5210R: First ISO released (CentOS 8.0.1905)

Posted by: mstauber Category: General

The first release candidate of our BlueOnyx 5210R ISO image for CentOS 8 has been released.

After 12 months of hard work we just released the first BlueOnyx 5210R ISO image based on CentOS 8.0.1905. This ISO image contains all updates and fixes as of today and will allow you to quickly and easily set up a BlueOnyx 5210R.

This ISO image supports both EFI and non-EFI boot and offers the traditional fully automated installation experience that our existing BlueOnyx users are already accustomed to:

This image shows the ISO boot menu in non-EFI mode, but the menu options for the EFI-boot are the same. The first three menu options allow you to install BlueOnyx 5210R without any further input beyond making the selection in the boot menu.

The option "Interactively Install BlueOnyx 5210R" will launch the graphical Anaconda installation tool and you can configure all relevant options yourself. The only available package selection in this mode is "BlueOnyx 5210R", so you cannot use the ISO to install anything but that. Once installed you can add software and package groups via YUM or DNF, though. This last install options should be used if you need special partitioning layouts that the traditional first three options don't provide.

Once the installation is complete you will be asked to reboot. Please do so and login via "root" on the console. It will tell you the password you must use and you can reset that during the interactive setup.

Differences between 5209R and 5210R:

Let us start with some differences between CentOS 7 and CentOS 8:

YUM has been replaced by DNF, but there is still a "yum" command that - for all intends and purposes - works the same as before. It's in fact a wrapper around "dnf-3", which is the actual executable.

CentOS 8 supports "Module Streams" and these now allow to install multiple instances of the same software in different versions side by side. Certain RPMs such as Apache, PHP, Nginx and others are served out of such module streams. The offerings out of the "stock" CentOS repositories don't yet have anything but the basics in these regards.

OpenSSL is installed in a newer version which allows TLSv1.3 support out of the box for all services. Which allows for more modern crypto to be used for secure services. BlueOnyx 5210R is configured in a way that all relevant services use TLSv1.3 with strong ciphers and if clients don't yet support these it can fall back to TLSv1.2. Connections using older TLS versions (1.1 or 1.0) will be rejected.

The PHP version that ships with CentOS 8 is v7.2.11. While there are some different (older and newer) PHP versions available from third party YUM repositories I strongly urge not to install them as the GUI will not be able to make use of them. PHP packages from the BlueOnyx Shop will always be fine.

There has also been a small change to services that are enabled by default: Both "NetworkManager" and "Firewalld" are now enabled by default. "NetworkManager" is now a must-have item, as RedHat/CentOS made it nearly impossible to configure the network without it. Even "/sbin/ifup" is now a shortcut to "NetworkManager" and that will only activate interfaces if they are under control of "NetworkManager". For added security we chose to enable "Firewalld" by default as well. It already has all common ports used by BlueOnyx open. You can however choose to disable Firewalld in case you don't like it being active. Disabling it has no negative effect on BlueOnyx itself.

Additionally: BlueOnyx 5210R has a slightly different FTP implementation than older versions of BlueOnyx and now also supports Chrooted Jailkit jails for allowing SCP, true SFTP and SSH. For more information on how that works please read this article. It also explains the new directory layout for Vsites and Users, which was a requirement for the Jailkit integration.

How to migrate to BlueOnyx 5210R:

The recommended way is to use our new "Easy-Migrate" as it provides the easiest, cleanest and most robust way to migrate from older BlueOnyx servers to either 5209R or 5210R. It can also be used to migrate from 5209R to 5210R and back. It can migrate all Vsites, Users, MySQL, DNS and relevant system settings. Alternatively the traditional CMU is still available for migrations to 5210R, but it got quirkier the older it gets.  Unless you need to migrate from a dead server from which all you have left is a CMU-export the go-to way should be "Easy-Migrate".

Can I upgrade an existing 5209R to 5210R?

No. Totally out of the question. Won't work. At all. The best way is to set up a new server with 5210R and then use "Easy-Migrate". It won't get any easier than that.

Add-On software for 5210R out of the BlueOnyx Shop:

We're working on it. The "NewLinQ" package and the "WebApp" installer are already available. Plus all the WebApps themselves. PHP packages for all PHP versions between PHP-5.4 and 7.4 will be made available in the coming days. I've decided to release PHP packages for some of the EOL'ed versions of PHP as well in case you need to migrate Vsites that will have problems with the default PHP-7.2 that CentOS 8 ships with.A Fail2ban for 5210 that integrates with Firewalld will be next on the list. Next hot topic on the list is the AV-SPAM, which will be released in November and gradually all other Shop offerings currently available for 5209R will be made available for 5210R as well. With the exception of "APF" (Advanced Packet Firewall), which will not be ported to 5210R for compatibility reasons.

If you have any questions about or problems with the install of BlueOnyx 5210R or its usage, then please ask on the BlueOnyx mailing list.

Thank you and we hope you enjoy BlueOnyx 5210R.

Oct 15, 2019 Category: General Posted by: mstauber
Previous page: Development Next page: Mailing List