Asianux Server 4 Service Pack 4 - Release Notes



Asianux Server 4 (Hiranya) Service Pack 4


0. Contents
The contents of this file is as follows:

1. Overview of Features
2. Components
3. General Notes
4. Restrictions/Known Bugs
5. Feedback
6. Copyright

1. Overview of Features

Asianux Server 4 SP4 has the following features.

o Kernel
- Fibre Channel Protocol: End-To-End Data Consistency Checking
- Open vSwitch Kernel Module
- Comparison of Booted System and Dumped System
- Perf Tool Updated
- Uncore PMU Support
- Reduced memcg Memory Overhead
- Memory Reclaim and Compaction
- TSC Deadline Support for KVM
- Persistent Device Naming
- New linuxptp Package
- Transparent Hugepages Documentation
- State of Support for Dump Targets
- Support for PMC-Sierra Cards and Controllers
- Configurable Timeout for Unresponsive Devices
- Configuration of Maximum Time for Error Recovery
- Lenovo X220 Touchscreen Support
- New Supported Compression Formats for makedumpfile

o Networking
- HAProxy
- Mellanox SR-IOV Support
- Precision Time Protocol
- Analyzing the Non-Configuration IP Multicast IGMP Snooping Data
- PPPoE Connections Support in NetworkManager
- Network Namespace Support for OpenStack
- SCTP Support to Change the Cryptography Hash Function
- M3UA Measurement Counters for SCTP
- Managing DOVE Tunnels Using iproute
- WoWLAN Support for Atheros Interfaces
- SR-IOV Functionality in the qlcnic Driver
- Support for Emulex BladeEngine 3 R
- Support for Emulex FCoE CNA 40G
- SR-IOV Support on Broadcom Controllers

o Authentication and Interoperability
- SSSD Fully Supported Features
- New SSSD Cache Storage Type
- Adding AD-based Trusted Domains to external Groups
- Auto-renew Identity Management Subsystem Certificates
- Automatic Configuration of OpenLDAP Client Tools on Clients Enrolled in Identity Management
- PKCS#12 Support for python-nss
- Full Persistent Search for DNS
- New CLEANALLRUV Operation
- samba4 Libraries Updated
- Cross Realm Kerberos Trust Functionality in Identity Management
- Posix Schema Support for 389 Directory Server

o Security
- Treating Matches Authoritatively in Look Ups of sudoers Entries
- Additional Password Checks for pam_cracklib
- Size Option for tmpfs Polyinstantiation
- Locking Inactive Accounts
- Fallback Firewall Configuration
- Changes Related to FIPS 140-2 Certification
- OpenSSL Updated to Version 1.0.1
- Smartcard Support in OpenSSH
- ECDSA Support in OpenSSL
- ECDHE Support in OpenSSL
- Support of TLS 1.1 and 1.2 in OpenSSL and NSS
- OpenSSH Support of HMAC-SHA2 Algorithm
- prefix Macro in OpenSSL
- NSA Suite B Cryptography Support
- Shared System Certificates
- ECC Support in NSS
- Certificate Support in OpenSSH

o Virtualization
- virtio-SCSI
- Support for Intel's Next-generation Core Processor
- Support for AMD Opteron 4xxx Series CPU
- Guest Live Migration Using USB Forwarding via SPICE
- Live Migration of Guests Using USB Devices
- QEMU Guest Agent Updated
- Paravirtualized End-of-Interrupt Indication (PV-EOI)
- Configurable Sound Pass-through
- Improved Support For the VMDK Image File Format
- Windows Guest Agent Fully Supported
- Support for the VHDX Image File Format
- Native Support for GlusterFS in QEMU
- Support for Dumping Metadata of Virtual Disks
- CPU Hot Plugging for Linux Guests
- Application-Aware freeze and thaw on Microsoft Windows with VSS Support on qemu-ga-win
- Application-Aware freeze and thaw on Linux Using qemu-ga Hooks
- Conversion of VMware OVF and Citrix Xen Guests to KVM Guests
- Increased KVM Memory Scalability
- Support of Volume Control from within Microsoft Windows Guests
- Opening Connections from a File
- Host and Guest Panic Notification in KVM

* Hyber-V
- Inclusion of, and Guest Installation Support for, Microsoft Hyper-V Drivers
- Hyper-V balloon Driver
- Microsoft Hyper-V Para-Virtualized Drivers

* VMWare
- VMware PV Drivers
- VMware Platform Drivers Updates

o Clustering
- Support for IBM iPDU Fence Device
- Support for Eaton Network Power Controller Fence Device
- New keepalived Package
- Watchdog Recovery
- Support for VMDK-based Storage
- pcs Fully Supported
- pacemaker Fully Supported

o Storage
- Support of Parallel NFS
- XFS Online Discard Support
- LVM Support for Micron PCIe SSD
- LVM Support for 2-way Mirror RAID10
- Set Up and Manage SCSI Persistent Reservations Through Device Mapper Devices
- Full Support of fsfreeze
- pNFS File Layout Hardening
- Dynamic aggregation of LVM metadata via lvmetad
- LVM support for (non-clustered) thinly-provisioned snapshots
- LVM support for (non-clustered) thinly-provisioned LVs
- Multipath I/O Updates
- Performance Improvements in GFS2
- TRIM Support in mdadm
- Support For LSI Syncro
- Safe Offline Interface for DASD devices
- Support for FBA EAV and EDEV

o Language
- Supports Chinese, Japanese, Korean and English.

