Proxmox today announced the release of version 8.1 of Proxmox Virtual Environment, its open-source server virtualization management platform. This version comes with several new features, support for Secure Boot, a Software-defined Network stack, a new flexible notification system, and many further enhancements and bug fixes.

Proxmox VE 8.1 is based on Debian 12.2 (“Bookworm”), but uses a newer Linux kernel 6.5 as stable default, and includes updates to the latest versions of leading open-source technologies for virtual environments like QEMU 8.1.2 and LXC 5.0.2. It comes with ZFS 2.2.0 including the most important bugfixes from 2.2.1 already. The virtualization platform adds support for Ceph Reef 18.2.0 and continues to support Ceph Quincy 17.2.7.

Highlights in Proxmox Virtual Environment 8.1

• Support for Secure Boot: This version is now compatible with Secure Boot. This security feature is designed to protect the boot process of a computer by ensuring that only software with a valid digital signature launches on a machine. Proxmox VE now includes a signed shim bootloader trusted by most hardware’s UEFI implementations. This allows installing Proxmox VE in environments with Secure Boot active.
• Software-defined Network (SDN): With this version the core Software-defined Network (SDN) packages are installed by default. The SDN technology in Proxmox VE enables to create virtual zones and networks (VNets), which enables users to effectively manage and control complex networking configurations and multitenancy setups directly from the web interface at the datacenter level. Use cases for SDN range from an isolated private network on each individual node to complex overlay networks across multiple Proxmox VE clusters on different locations. The benefits result in a more responsive and adaptable network infrastructure that can scale according to business needs.
• New Flexible Notification System: This release introduces a new framework that uses a matcher-based approach to route notifications. It lets users designate different target types as recipients of notifications. Alongside the current local Postfix MTA, supported targets include Gotify servers or SMTP servers that require SMTP authentication. Notification matchers determine which targets will get notifications for particular events based on predetermined rules. The new notification system now enables greater flexibility, allowing for more granular definitions of when, where, and how notifications are sent.
• Support for Ceph Reef and Ceph Quincy: Proxmox Virtual Environment 8.1 adds support for Ceph Reef 18.2.0 and continues to support Ceph Quincy 17.2.7. The preferred Ceph version can be selected during the installation process. Ceph Reef brings better defaults improving performance and increased reading speed.

Availability

Proxmox VE 8.1 is available for download at the Proxmox website. The ISO contains the complete feature-set and can be installed on bare-metal.

The virtualization platform from Proxmox comes stocked with all the essential management tools, as well as an easy-to-use, web-based user interface. This allows for simple, out-of-the-box management of the host, either through the command line or a standard web browser. Distribution upgrades from older versions of Proxmox VE are possible with apt. It’s also possible to install Proxmox VE 8.1 on top of Debian. Proxmox Virtual Environment is free and open-source software, published under the GNU Affero General Public License, v3.

The Xen Project has unveiled version 4.18, showcasing continued growth in both technological advancements and community contributions. The release emphasizes expanded hardware support and feature enhancements across various architectures.

Key Highlights:

• Enhanced ARM Support: Notable additions include the Scalable Vector Extension (SVE), Arm Firmware Framework (FF-A), and an improved memory subsystem, signaling substantial progress in ARM architecture support.
• x86 Architectural Improvements: Extensive support for features in AMD Genoa and Intel Sapphire Rapids CPUs, coupled with advancements like the Protection Key Supervisor (PKS) and bus-lock detection, enhances security and performance on Intel and AMD systems.
• RISC-V and Power Ports: Demonstrating a commitment to diversity, initial ports for RISC-V and Power architectures have been introduced, promising intriguing developments in subsequent releases.
• New Hypercalls and MISRA-C Adoption: The release introduces new hypercalls and an increased adherence to MISRA-C rules, bolstering the project’s robustness and versatility.

Community Initiatives: Ongoing projects and future plans within the Xen community include continuous improvements in ARM MPU support and PCI-passthrough, refining RISC-V support, and focusing on the ppc64le architecture with Radix MMU page table initialization, paving the way for broader PowerPC support.

For further details, refer to the official announcement.

ZFS on Linux (OpenZFS), the open-source implementation of the ZFS file system and volume manager, has released an important update, version 2.2.1. Users are recommended to update to this release, especially if they are currently running 2.2.0, to avoid the block cloning bug. Users running older versions of ZFS are unaffected by this issue.

