The release of the Photon OS 5.0 Linux distribution has been published, aimed at providing a minimalistic host environment for running applications in isolated containers. The project is being developed by VMware and is claimed to be suitable for deploying industrial applications, including additional security enhancements, and offering advanced optimizations for VMware vSphere, Microsoft Azure, Amazon Elastic Compute, and Google Compute Engine environments. The source texts of the components developed for Photon OS are supplied under the GPLv2 license (with the exception of the libtdnf library, which is open under the LGPLv2.1 license). Ready-made ISO and OVA images are supplied for x86_64, ARM64, Raspberry Pi systems and various cloud platforms under a separate user agreement (EULA).
The system allows you to run most container formats, including Docker, Rocket and Garden formats, and supports container orchestration platforms such as Mesos and Kubernetes. To manage software and install updates, it uses a pmd (Photon Management Daemon) background process and its own tdnf toolkit, which is compatible with the YUM package manager and offers a package-based distribution lifecycle management model. The system also provides tools to easily port application containers from developer environments (such as those using VMware Fusion and VMware Workstation) to production cloud environments.
Systemd is used to manage system services. The kernel is built with optimizations for the VMware hypervisor and includes security hardening settings recommended by the Kernel Self-Protection Project (KSPP). When building packages, compiler options that increase security are used. The distribution kit is formed in three editions: minimal (538MB, includes only basic system packages and runtime for running containers), build for developers (4.3GB, includes additional packages for developing and testing programs delivered in containers) and build for tasks running in the realtime (683MB, contains kernel with PREEMPT_RT patches for running realtime applications).
Key improvements in the release of Photon OS 5.0:
- Added support for XFS and BTRFS file systems.
- Added support for configuring VPN WireGuard, multiple routes, SR-IOV (Single Root Input/Output Virtualization), creating and configuring virtual devices, creating NetDev, VLAN, VXLAN, Bridge, Bond, VETH (Virtual Ethernet) interfaces in the Network Configuration Manager process, MacVLAN/MacVTap, IPvlan/IPvtap and tunnels (IPIP, SIT, GRE, VTI). The range of network device parameters available for configuration and viewing has been expanded.
- Support for configuring hostname, TLS, SR-IOV, Tap and Tun interfaces has been added to the PMD-Nextgen (Photon Management Daemon) process.
- Network-event-broker added the ability to substitute network data in JSON format.
- The ability to build lightweight containers has been added to the cntrctl utility.
- Added support for cgroups v2, which can be used, for example, to limit memory, CPU, and I/O consumption. The key difference between cgroups v2 and v1 is the use of a common cgroups hierarchy for all resource types, instead of separate hierarchies for CPU allocation, memory management, and I/O.
- Added the ability to apply fixes to the Linux kernel without stopping work and without rebooting (Kernel Live Patching).
- Added support for securing containers with SELinux policies.
- Added the ability to create containers without the root user.
- Added support for ARM64 architecture for linux-esx kernel.
- Added support for PostgreSQL DBMS. Branches 13, 14 and 15 are supported.
- In the tdnf package manager, support for commands for working with the history of changes (list, rollback, undo and redo) has been added, the mark command has been implemented.
- The installer has added support for scripts called at the stage before the installation starts. Added a utility to generate custom initrd images.
- Added support for the "A/B" partitioning mode, which creates two identical root partitions on the drive - active and passive. The new update is installed on the passive partition without affecting the operation of the active one. Then the partitions are swapped - the partition with the new update becomes active, and the previous active partition is put into passive mode and waits for the next update to be installed. If something went wrong after the update, a rollback to the previous version can be made.
- Updated package versions, e.g. Linux kernel 6.1.10, GCC 12.2, Glibc 2.36, Systemd 253, Python3 3.11, Openjdk 17, Openssl 3.0.8, Cloud-init 23.1.1, Ruby 3.1.2, Perl 5.36, Kubernetes 1.26.1 .1.20.2, Go XNUMX.
Source: opennet.ru