Ubuntu Server 20.04.4 LTS - DVD

Ubuntu Server 20.04.4 LTS on DVD. The long-term support version of Ubuntu Server. Support guaranteed until April 2025 — 64-bit only.
$3.19
Availability: In stock
SKU
ubuntusrv2004dvd

Version 20.04.4 Release Date: February 24, 2022

Now using Ritek Pro 60+ year archival quality DVDs.

Ubuntu 20.04.4 LTS is only available as a 64 bit version.

About Ubuntu

Code-named "Focal Fossa", 20.04 continues Ubuntu's proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use Linux distribution. The team has been hard at work through this cycle, introducing new features and fixing bugs.

Under the hood, there have been updates to many core packages, including a new 4.15-based kernel.

Support lifespan

Maintenance updates will be provided for 5 years until April 2025 for Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core.

  

New features in 20.04 LTS

Linux Kernel

Ubuntu 20.04 LTS is based on the long-term supported Linux release series 5.4. Notable features and enhancements in 5.4 since 5.3 include:

  • Support for new hardware including Intel Comet Lake CPUs and initial Tiger Lake platforms, AMD Navi 12 and 14 GPUs, Arcturus and Renoir APUs along with Navi 12 + Arcturus power features.
  • Support has been added for the exFAT filesystem, virtio-fs for sharing filesystems with virtualized guests and fs-verity for detecting file modifications.
  • Built in support for the WireGuard VPN.

  • Enablement of lockdown in integrity mode.

Other notable kernel updates to 5.4 since version 4.15 released in 18.04 LTS include:

  • Support for AMD Rome CPUs, Radeon RX Vega M and Navi GPUs, Intel Cannon Lake platforms.
  • Support for raspberry pi (Pi 2B, Pi 3B, Pi 3A+, Pi 3B+, CM3, CM3+, Pi 4B)
  • Significant power-saving improvements.
  • Numerous USB 3.2 and Type-C improvements.
  • A new mount API, the io_uring interface, KVM support for AMD Secure Encrypted Virtualization and pidfd support.
  • Boot speed improvements through changing the default kernel compression algorithm to lz4 (in Ubuntu 19.10) on most architectures, and changing the default initramfs compression algorithm to lz4 on all architectures.

 

 

Installer

The live server installer is now the preferred media to install Ubuntu Server on all architectures.

Besides architecture support, the main user visible new features are support for automated installs and being able to install the bootloader to multiple disks (for a more resilient system).

There have been many other fixes under the hood to make using encryption easier, better support installing to multipath disks, more reliable installation onto disks that have been used in various ways and allowing failures to be reported more usefully.

 

QEMU

QEMU was updated to 4.2 release. There is so much that it is hard to select individual improvements to highlight, here just a few:

  • free page hinting through virtio-balloon to avoid migrating unused pages which can speed up migrations
  • PPC: NVIDIA V100 GPU/NVLink2 passthrough for spapr using VFIO PCI
  • Many speed improvements for LUKS backend
  • pmem/nvdimm support
  • ...

 

 

 

libvirt

libvirt was updated to version 6.0.

 

upgrading from 19.10

Among many improvements worth to mention might be the features:

  • to access NVMe disks directly now allowing a speed oriented setup that still supports migration.
  • Mediated GPU devices are now supported as boot display.
  • Support kvm-hint-dedicated performance hint allowing the guest to enable optimizations when running on dedicated vCPUs
  • ...see the detailed changelog linked above for much more

 

upgrading from 18.04

Worth mentioning is that libvirt can now enable QEMUs ability to use parallel connections for migration which can help to speed up migrations if one doesn't saturate your network yet.

Administrators might like the ease of a new local include apparmor to the libvirt-qemu profile that allows local overrides for special devices or paths matching your setup without conffile delta that has to be managed on later upgrades.

Added the ability to have GL enabled graphics as well as mediated devices to be configured while still being guarded by custom apparmor profiles generated per guest. This is required for the use of gpu based mediated devices as well as VirGL mentioned above in the qemu section.

 

dpdk

Ubuntu 20.04 LTS includes the latest stable release 19.11.1 of the latest LTS series 19.11.x. The very latest (non-stable) version being 20.02 was not chosen for downstream projects of DPDK (like Open vSwitch) not being compatible yet.

 

upgrading from 18.04

DPDK dependencies were reorganized into more or less common/tested components. Due to that most DPDK installations will now have a smaller installation footprint and less potentially active code to care about.

 

Open vSwitch

Open vSwitch has been updated to 2.13.

 

Chrony

Chrony been updated to version 3.5 which provides plenty of improvements in accuracy and controls. Furthermore it also adds additional isolation for non-x86 by enabling syscall filters on those architectures as well.

To further allow feeding Hardware time into Chrony the package GPSD is now also fully supported.

But still for simple time-sync needs the base system already comes with systemd-timesyncd. Chrony is only needed to act as a time server or if you want the advertised more accurate and efficient syncing.

