CentOS 8 has been released!!. I know most guys are asking “What are CentOS 8 new features“?. Since the inception of CentOS in 2004, the world has felt the amazing service that the distribution has continued to proffer with excellence and a pinch of elegance. September 24th, 2019 marks another crucial time for this iconic brand as version 8 is released to perpetuate the streak of awesomeness that CentOS is reputed with. CentOS 8 has been finally released into your hands and you know what that means.
It is another time to enjoy the stability, efficiency, and reliability that is handsomely made available for you. This article goes into the details of what awaits you in the new and fresh breathe infused into CentOS 8. We are going to look at what you should expect when CentOS 8 purrs for the first time in your server or desktop. Take a relaxing sigh, stay tuned and indulge in How To Install CentOS 8 Step by Step with Screenshots to check it out.
The guide will be sub-divided into a per-feature design so that we can view New features, deprecated features, and changes clearly and easily.
New features of CentOS 8 from upstream Release Notes include:
Your Desktop Environment
- The GUI version of CentOS 8’s GNOME Shell has been rebased to version 3.28.
- The GNOME session and the GNOME Display Manager use Wayland as their default display server. If you are a XORG person then do not panic, the X.Org server, which is the default display server in CentOS/RHEL 7, is available as well.
If you are interested, Wayland happens to have the following features:
- Stronger security model
- Improved multi-monitor handling
- Improved user interface (UI) scaling
- The desktop can control window handling directly.
The Networking Arena
The networking part of CentOS 8 has been revamped with the following new changes:
- CentOS 8 is distributed with TCP networking stack version 4.16, which provides higher performances, better scalability, and more stability.
- The networking stack upgraded to upstream version 4.18
- Iptables has been replaced by the nftables framework as the default network packet filtering facility.
- The nftables framework is the designated successor to the iptablesip6tables, arptables, and ebtables tools. This provides a single framework for both the IPv4 and IPv6 protocols
- The firewalld daemon now uses nftables as its default backend.
- Support for IPVLAN virtual network drivers that enable the network connectivity for multiple containers.
- NetworkManager now supports single-root I/O virtualization(SR-IOV) virtual functions (VF). NetworkManager allows configuring some attributes of the VFs, such as the MAC address, VLAN, the spoof checking the setting and allowed bitrate
The YUM package manager is now based on the DNF technology and it provides support for modular content, increased performance, and a well-designed stable API for integration with tooling. Installing software is now ensured by the new version of the YUM tool, which is based on the DNF technology (YUM v4). CentOS 7 used YUM v3 and the following are enhancements made on YUM v4:
- Increased performance
- Support for modular content
- Well-designed stable API for integration with tooling
YUM v4 is compatible with YUM v3 when using from the command line, editing or creating configuration files. Due to that, you can use the yum command and its particular options in the same way as on CentOS 7. Another thing worth mentioning is that CentOS 8 is distributed with RPM 4.14 which is different from the previous RPM 4.11 with more enhancements added.
The most notable features of RPM 4.14 include:
- The debuginfo packages can be installed in parallel
- Support for weak dependencies
- Support for rich or boolean dependencies
- Support for packaging files above 4 GB in size
- Support for file triggers
Nonetheless, the most notable changes include:
- Stricter spec-parser
- Simplified signature checking the output in non-verbose mode
- Additions and deprecation in macros
Languages, web servers, and databases
You will find the following programming languages in your new CentOS 8:
Python 3.6 and limited support for Python 2.7 provided. No version of Python is installed by default.
Dynamic programming languages: Node.js is new, PHP 7.2, Ruby 2.5, Perl 5.26, SWIG 3.0 are now available.
Database servers distributed with CentOS/RHEL 8: MariaDB 10.3, MySQL 8.0, PostgreSQL 10, PostgreSQL 9.6, and Redis 5.
Web Servers: Apache HTTP Server 2.4 and introduction of nginx 1.14.
Squid has been updated to version 4.4, and a new proxy caching server is now included: Varnish Cache 6.0.
You will encounter the following changes as far as virtualization is concerned:
- CentOS 8 is distributed with qemu-kvm 2.12 with – Q35 guest machine type support, UEFI guest boot support, vCPU hot plug and hot unplug, NUMA tuning and pinning in the guest and guest I/O threading
- Secure Encrypted Virtualization (SEV) feature for AMD EPYC host machines that use the KVM hypervisor.
- The QEMU emulator introduces the sandboxing feature. QEMU sandboxing provides configurable limitations to what systems calls QEMU can perform, and thus makes virtual machines more secure
- KVM virtualization now supports the User-Mode Instruction Prevention (UMIP) feature, which can help prevent user-space applications from accessing to system-wide settings
- KVM virtualization now supports the 5-level paging feature, which significantly increases the physical and virtual address space that the host and guest systems can use.
