Useful innovations in Ubuntu 22.04 LTS

The Long Haul

© Photo by Robert Murray on Unsplash

© Photo by Robert Murray on Unsplash

Article from Issue 262/2022

Ubuntu 22.04 LTS features an updated Linux kernel, numerous programming language updates, and improved virtualization and container tools, making it useful for developers and admins.

Calling Ubuntu 22.04 LTS a COVID-19 release would be bad public relations, but it's not completely untrue because its predecessor 20.04 was released more or less at the onset of the pandemic. For companies using Ubuntu Desktop, Ubuntu Server, Ubuntu Cloud, and Ubuntu Core, the upgrade to "Jammy Jellyfish" (Figure 1) is well worthwhile, but there is no rush. Officially, the preceeding Ubuntu 20.04 LTS will still be supported until April 2025, with Extended Security Maintenance (ESM) for five additional years, assuming that you make an appropriate donation to Canonical.

Figure 1: Ubuntu on the desktop: The software store offers both Debian and Snap packages.

However, users of other Ubuntu flavors, such as Kubuntu, Lubuntu, Xubuntu, and the like, can only count on official support until April 2023. Without ESM, admins will need to assess the consequences of the upgrade and compatibility issues at a somewhat less leisurely pace. If you switch to Ubuntu 22.04, the support period is extended to 2027 (or 2025 for the other flavors).

Kernel Support

By default, Ubuntu 20.04 used Linux kernel version 5.4.0, while Ubuntu 22.04 has kernel version 5.15 (linux-generic). Canonical even uses kernel 5.17 (linux-oem-22.04) on certified devices. If you want, you can also use the rolling Hardware Enablement (HWE) kernel [1] (linux-hwe-22.04) with the LTS versions, whichs updates the distribution with the regular point releases and kernel versions.

According to [2], Linux kernel 5.15 will receive support for longer than other versions – specifically, until October 2023 (Figure 2). Presumably, the Ubuntu developers hope that another kernel with long-term support will have arrived on the scene by then. Otherwise, they will have to continue maintaining the kernel themselves after its shelf life expires [3].

Figure 2: The supplied kernel 5.15 will receive long-term support until 2023.

WireGuard was already backported by the developers in Ubuntu 20.04, but there are many other innovations in kernel 5.15. For example, kernel 5.15 includes a new NTFS driver, support for Apple's M1 chip, and a kernel-integrated Samba server, dubbed KSMBD. In addition to these major updates, there are several smaller tweaks to kernel security features. The eBPF kernel sandbox has been updated. There are some new system calls that simplify the container handling, among other things, as well as improvements to the collection of filesystems. For example, ext4, Ubuntu's standard filesystem, has been faster since kernel 5.10 thanks to a fast commit feature.

Network Binds

The server and client packages for Network File System (NFS) have been upgraded to the latest versions. NFS no longer supports mounting over UDP by default. The reason for the change is that NFS over UDP can cause data corruption on modern networks with connection speeds of more than 1Gbps – this is due to fragmentation brought about by the heavy load [4]. The new Samba v4.15.5 is also on board and, among other things, ends the experimental status of multichannel support.

SSH remains wildly popular for connecting to Ubuntu machines on the network – either as an admin or for software that then handles tasks on the target machines. OpenSSH 8.9, which is included with the new Ubuntu, disables RSA signatures by default because they use the insecure SHA-1. Disabling RSA may cause problems when communicating with older SSH servers, but that can be changed later [5]. The SCP software that comes with SSH moves and copies files between machines. The software now offers a -s option to use SFTP mode instead of SCP mode. For security reasons, according to the OpenSSH project, this behavior will become the default in the near future. OpenSSL v3 is also now available; it removes some legacy, insecure algorithms. Certificates that still support SHA-1 or MD5 also no longer work with OpenSSL v3.

The recently supported OpenLDAP 2.5.x is missing a few pieces, including the shell and BDB and HDB back ends. Bind v9.18, on the other hand, is now more secure, offering support for DNS over TLS (DoT) and DNS over HTTPS (DoH). The named service supports inbound and outbound zone transfers over TLS (XFR over TLS, XoT).

In terms of security, nftables now is the new back end that manages the firewall rules, taking over the job from iptables, as well as from ip6tables (IPv6), arptables (ARP), and ebtables (Ethernet bridging). The nftables developers are the same people who created iptables, and they are looking to dump the legacy ballast in the new software. The two iptables versions (for IPv4 and IPv6 addresses) still cause confusion and have forced admins to manage them in parallel, until now.

Machine Farms

Data center admins want to squeeze as many machines as possible onto a single lump of physical hardware for cost and efficiency reasons. This is where virtual machines (VMs) and containers come into play. In terms of the architecture, the Qemu virtualization software has recently outsourced the most frequently used features as modules. The new fuse3 version in Qemu 6.2.0 makes it easier to edit VM images without having root privileges and without having to boot the VM. In addition, Qemu now supports the Linux JACK sound server, which supports access with the particularly low latencies that musicians require.

Version 8.0.0 of the Libvirt virtualization API is on board and comes with hot plug support for the VirtioFS virtual filesystem. Version 4.0.0 of virt-manager, a graphical program for managing VMs on Linux, is included and provides a graphical option for configuring shared storage. VirtioFS is available here as a selectable filesystem in the settings. Virt-manager also automatically activates the Trusted Platform Module (TPM) if the VM uses UEFI. Another new default choice for x86 guests allows the host CPU to be passed through to the guests. And, last but not least, the Virtio GPU is available for most modern guest systems.

When creating VM templates, VMware users benefit from an innovation in cloud-init 22.1, which now natively supports VMware as a data source. The LXD data source dynamically reads instance data from the LXD socket and applies configuration changes that also survive reboots.

People who use VMs on a large scale usually turn to OpenStack. Despite rumors to the contrary, OpenStack is not dead, reports Canonical [6], while sending the new 2022 "Yoga" version off to do battle with its competitors. At the same time, the release notes warn that updates are not a walk in the park because OpenStack consists of many moving parts. Admins will therefore need to schedule some time for planning and testing the upgrades, and study the release notes [7].

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More