o Standards
- LSB 4.0 (* to be updated)
- CGL 4.0 (* to be updated)

o Hardware Compatibility
- IA32 architecture.
- x86-64 architecture.
- support for many recent high performance ethernet adapters.

o Software Compatibility
- Hundreds of ISV partners, including mainstream DB,
Middleware, backup, and other enterprise server applications.
- On-going Certification process.

o Compatibility with other Linux distributions
- Same run-time environment and kernel symbols as RHEL6,
binary drivers for RHEL6 can be loaded directly.

o KVM is only supported in x86_64 platform

o Support both BIOS and UEFI boot on x86_64

2. Components
- kernel 2.6.32-431.20.3
- glibc 2.12
- gcc 4.4.7
- xorg 1.13.0
- rpm 4.8.0
- KDE 4.3.4
- Gnome 2.28.0
- openssh 5.3p1
- openssl 1.0.1e
- bind 9.8.2
- dhcp 4.1.1
- openldap 2.4.23
- postfix 2.6.6
- sendmail 8.14.4
- vsftpd 2.2.2
- squid 3.1.10
- apache 2.2.15
- PHP 5.3.3
- MySQL 5.1.73
- PostgreSQL 8.4.20
- Samba 3.6.9
- Samba4 4.0.0
- ntp 4.2.6p5
- net-snmp 5.5
- iptables 1.4.7
- Perl 5.10.1
- Ruby

3. General Notes

o In order to receive e-mails sent to root, modify root's
alias in /etc/aliases.

o To change the default MTA to postfix:
- Stop the sendmail service:
# service sendmail stop

- Use the `alternatives` command to choose the default MTA:
# alternatives --config mta

- Run the postfix service:
# service postfix start

4. Restrictions/Known Bugs

o Problem with desktop resolution greater than 1024*768
On some machine, the maximum resolution of the monitor cannot
be automatically set up by the Xorg configuration utility.
Until this is fixed, here is a workaround:
As root, get into the terminal and get out of X:
#init 3
Then create the xorg.conf file if it doesn't exist:
#X -configure
#mv /etc/X11/xorg.conf
#vi /etc/X11/xorg.conf

Add the section below:

Section "ServerLayout"
Identifier " Configured"
Screen 0 "Screen0" 0 0
Screen 1 "Screen1" RightOf "Screen0
Screen 2 "Screen1" RightOf "Screen1
Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
SubSection "Display"
Viewport 0 0
Depth 24
Modes "1280x1024" ==> add this line

Save the changes to xorg.conf.

Start X again:
#init 5

o SELinux is disabled by default.
When enabling SELinux, the "xguest" account becomes available and

o Installation is failed with DVD generated kickstart file.
When using the anaconda-ks.cfg kickstart configuration file
generated from the DVD installation, it fails.
There are 2 ways to workaround this issue:

- Workaround 1:
In the popup window dialog that reads "Unable to read package
metadata...", click the "edit" button , then a pop dialog
show, select "CD/DVD" and click ok, then it will continue successfully.

- Workaround 2:
edit the anaconda-ks.cfg file and replace the following

o After upgrading to AXS4SP4 system hangs during reboot, following are the last few messages on the console

Please stand by while rebooting the system...
Restarting system.

The system also locks up on the reboot after booting in the older kernel.

- Environment

Asianux Server 4 SP4
Dell PowerEdge T110, T310, R310

- Resolution

The root cause of the issue is an updated CPU microcode which comes along with the kernel update:

the system hangs during 'reboot', 'shutdown -r now' or 'init 6'.

microcode_ctl-1.17-3: (Asianux Server 4 Non-Service Pack)
the previous version, works fine.

- Workaround
It is a microcode update for Intel CPUs and looks like it has a bug. So downgrade to microcode_ctl-1.17-3 and stick to this package version. It is possible to "lock" this package to the currently installed version by prohibiting yum to update it. See the article How do I exclude kernel or other packages from getting updated in Asianux while updating system via yum.

The BIOS update from the version 1.10.X to 1.12.0 on the Dell PowerEdge R310 fixes the issue and the server is not locking up with any microcode version. Exact BIOS version per dmidecode is:

Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: Dell Inc.
Version: 1.12.0
Release Date: 09/06/2013
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 4096 kB

o “DMAR:[fault reason06] PTE Read access is not set” message is displayed when system shutdown on specific hardware

- Confirmed Environment

Asianux Server 4 SP4
Intel (R) Core(TM) i7-4790 platform

- Workaround 1

Reinstall the OS removing the 'tboot' package from the package manifest prior to installing to disk.

- Workaround 2

Add “intel_iommu=igfx_off” to turn off integrated graphics engine.

o After installing OS in UEFI mode, the system cannot boot up and the following error message appears:

Invalid magic number: 0
Error 13: Invalid or unsupported executable format
Press any key to continue...

- Workaround

When installing OS, Uncheck tboot-1.7.4-1.AXS4.x86_64.rpm,

5. Feedback
We are always trying to improve Asianux, and we would like
to know what you think when using it.
If you have any comments or suggestions about Asianux,
please send them to the following e-maail address.

6. Copyright
Copyright 2014
Hancom Inc,
All rights reserved.

Copyright© 2007-2019 Asianux. All rights reserved.