Releases/Corporate/Server 4/Notes
From Mandriva
Various notes about new features and update tips.
Contents |
Installation
Installation is now divided in two parts. The first one is quite classical and allows to install base system in quite a short time. The only difference is in the packages choice screen. You will be able to choose remote access server (OpenSSH) and graphical environment. Then services will be installed after first reboot, using FIBRIC web tool.
FIBRIC (First Boot RPM Installer and Configurator) is a web application which gives a clear view of available services and makes it possible conveniently to configure the active services. You can use it locally at the beginning of first graphical session or remotely using a web browser.
CS4 proposes some more network installation ways using cluster duplication tools, Ka, dolly_plus and dolly. The aim of duplication is to easily install a computer over a network by cloning a working machine to a new machine (or many new machines). It uses parallel technology from clustering products. Those methods can duplicate SCSI or IDE hard drives, storage devices and support multiple filesystems (reiserfs, ext2, ext3, xfs, fat...). This kind of method can be particularly useful when you want to install several machines at the same time based on a well known installation content, but using as little bandwith as possible.
Base system
Kernel
CS4 is based on kernel-2.6.12 updated so that hardware support is improved:
- dual core CPU architectures,
- latest generation of the SAS bus (Serial Attached SCSI),
- Intel® Xeon® dual core processors in the 5100 (Woodcrest) series and Intel® Xeon® 5063 (Dempsey)
- booting over SAN (HP® machines)
- SAN (Storage Area Network) (NEC)
- Intel® VT virtualization acceleration
- Blade servers
- New RICOH® and XEROX® network printers
- Intel® ICH8 chipset
Provided are also some tools for benchmarking network and system like bonnie++ and dbench.
You will find also specific kernels in the cdcom repository. These ones are including OpenVZ. This is a solution optimized for large numbers of virtual servers through very large numbers of Linux instances, without the performance penalty of full hardware virtualization. Use also in same reposiory all packages containing tools to administrate such instances.
gcc
Gcc has been updated to the 4.0 version. If you have some trouble to compile your code, you can either use gcc3, or take a look at this document: http://dev.gentoo.org/~vanquirius/gcc4-porting-guide.html.
Xen
CS4 supports now full version of Xen 3.0
urpmi
Provided urpmi is urpmi 4.8.19. A very new feature is the ability of executing rollbacks on installed packages, using urpmi.recover. Also urpmi can be run in restricted mode, where not all options are available. See urpmi manpages. An option to prevent package removal (like basesystem) was added. See prohibit-remove in man urpmi.cfg.
Middleware stack
Apache 2.2.3
The most significant changes with this release compared to apache up to Mandriva Linux 2006.0.
- The commonhttpd.conf and httpd2.conf configuration (10.0/10.1) files have been merged into the single /etc/httpd/conf/httpd.conf file. Make sure you review your old configuration files and make the nessesary changes to the single httpd.conf configuration file or elsewhere where suited. The old config files are provided so it will become easier to determine the possible changes the user (you?) might have done. Use something like this to utilize this:
# urpmi diffutils # diff -u /usr/share/doc/apache-conf-*/old_config/httpd2.conf-10.0 \ /etc/httpd/conf/httpd2.conf.rpmsave > /etc/httpd/conf/httpd2.conf.diff # diff -u /usr/share/doc/apache-conf-*/old_config/commonhttpd.conf-10.0 \ /etc/httpd/conf/commonhttpd.conf.rpmsave > /etc/httpd/conf/commonhttpd.conf.diff # diff -u /usr/share/doc/apache-conf-*/old_config/httpd.conf-2006.0 \ /etc/httpd/conf/httpd.conf.rpmsave > /etc/httpd/conf/httpd.conf.diff
A word of advice regarding one obvious security issue. Since mod_access has been renamed to mod_authz_host every directory instance referring to mod_access will be invalid. If you have content secured like that please review your configuration. mod_access.c has changed to mod_authz_host.c. The new initscript should be able to trap this and prevent the server from starting.
Please read the following files for more in-depth information about the changes in apache 2.2: upgrading.txt and new_features_2_2.txt. The best practice is to read the apache manual before sending in bugreports, please install apache-doc.
php 5.1.6
CS4 provides both php4 and php5. php5 has been compiled with the hardened-php patch. The Hardening-Patch is a patchset that adds security hardening features to PHP to protect your servers on the one hand against a number of well known problems in PHP applications and on the other hand against potential unknown vulnerabilities within those applications or the PHP core itself. See http://www.hardened-php.net/ .
openldap-mandriva-dit
This package contains a template LDIF file, access control rules and a simple installation script for a suggested DIT (Directory Information Tree) to use with an OpenLDAP server. The main characteristic of this DIT is a granular access control via several standard administration groups. Please see the README file for more information.