 

cloud-init

Cloud-init was updated to version 20.1-10. Notable features include:

 

Cloud platform features

  • New datasource detection/support: e24cloud, Exoscale, Zstack
  • Azure dhcp6 support, fix runtime error on cc_disk_setup, add support for byte-swapped instance-id
  • EC2: render IPv4 and IPv6 network on all NICs, IMDSv2 session-based API tokens and add secondary IPs as static
  • Scaleway: Fix DatasourceScaleway network rendering when unset

  • LRU cache frequently used utils for improved performance
  • Drop python2 support

 

Networking features

  • Prioritize netplan rendering above /etc/network/interfaces even when both
    • are present
  • Read network config from initramfs
  • net: support network-config:disabled on the kernel commandline
  • Add physical network type: cascading to openstack helpers
  • net/cmdline: correctly handle static ip= config

 

Config module features

  • distros: drop leading/trailing hyphens from mirror URL labels
  • cc_disk_setup: add swap filesystem force flag
  • cloud-init query surfaces merged_cfg and system_info dicts for use in
    • Jinja templated cloud-config when opinionated based on series, platform
  • use SystemRandom when generating random password.

 

PHP 7.4

PHP 7.4 is a new feature update, bringing typed properties, arrow functions, weak references, and unpacking inside arrays among other things.

 

Ruby 2.7

The default Ruby interpreter was updated to version 2.7. It comes with some nice features and improvements like: Pattern Matching, REPL improvement, Compaction GC, Separation of positional and keyword arguments and much more. 

 

Ruby on Rails 5.2.3

Ruby on Rails was updated to version 5.2.3. From users coming from Ubuntu 18.04 is a major change, moving from version 4.2.10 to 5.2.3. Some highlights are: addition of Action Cable framework, option to create slimmed down API only appli cations, Active Record attributes API and so on.

 

Ubuntu HA/Clustering

 

Kronosnet

kronosnet (or knet for short) is the new underlying network protocol for Linux HA components (corosync), that features the ability to use multiple links between nodes, active/active and active/passive link failover policies, automatic link recovery, FIPS compliant encryption (NSS and/or OpenSSL), automatic PMTUd and in general better performance compared to the old network protocol.

Main NEW features:

  • Up to 8 links dynamically reconfigured without restart of corosync
  • MTU auto-configuration
  • Support for NSS or OpenSSL encryption of packets
  • Compression
  • Higher throughput and lower latency
  • Support for RDMA and Upstart is gone

 

Pacemaker

From Pacemaker 2.0 release notes:

The main goal of the 2.0 release was to remove support for deprecated syntax, along with some small changes in default configuration behavior and tool behavior. Highlights: Only Corosync version 2 and greater is now supported as the underlying cluster layer. Support for Heartbeat and Corosync 1 (including CMAN) is removed.

Rolling upgrades from Pacemaker versions earlier than 1.1.11 are not possible, even if the underlying cluster stack is corosync 2 or greater. Other rolling upgrades, from newer versions on top of corosync 2 or greater, should be possible with little to no change.

 

Resource Agents

Cluster Resource Agents (RAs), compliant with the Open Cluster Framework (OCF) specification, used to interface with various services in a High Availability environment managed by the Pacemaker resource manager.

 

Fence Agents

Fence Agents is a collection of scripts to handle remote power management for several devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

 

keepalived

Failover and monitoring daemon for LVS clusters, used for monitoring real servers within a Linux Virtual Server (LVS) cluster. It can be configured to remove real servers from the cluster pool if they stop responding, as well as send a notification email to make the admin aware of the service failure.

 

isc-kea 1.6 stable track

Even though it's a Universe package, isc-kea is a promising new dhcp server from the same upstream that created Bind and isc-dhcp. For Focal, we updated it to the 1.6.x stable series.

 

Bind 9.16

Bind has been updated to the new stable release series from upstream: 9.16.x.

Important packaging changes are:

  • bind-libs 9.11.x package: used for software projects that do not yet work with the new 9.16 version, like isc-dhcp.
  • bind-dyndb-ldap has not yet been ported to bind9 9.16.x
  • geoip legacy support was removed and replaced with geoip2 (libmaxminddb)

 

OpenSSH updates with U2F Support

OpenSSH 8.2 added support for U2F/FIDO hardware devices to allow easy hardware-based two factor authentication.

 

HAProxy 2.0

First introduced in Ubuntu Eoan 19.10, HAProxy in Focal is tracking the upstream LTS 2.0 branch. This series has many new features when compared to the previous 1.8 stable branch.

 

Apache, TLSv1.3, client cert auth

Apache has been built with TLSv1.3 support, and depending on the server configuration, this might require clients performing certificate authentication to support Post Handshake Authentication (PHA). Not all TLSv1.3 capable clients can perform PHA, and will fail. Telltale signs of this being the error include these messages in the Apache server logs:

AH: verify client post handshake
AH10158: cannot perform post-handshake authentication
SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

 

In this case, if there is no updated client version, you should preferably disable TLSv1.3 on the affected client.

