In December 2020, the CentOS project team announced that CentOS 8 will end support on December 31, 2021. This means that starting in 2022, CentOS 8 users will not receive official new hardware support, bug fixes, and security patches. In view of this situation, the mobile Cloud Operating system team, based on the deep customization of the domestic open source community, launched the enterprise customized version of the operating system, BC-Linux V8.2.

Note: After Tongxing released its Linux operating system commercial version — Tongxing server operating system V20 based on The Dragon lizard community Anolis OS 8, the dragon lizard community council member unit Mobile Cloud also released the BC-Linux V8.2 general version operating system based on the Dragon Lizard Anolis OS. This article is from mobile Cloud, welcome more partners to join the Dragon lizard community.

An overview of the

In December 2020, the CentOS project team announced that CentOS 8 will end support on December 31, 2021, which means that starting in 2022, CentOS 8 users will not receive official new hardware support, bug fixes, and security patches. In view of this situation, the mobile Cloud Operating system team, based on the deep customization of the domestic open source community, launched the enterprise customized version of the operating system, BC-Linux V8.2.

Bc-linux V8.2 is a general X86 server operating system based on Anolis OS 8.2. It is 100% compatible with the software and hardware ecology of RHEL 8 and CentOS 8. Bc-linux V8.2 is equipped with dual kernels, namely standard Kernel 4.19 and BigCloud Enterprise Kernel 5.10 (BEK). It supports TCP layer tracking, offline scheduling algorithm, KATA security container, OS migration tool, and automatic deployment tool. The performance, stability and security of the system have been deeply optimized and feature enhanced, with high availability, high security, high stability and other commercial release characteristics, to provide users with efficient and professional technical support and services.

Feature Introduction

Dual core technology

Bc-linux V8.2 supports dual kernel technology and adds the BEK kernel. BEK kernel is developed and enhanced based on the version 5.10 supported by the kernel community for a long time to meet the requirements of customers for high kernel versions. At the same time, it supports the default kernel version 4.19 to meet the requirements of multiple scenarios.

ML/LT kernel

Provide support for ML kernel (Mainline) and LT kernel (longterm), and regularly maintain updates.

Function enhancement and system performance optimization

  • Startup time optimization: The kernel startup time has been deeply optimized. Compared with the operating environment, the kernel startup time of CentOS has been improved by **30%, and the system startup time has been improved by 10%** compared with the CentOS.

  • Optimized the memory usage to increase the available memory size of dedicated servers by 7%.
  • Support for the Page Owner feature, which can be used to locate problems such as kernel memory leaks and drivers using large amounts of memory;
  • Supports cGroup V2 and provides multiple I/O isolation solutions, including BUFFER I/O flow limiting (CGroup WriteBack) and BLK-IOcost weight control, solving the problem that I/O cannot be completely isolated for a long time.
  • Supports the eXpress Data Path (XDP) high-performance kernel network protocol, bypasses the traditional TCP/IP kernel protocol stack, and improves THE UDP performance by more than one times, which is close to the performance of user mode network solutions such as DPDK.
  • Random free lists are supported to improve the performance and utilization of the cache on the directly mapped memory side.
  • The CPU offline scheduling algorithm framework is introduced to effectively improve the SYSTEM CPU utilization and support the mixing of offline and online services.
  • Added the TCP layer service monitoring function, support the kernel mode TCP service status collection, which can be used to locate network problems and discover performance bottlenecks;
  • IO performance enhancement: According to fiO test results, compared with CentOS 8.2, BC-Linux V8.2 improves random write performance by about 15% and sequential read performance by about 4%.

  • Memory enhancement: Based on the ramspeed and stream test results, the overall memory performance of BC-Linux V8.2 is improved by **6%** compared with CentOS 8.2.

Bc-linux V8.2 provides a migration tool from CentOS 8 to BC-Linux 8 to facilitate system and application migration. The tool has the following advantages:

  • Supports smooth migration of users from CentOS 8 to BC-Linux 8 without affecting services.
  • Simple operation, the tool is automatically completed after executing a single instruction, without manual intervention;
  • Help customers to solve the troubles caused by CentOS 8 shutdown and achieve a smooth system transition.

