances, better scalability as well as more stability.
- > The networking stack being upgraded to the upstream version 4.18.
- > Iptables are now replaced with the nftables framework due to the default network packet filtering facility.
- > The nftables framework is the designated successor to the iptablesip6tables, ebtables as well as arptables tools. It also provides a single framework for both IPv4 as well as IPV6 protocols.
- > The firewall daemon now uses the nftables because of its default backend.
- > It supports IPVLAN virtual network drivers which enable the network connectivity for multiple containers.
- > NetworkManager supports the single root I/O virtualization (SR-IOV). NetworkManager allows configuring some attributes of the VFs like MAC address, VLAN, spoof checking settings and allowing bitrates.
3. Software Management:
The YUM package manager is based on the DNF technology and provides support for the modular content, increased performance and also a well-designed stable API for the integration with tooling. Installing the software is ensured by the new version of the YUM tool, which is based on the DNF technology (YUM v4). The previous version i.e. CentOS 7 used YUM v3 and mentioned enhancements had been made on YUM v4:
- > Increased performance
- > Support for the modular content
- > Well-designed stable API for the integration with tooling.
YUM v4 has compatibility with YUM v3 when using from the command line, editing or creating configuration files. Because of this, you can use the yum command and its specific options in the same way as you use on CentOS 8. Another thing is that CentOS 8 is distributed with the RPM 4.14 which is actually different from the RPM 4.11 along with much more enhancements.
Some of the most notable features of RPM 4.14 includes:
- > Debuginfo packages installation in parallel.
- > Support for the weak dependencies.
- > Support for the rich or boolean dependencies.
- > Support for the packaging files which are above 4 GB in size.
- > Support for the file triggers.
Other most notable changes are:
- > Stricter spec parser
- > Simplified signature that checks the output in non-verbose mode
- > Additions and subtractions in macros.
4. Languages, web servers, and databases:
You will have the programming languages in your new Cent OS 8 such as:
- > Python 3.6 and its limited support for Python 2.7. None of the version of Python is installed by default.
- > The dynamic programming languages such as new Node.js, PHP 7.2, Ruby 2.5, Perl 5.26, SWIG 3.0 are available.
- > The database servers distributed with CentOS/ RHEL 8 such as Maria DB 10.3, MySQL 8.0, Postgre SQL 10, Postgre SQL 9.6 and Redis 5.
- > The web servers such as Apache HTTP server 2.4 and the nginx 1.14. The squid has also been updated to version 4.4 and also a new proxy caching server such as Varnish Cache 6.0 is included.
Now, you need to encounter the following changes if we concern about virtualization.
- > CentOS 8 is now distributed with qemu-kvm 2.12 with – Q35 guest machine types support, UEFI guest boot support, vCPU hot plug and hot unplug, NUMA tuning and pinning in the guest as well as guest I/0 threading.
- > The SEV (Secure Encrypted Virtualization) feature for the AMD EPYC host machines that use KVM hypervisor.
- > The EMU emulator introducing the sandboxing feature. The QEMU sandboxing provides the configurable limitations to make the virtual machines much more secure.
- > The KVM virtualization supports the user-mode instruction prevention (UMIP) feature that can help in preventing the user-space applications from accessing the system-wide settings.
- > The KVM virtualization also supports the 5-level paging feature that increases the physical and virtual address space which the host and guest systems can use.
- > NVIDIA vGPU is also now compatible with the VNC console.
- > Ceph storage is also supported by the KVM virtualization on many CPU architectures that are supported by Red Hat.
- > Q35, a modern PCI Express-based machine type is also supported by RHEL 8 virtualization. The entire virtual machines created in RHEL 8 are set to use Q35 PC machine type by default.
- > The nested virtualization is available on IBM Power 9.
- > The KVM virtualization is also used in CentOS 8 Hyper-V virtual machines.
6. Installation and Image creation:
CentOS 8 uses the Anaconda installer that supports the LUKS2 disk encryption format. The LUKS2 disk encryption format provides better features, let us have an instance, as it extends the capabilities of the on-disk format and gives flexible ways of storing metadata. Additionally, Anaconda has been extended to handle the features related to application streams. It includes modules, streams as well as profiles. The kickstart scripts can now enable the module and stream combinations, install the module profiles as well as install the modular packages.