OpenLDAP
OpenLDAP has been upgraded to the 2.3.x branch. The upgrade procedure will attempt to convert the database to the new format by dumping and reloading it. Errors, if any, will be reported and a backup of the old database is kept around. The 2.3.x branch has many exciting new features, including, but not limited to:
-
syncrepl replication engine, much more robust than slurpd;
- consumers (a.k.a. "slaves") can be added without changing a thing on the server;
- consumers ("slaves") don't need to be in sync with the provider ("master") before starting the replication. It can take care of itself;
- dynamic configuration backend: the slapd configuration can now reside inside ldap itself, which means acls and other configuration options (such as schema) can be changed on the fly via standard ldap commands instead of changing a configuration file and restarting the server;
- password policy overlay: the server can now enforce a given password policy (until today, it was the client's job (!) to do it - think pam_ldap).
- many other interesting overlays, like the unique one which contains some attributes to have unique values across a subtree.
Services
cups 1.2.3
CS4 provides a new major version of cups 1.2. This new version allows more hardware support but also contains lots of new functionalities listed in the documentation, like auto-detection, easy way to add new ppd, user management, ... Included also hplip to supply Linux support for most Hewlett-Packard printers.
Samba 3.0.23a
Very last tested and stabilized version of Samba.
Mail server
We provide the last packages for main SMTP server (Postfix and Sendmail) and POP/IMAP (Courier-IMAP and Cyrus-IMAP) but also packages to manage both anti-virus and anti-spam, amavisd-new and mailscanner.
System and network tools
Nagios
Nagios has been updated to the very last version. It will monitor hosts and services on your network. It has the ability to email or page you when a problem arises and when a problem is resolved. Nagios is written in C and is designed to run under Linux (and some other *NIX variants) as a background process, intermittently running checks on various services that you specify. This package comes with a plugins package to monitore all main services on your server.
Bacula
CS4 provides a very powerful Open Source solution of backup, Bacula (1.38.11). Bacula is a set of computer programs that allows you to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Bacula is relatively easy to use and efficient, while offering many advanced storage management features that make it easy to find and recover lost or damaged files.
Mondo-rescue
Mondo provides an Open Source solution in case of disaster. It creates media (CD, DVD, tape, network images) that can be used to reinstall a crashed system or similar one.
Desktop
CS4 provides you graphical desktop if you wish to have one. You will be able to choose either a very light one (icewm) or one of the most friendly ones (KDE based on KDE 3.5.4).
Migration from Conectiva 10 to Mandriva 2006
DrakX is now able to detect and upgrade a Conectiva 10, by replacing packages with their Mandriva equivalent, and migrate the configuration. Some work may still be needed for third party packages. Backup your system!
As in any migration/installation, it is highly recommended that you backup your system files before proceeding with the installation. See below for more details regarding the migration and how your files can be affected.
How the migration works
In a few steps, for the impatient:
- the Mandriva installer detects your Conectiva 10 installation;
- some configuration files are fixed;
- it gets a list of all packages installed on your system and then discovers which packages are equivalent in Mandriva;
- removes the old packages;
- installs the new ones; and then
- proceeds with the normal Mandriva installation and configuration.
Details about the migration
Changes in /etc/group
There are three new groups in Mandriva: usb, tape and nogroup. These groups are added before the installation process and care is taken if the GID of some of the groups already exists. Also, the file is sorted to ease the readability (is this really needed? maybe someone won't like to see his groups scrambled with the system groups..).
About configuration files and others
Usually, configuration files when packaged in an RPM are marked as %config(noreplace), so:
- when installing new packages, and a given configuration file to be installed already exists, it is created with the .rpmnew suffix in the name, after that the system administrator chooses which file to use;
- when removing packages, all configuration files that have been changed are renamed to originalfilename.rpmsave.
But binaries and other shared files usually are not marked as noreplace. So before migrating your system, check if there are any critical files that are not part of any package and can be replaced by some other package.
Read the migration log
A lot of useful information can be found in the logs of the migration. You can check which packages were removed and installed and what has been changed on your system by the Mandriva installer.
Finally you will find a very complete list of included packages in the pkg-corpo.idx file on the root directory of the distribution.