- NVIDIA vGPU is now compatible with the VNC console
- Ceph storage is supported by KVM virtualization on all CPU architectures supported by Red Hat
- Q35, a more modern PCI Express-based machine type is supported by RHEL 8 Virtualization. All virtual machines created in RHEL 8 are set to use Q35 PC machine type by default.
- Nested virtualization now available on IBM POWER 9
- KVM virtualization is usable in CentOS 8 Hyper-V virtual machines
Useful guide: How to install KVM on RHEL 8
Installation and image creation
CentOS 8 uses Anaconda installer which now supports the LUKS2 disk encryption format. LUKS2 offers better features for instance, it extends the capabilities of the on-disk format and provides flexible ways of storing metadata.
In addition to that, Anaconda has been extended to handle all features related to application streams. These include modules, streams, and profiles. Kickstart scripts can now enable module and stream combinations, install module profiles, and install modular packages.
Tighter security features have been added to the brand new release. For instance:
- CentOS 8 comes with support for OpenSSL 1.1.1 and TLS 1.3. This enables you to secure customer’s data with the latest standards for cryptographic protection.
- CentOS 8 comes with System-wide Cryptographic Policies which helps you with the management of cryptographic compliance. No need to modify and tune specific applications.
- OpenSSH has been rebased to version 7.8p1– with no support for SSH version 1 protocol, Blowfish/CAST/RC4 ciphers, hmac-ripemd160 message authentication code
Kernel and OS
CentOS 8 is based on Fedora 28 and upstream kernel 4.18. The following are available on this Kernel
- ARM 52-bit physical addressing 64-bit ARM architecture – This provides larger address space than previous 48-bit physical addressing
- The I/O memory management unit (IOMMU) code in the Linux kernel has been updated to support 5-level page tables
- Spectre V2 mitigation default changed from IBRS to Retpolines – For use cases where complete Spectre V2 mitigation is desired, a user can select IBRS through the kernel boot line by adding the spectre_v2=ibrs flag.
- Intel Omni-Path Architecture (OPA) host software is fully supported in CentOS 8.
Supported CPU Architectures are:
- AMD and Intel 64-bit architectures
- The 64-bit ARM architecture
- IBM Power Systems, Little Endian
- IBM Z
CUPS logs are now handled by journald – In CentOS 7, CUPS logs were stored in specific files within the /var/log/cups directory. This is now changed because all types of CUPS logs are centrally-logged in the systemd journald daemon together with logs from other programs. You now jus use journalctl -u cups to access them.
There are new BIND features. The following are some of them:
- New quotas have been added to limit queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks.
- The nslookup utility now looks up both IPv6 and IPv4 addresses by default.
- The named service now checks whether other name server processes are running before starting up.
- When loading a signed zone, named now checks whether a Resource Record Signature’s (RSIG) inception time is in the future, and if so, it regenerates the RRSIG immediately.
- Zone transfers now use smaller message sizes to improve message compression, which reduces network usage.
- A new method of provisioning secondary servers called Catalog Zones has been added.
- Domain Name System Cookies are now sent by the named service and the dig utility.
- The Response Rate Limiting feature can now help with the mitigation of DNS amplification attacks.
- Performance of response-policy zone (RPZ) has been improved.
Cockpit web console
Cockpit is now part of Red Hat Enterprise Linux default repositories. You will get your web console automatically installed in the GUI version of CentOS 8. No more hassle because firewall ports required by the console are automatically open.
- Cockpit now includes a Firewall section where users can enable or disable the firewall, as well as add, remove, and modify firewall rules.
- Cockpit is now compatible with mobile browsers. What this means is that users can manage systems using the CentOS/RHEL 8 web console from a mobile device.
- Virtual Machines can now be managed using the web console
Even though these features have been deprecated, their support continues until the end of life of upstream RHEL 8. Some of the deprecated features include:
Under File systems and storage
- NFSv3 over UDP has been disabled
- The elevator kernel command line parameter used to set the disk scheduler for all devices is deprecated
Network scripts are deprecated in RHEL 8. The basic installation provides a new version of the ifup and ifdown scripts which call the NetworkManager service through the nmcli tool. To use ifup and ifdown commands, NetworkManager needs to be running.
- Digital Signature Algorithm (DSA) is considered deprecated
- TLS 1.0 and TLS 1.1 are deprecated
- SSL2 Client Hello has been deprecated in Network Security Services (NSS) library
virt-manager has been deprecated. Cockpit is intended to become its replacement in a subsequent release.
Major changes can be seen to be done on the new CentOS 8 Release. All the way fro security to how to manage virtual machines, you should anticipate to find major enhancements all in a bid to make your Server management as easier and as secure as possible. Head over to Centos Download Page to get yours now and start playing with it.