7. Security Details:
In CentOS 8, now the tighter security features have been added to the brand new release as following:
- > CentOS supports for Open SSL 1.1.1 and TLS 1.3. It also enables you to secure customer’s data with the latest standards for crypto protection.
- > CentOS comes with the system-wise cryptographic policies that help you with cryptographic compliance management. You don’t need to modify and tune the specific applications.
- > Open SSH has been rebased to the 7.8p 1 version having no support for SSH version 1 protocol, Blowfish/CAST/RC4 ciphers, hmac-ripemd160 message authentication code.
8. Kernel and OS:
- > CentOS 8 is also based on Fedora 28 and upstream Kernel 4.18. Let us know what is available on this Kernel:
- > ARM 52-bit physical addressing 64-bit ARM architectures. So, this provides a larger address space compared to the prior 48-bit physical addressing.
- > The I/O memory management unit (IOMMU) code in the Linux kernel has been updated for supporting the 5-level page tables.
- > Spectre V2 mitigation default changed from IBRS to Retpolines. For the use cases, where complete Spectre V2 mitigation is desired.
9. Supported CPU architects:
- > So, the supported CPU architects are:
- > AMD and Intel 64-bit architectures.
- > The 64-bit ARM architecture.
- > IBM power systems
- > IBM Z
10. Infrastructure services:
Now, the CUPS logs are handled by journald. Earlier, in CentOS 7, the CUPS logs were stored in the particular files within /var/log/cups directory. This is now has changed in the CentOS 8 as all types of CUPS logs are centrally logged in the systemjmd journald daemon together along with logs from the other programs. You just need to use journalctl -u cups to access them.
11. New BIND features:
The BIND features include:
- > So, the new quotas have been added here to limit the queries which are sent by recursive resolvers to the authoritative servers that experience the denial of service attacks.
- > The nslookup utility looks up both IPv6 as well as IPv4 addresses by default.
- > The named service checks whether other name server processes are running before any startup.
- > On loading a signed zone, it checks whether a Resource Record Signature’s (RSIG) inception time is in the future and if it is so, it regenerates the RRSIG on an immediate basis.
- > The zone transfers use smaller message sizes to improve message compression, which also reduces network usage.
- > A new method has been added which is of provisioning secondary servers that are known as Catalog zones.
- > The domain name system cookies are also now sent by the named service as well as dig utility.
- > The Response Rate Limiting feature can also help with the mitigation of DNS amplification attacks.
- > The performance of the response policy zone (RPZ) has also enhanced.
12.Cockpit web console:
The Cockpit has become a part of Red Hat Enterprise Linux default repositories. You will even get your web console installed automatically in the GUI version of CentOS 8 released. You would feel no more hassle as the firewall ports needed by the console are automatically open.
- > The Cockpit includes a Firewall section where the users can either enable or disable the firewall and add, remove and alter the firewall rules.
- > The Cockpit is also compatible with mobile browsers. This simply means that the users can manage the systems using CentOS/RHEL 8 web console from the mobile device.
- > The virtual machine can be now managed with the help of the web console.
So, we are going to discuss the features that have been deprecated but their support set to be continued until the end of life of upstream RHEL 8.
The features are as following:
1. Under File Systems and storage:
- > NFSv3 disabled over the UDP.
- > The elevator kernel command line parameter that is used to set the disk scheduler for all the devices is now condemned.
2. Under Networking:
The networking scripts are also belittled in RHEL 8. As the basic installation delivers the new version of the ifup and ifdown scripts that call the NetworkManager service via the nmci tool. So, to use ifup and ifdown commands, the Network Manager is required to be in running mode.
3. Under Security:
- > Digital Signature Algorithm has been considered deprecated.
- > TLS 1.0 and TLS 1.1 are also considered as deprecated.
- > SSL2 Client Hello has also been deprecated in the Network Security Services (NSS) library.
4. Under virtualization:
virt-manager has also been considered deprecated. The cockpit is intended to become its replacement in the subsequent release.
So, we can view the major changes to be done on the new CentOS 8 release.