 

Samba 4.11

Focal ships with Samba 4.11.x which introduces a number of changes. Of note we have:

  • SMB1 disabled by default: can still be enabled via a /etc/samba/smb.conf config change;

  • python2 no longer supported

 

PostgreSQL 12

Focal is shipping postgresql-12, which has many improvements:

  • improved query performance, particularly over larger data sets
  • SQL/JSON path expression support
  • generated columns
  • pluggable table storage interface

 

nginx

Starting in Focal Fossa, nginx-core no longer ships with the legacy geoip module enabled by default. If you are using the legacy geoip module in nginx, you may run into upgrade issues if you do not deactivate the geoip module in your configuration. This was done as part of the deprecation of GeoIP legacy support.

Here are some scenarios you might encounter:

  • Since nginx-core dropped the dependency on libnginx-mod-http-geoip, an "apt autoremove" might suggest that libnginx-mod-http-geoip can be removed. If this happens, and there are still geoip configuration directives, nginx will fail to restart. Note that this would also happen had we replaced libnginx-mod-http-geoip with libnginx-mod-http-geoip2, as the configuration directives are different
  • If someone has just main enabled, with nginx-code and libnginx-mod-http-geoip installed, and release upgrades to focal, libnginx-mod-http-geoip won't be updated because it's in focal/universe.

 

Squid 4.x

When upgrading from the previous LTS Ubuntu Bionic 18.04, the squid proxy cache will be at version 4. Among other changes, if you used custom logging format, be aware the redefining the build-in formats no longer works.

For example, if you were redefining the squid log format to change the timestamp, like this:

logformat squid  %tg{%F %H:%M:%S %z} %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt

You now have to use another name, and specify that it should be used, like this:

logformat custom-squid  %tg{%F %H:%M:%S %z} %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt
access_log daemon:/var/log/squid/access.log custom-squid

 

s390x

IBM Z and LinuxONE / s390x-specific enhancements since 19.10 (partly not limited to s390x):

  • Starting with Ubuntu Server 20.04 LTS the architectural level set was changed to z13. This has a significant impact: Ubuntu Server for s390x now benefits from improved and more instructions that got introduced with z13 hardware; at the same time support for zEC12/zBC12 got dropped and the minimum supported hardware is now IBM z13 and LinuxONE Rockhopper (I) and LinuxONE Emperor (I).

  • Secure Execution, a Trusted Execution Environment (TEE) for IBM Z and LinuxONE is now supported. It required adaptations in the kernel, qemu and s390-tools. It can only be used with IBM z15 and LinuxONE III. With Secure Execution (or the upstream name 'protected virtualization' aka 'protvirt') workloads can run virtualized in full isolation with protection for both internal and external threats, using hardware assisted key based encryption for the guest memory.

  • The toolchain was significantly upgraded to gcc 9.3 - making sure that fixes like are included, even moved to gdb 9.1, that includes latest s390x hardware support - similar with LLVM, that was upgraded to v10, again to have the latest s390x hardware enhancements included.

  • The KVM virtualization stack got updated to qemu 4,2 and libvirt 6.0, and with that CPU model comparison and baselining got enabled CCW IPL support added to qemu and libvirt and several issue fixed. In addition KVM crypto pass-through is now included.

  • Support for new CEX7S crypto express hardware was added, as well as CPACF MSA 6 in-kernel crypto support for SHA3 and a lot of CPACF crypto co-processor (largely assembly based) optimizations and fixes in OpenSSL incl. but not limited to ECDSA.

  • Performance tests showed  that it is beneficial to use 'Striding RQ' with RoCE Express 2 and 2.1 PCIe cards (ConnectX-4) on IBM z14 and LinuxONE Rockhopper II / Emperor II and newer - but this is not the default. Hence if one has RoCE 2 or 2.1 hardware plugged in to such a system, the enablement of 'Striding RQ' should be considered, like: 'ethtool --set-priv-flags <ifname> rx_striding_rq on'. For the reason of persistence one may also create a service or udev-rule that sets this at boot time.

 

OpenStack Ussuri

Ubuntu 20.04 LTS includes the latest OpenStack release, Ussuri, as a preview with final release coming in the 20.04.1 LTS, including the following components:

  • OpenStack Identity - Keystone

  • OpenStack Imaging - Glance

  • OpenStack Block Storage - Cinder

  • OpenStack Compute - Nova

  • OpenStack Networking - Neutron

  • OpenStack Telemetry - Ceilometer, Aodh, Gnocchi, and Panko

  • OpenStack Orchestration - Heat

  • OpenStack Dashboard - Horizon

  • OpenStack Object Storage - Swift

  • OpenStack DNS - Designate

  • OpenStack Bare-metal - Ironic

  • OpenStack Filesystem - Manila

  • OpenStack Key Manager - Barbican

  • OpenStack Load Balancer - Octavia

  • OpenStack Instance HA - Masakari

 

WARNING: Upgrading an OpenStack deployment is a non-trivial process and care should be taken to plan and test upgrade procedures which will be specific to each OpenStack deployment.

 

Ceph

Ceph was updated to the 15.2.1 release, Ceph Octopus.

 

More Information
Media TypeDVD
VersionServer
Disc TypeLive Disc
Write Your Own Review
Only registered users can write reviews. Please Sign in or create an account