Bc-linux V8.2 uses various security enhancements to improve system security.

Trusted computing

Bc-linux V8.2 uses THE TPM2.0 module and ACM as the trusted root to measure the server’s trusted startup statically and realize the trust chain between server power-on and operating system startup. Bc-linux V8.2 uses IMA (Integrity Measurement Framework) to measure the executable’s dynamic integrity at runtime.

Security reinforcement

Bc-linux V8.2 integrates the security hardening function to provide security hardening, system software package vulnerability detection, and rootkit intrusion detection for the BC-Linux operating system. It also provides one-click security baseline configuration, rollback, detection report generation, rapid system vulnerability scanning, and report output.

Two factor authentication

Bc-linux V8.2 integrates the two-factor authentication function and uses a one-time password based on time, event, and key variables instead of the traditional static password to achieve more secure user authentication.

Bc-linux V8.2 realizes non-stop service upgrade of single node at kernel level and process level through kernel hot upgrade and process hot upgrade respectively, and realizes full-stack hot upgrade with zero service interruption.

Process hot Upgrade

The process hot upgrade enables important security updates to be implemented without restarting applications, implementing second-level online hot repair, and effectively improving service high availability. It also applies to the hot upgrade of all processes with simple operation and high reliability. Repeatable reentrant, support sustainable version iteration hot upgrade; Support reverse operation, at any time can choose to restore the original state.

Kernel hot upgrade

The kernel hot upgrade can dynamically fix the defective functions of the operating system kernel and modules. The kernel can be upgraded without restarting the system, which minimizes the system downtime. Can quickly apply important and security-related kernel patches, shorten vulnerability repair time; Supports the rollback operation to quickly recover to the state before the upgrade. There is no performance loss to the system.

In order to better ensure that bC-Linux system subscribers get a full range of commercial services (such as software package installation and upgrade services, technical support and maintenance, etc.), and these services can be authorized and tracked. Bc-linux V8.2 integrates the authorization management tool by default and adds the DNF authorization management plug-in. The operating system must authenticate the DNF server before upgrading the software.

Bc-linux V8.2 supports the next-generation container, the KATA security container, optimizes the performance of the KATA security container, and applies to the image source scenario on the mobile cloud Intranet for the first time. At the same time, docker-CE and its components are enhanced, including:

  • The performance optimization of KATA safety container is completed. The startup time reaches second level and the performance loss is less than 3%.
  • Security enhancements: Fixes for CVE-2019-14271, CVE-2020-13401, CVE-2021-30465;
  • Updated containerD to 1.5.2 to improve stability and performance.
  • Fixed some bugs and improved docker container stability.

Bc-linux V8.2 provides an automated deployment tool, bclinuxManTool, which is based on the PXE technology to deploy multiple server operating systems unattended, in batches, and flexibly. The tool interacts with users through the Web UI, provides flexible and convenient configuration functions, and implements remote and rapid deployment of server clusters. The tool has the following features:

  • Support the same batch of different servers, choose to install a variety of different Linux distribution image;
  • Application software sets can be pre-installed on multiple operating systems (oss) based on server roles.
  • Support flexible predefined different disk partitions, and partition size;
  • Supports flexible customized scripts to configure the operating system (including host names, IP addresses, and application software) after the operating system is installed.

Main differences between BC-Linux 8 and BC-Linux 7 series

Compared with THE BC-Linux 7 series, BC-Linux 8 series has brought many improvements, including the following:

conclusion

The bC-Linux V8.2 release brings a number of improvements, including new features and functions, improved performance and stability, as part of the response to the CentOS shutdown. In addition to common X86 servers, the x86_64 image version supports servers using Haiguang cpus, Megabytes cpus, and Big Cloud Servers. In the future, BC-Linux will continue to cooperate with domestic independent controllable open source community, and continue to launch Linux server operating system, so as to provide independent controllable, secure and stable unified operating system technology base for mobile cloud and other projects.

The original link

This article is ali Cloud original content, shall not be reproduced without permission.