Changes in version 2.2.1 include:

• Disabling block cloning by default to fix a block cloning bug that could result in data corruption
• Adding a tunable to disable BRT support
• Auto-generating changelog during configure for packaging
• Compatibility updates for Linux 6.6
• Various bug fixes and optimizations

Supported Platforms:

• Linux: compatible with 3.10 - 6.6 kernels
• FreeBSD: compatible with releases starting from 12.2-RELEASE

For more information and to download the latest release, visit the OpenZFS GitHub page.

FreeBSD 14 has been released as the newest major release of the open-source BSD operating system. After a few minor release delays, FreeBSD 14.0-RELEASE is now officially available. FreeBSD 14 is the last series for this OS project supporting 32-bit systems. FreeBSD 15 will drop support for 32-bit hardware platforms although FreeBSD 15 64-bit systems will retain support for running 32-bit binaries. That 32-bit binary compatibility is expected to be supported at least through FreeBSD 16.

FreeBSD 14 also adds a new “fwget” utility for fetching firmware packages. The fwget utility initially can get firmware for Intel and AMD GPUs. FreeBSD 14 goes on to replace sendmail with dma, OpenZFS 2.2 provides the latest ZFS file-system support, Kinst as a new DTrace provider, makefs adding ZFS support, boottrace is a new interface for capturing trace events during system boot and shutdown processes, the kernel TLS offloading handling receive-side offloading of TLS 1.3, initial WiFi 6 support in WPA, sh is now the default shell for the root user, and an updated LLVM toolchain.

FreeBSD 14 on ARM64 and AMD64 now supports up to 1024 CPU cores, up from the current limit of 256 cores. FreeBSD 14 should also reboot faster, ISA sound card support was removed, and there is a new Intel QAT driver with more features and support than the prior FreeBSD QAT driver for QuickAssist Technology. Netflix also sponsored the removal of many other old drivers from FreeBSD.

FreeBSD 14.0-RELEASE is a great step forward for getting this BSD operating system running on the latest hardware and making other improvements as we approach 2024.

More details and downloads for FreeBSD 14.0 can be found on FreeBSD.org.

Source: Phoronix.

Portainer has published an article titled “GitOps - The Path Forward” that explores the concept of GitOps and how it can be implemented using the Portainer platform. The article begins by discussing the importance of adhering to compliance standards like GDPR and the need for secure cloud environments. GitOps is presented as a recommended operational framework for implementing infrastructure and development methodologies that ensure compliance and effective infrastructure management.

The article goes on to explain the fundamental concepts of GitOps, including automation, version control, continuous integration/continuous delivery, auditing, compliance, version rollback, and collaboration. It highlights the requirements for implementing GitOps, such as Infrastructure as Code (IaC), pull request reviews, CI/CD pipelines, automation, version control, auditability, rollback and forward capabilities, and collaboration.

The article then focuses on how Portainer facilitates the implementation of GitOps. It mentions that Portainer offers a suite of tools designed specifically for GitOps, including RBAC, automation, and visibility. It highlights the role-based access control (RBAC) feature of Portainer, which provides precise access control to Kubernetes platforms and container runtime environments. Portainer also integrates with authentication providers like LDAP and Microsoft AD. The article further explains how Portainer enables GitOps automation by connecting with Git repositories and allowing for automated application deployment to Kubernetes clusters and container environments. It also mentions how Portainer provides updates and monitoring solutions for GitOps operations through container logs, authentication logs, and event lists.

In conclusion, the article emphasizes that GitOps is a contemporary methodology for managing infrastructure and applications, and leveraging GitOps strategies like auditing, rollback, and roll forward can enhance operational agility, reliability, and compliance. The article highlights the benefits of using the Portainer platform for implementing GitOps, including RBAC, automation, and monitoring capabilities.

Netmaker, a tool that creates networks using WireGuard, has released version v0.21.2. This tool automates the creation of fast, secure, and distributed virtual networks. Netmaker leverages Kernel WireGuard, which provides maximum speed, performance, and security for the virtual networks it creates.

The latest release, v0.21.2, brings several improvements and fixes to Netmaker. Some of the new features include auto relay via enrollment key and improvements in local routing.

In terms of fixes, the release addresses an inconsistency in DNS entries for networks, ensures validation of unique network CIDR, fixes caching discrepancies in extclient, resolves issues with deleted node peer updates when disconnected from the network, and adds a force deletion option for daemon nodes stuck in the removing state.

However, there are a few known issues with this release. The Windows installer does not install WireGuard, and the netclient-gui may continuously display an error dialog if the Netmaker server is offline. Additionally, there are IPv6 address and route issues on Mac, and the network tab in netclient-gui may appear blank after disconnecting.

Overall, Netmaker’s latest release offers improved functionality and fixes for a smoother experience in creating virtual networks with WireGuard.