Written by Frank Heimes, community member, Ubuntu
The jellyfish submerged – 22.04 emerged!
The new Ubuntu 22.04 LTS (codename jammy jellyfish) was officially released for all major architectures on April the 21st!
This blog post is about Ubuntu Server 22.04, with a special focus on IBM zSystems / LinuxONE (s390x).
The support for this (and all) LTS releases is 5 years base support, plus another 5 years ESM support, so up to 10 years in total.
So it’s another ideal release for hosting long running production workloads.
Ubuntu 22.04 LTS comes with kernel 5.15.0-25 as initial kernel.
But over time more the usual point releases of 22.04 (.1 to .5) will follow,
and starting with 22.04.2 an additional, optional hardware-enablement kernel will be made available. The first one will be based on the kernel used in Ubuntu 22.10.
Upgrades are again possible using the ‘do-release-upgrade’ helper and can be done from the:
– previous non-LTS Ubuntu release (21.10/Impish Indri)
– or from the previous LTS release (20.04/Focal Fossa)
Starting with Ubuntu 20.04, the minimal architectural level set was raised to z13; thus all IBM zSystems and LinuxONE hardware of generation z13 or newer that were in service at that time are supported. This also applies to all following Ubuntu releases (including 22.04), unless further notice. Support for additional future hardware might be added later on top – well, support for the upcoming IBM z16 is already included, since the development of the just announced IBM z16 happened largely in parallel to the development of the latest Ubuntu Server 22.04 LTS.
This is not limited to the support of the new central-execution-complex (CEC), but also includes it’s pheripherials and special facilities, like for example latest cryptography hardware (CPACF and CryptoExpress), hardware compression deflate, RoCE network adapters for SMC, Secure Execution or the new Telum processor for on-chip AI acceleration.
So the support for the new IBM Z hardware materialized in different areas, like just mentioned at the kernel and device driver level, but also at the tool-chain level (namely gcc, gdb and llvm), but also in key libraries and components like binutils, glibc and of course the s390-tools package.
With the updated kernel 5.15, the s390-tools were upgraded too and aligned and several fixes and functional enhancements added.
The kernel itself as well as the s390-tools and libraries contain support for new IBM Z hardware, like the updated tool-chain as well, especially gcc, gdb/binutils and LLVM.
QEMU/KVM virtualization stack and Secure Execution updates, incl. refinements like storage key checking, access register mode enablement and GISA guest interrupt handling.
Significant cryptography updates – the entire s390x crypto stack got updated, including kernel, libica, openssl-ibmca, opencryptoki and cryptsetup.
New network capabilities added with HSCI (HiperSockets Converged Interface) Multi-MAC support for enhanced KVM and z/OS interoperation and Shared Memory Communication (SMC) EID (Enterprise ID), statistics and SMC-R v2 support.
Various library updates, like qclib, glibc, PCRE2 and Eigen, that lead to further performance improvements on s390x – as well as the brand new (s390x-only) libraries: libzpc and libzDNN.
See the following (non-complete) list about the key package versions of 22.04 LTS:
- Kernel 5.15
- qemu 6.2
- libvirt 8.0.0
- virt-manager 4.0.0
- glibc 2.35
- binutils 2.38
- gcc-default 11.2 (12, 10, 9 in universe)
- gdb 12.0
- LLVM 14 default (11, 12, 13 and 15 exp.)
- python 3.10
- go / golang 1.18
- ruby 3.0
- valgrind 3.18.1
- smc-tools 1.7.0
- openssl 3.0.2
- openssl-ibmca 2.2.3
- libica 4.0.1
- opencryptoki 3.17+
- cryptsetup 2.4.3
- cloud-init 22.1
- docker.io 20.10.12
- netplan 1.10.1
- util-linux 2.37
- PHP 8.1
- qclib 2.3.0
- systemd 249
- s390-tools 2.20+
- libzpc 1.0.0
- libzdnn 0.4.0
For more details on a feature request base, I’m referring to the official Ubuntu 22.04 LTS Release Notes (look for the ‘s390x’ paragraph).
Now, what does a modern distribution like Ubuntu 22.04 LTS offer to customers and the larger community? Let’s have a look at the following 3 example areas:
Ubuntu is by far the most popular Cloud operating system with:
– 100,000 launches daily across public clouds
– 800,000 image pulls daily on Docker Hub
– 40% of open stack developments
And the look and feel of Ubuntu is the same, whether it runs on Raspberry Pi, PC/Laptop, Cloud or even an IBM zSystem or LinuxONE machine – however the bare-metal deployments might be different.
To simplify the deployment of an LPAR (which is closest to bare-metal that an IBM zSystems machine offers), there is now:
– MAAS (Metal-as-a-service) v3.x (on DPM systems) and
– the collaboration with the IBM LinuxONE Bare Metal Servers offering
In addition LXD v5.0 allows to handle containers like VM, but nowadays also supports KVM VM directly (incl. cluster support and P2C, P2v), provides an extremely simple way of using containers (just like virtual machines) and real (KVM) virtual machines themselves.
On a higher level a choice of two Kubernetes distributions are available: Charmed Kubernetes and Microk8s.
Ubuntu is delivered as ISO, Cloud and Container images and the deployment is done with the help of cloud-init.
All these options, in addition to traditional on-premise systems, allow you to deploy a system in an environment that is optimal for your specific use-case, whether it’s public, private or hybrid Cloud like and in an easy to consume way.
Security and resiliency are key for Linux on IBM zSystems and strong hardware-assisted cryptography is one consequence of it.
But security with strong cryptography is only valuable if it’s properly set up and configured.
Here Ubuntu’s focus on ease of use is again noteworthy, since with just two commands one can install and exploit the IBM zSystems cryptography hardware (CPACF and CryptoExpress).
With Ubuntu 22.04:
– the chacha20 in-kernel stream cipher (RFC 7539) was hardware optimized using SIMD
– the kernel zcrypt device driver is now able to exploit the latest z16 crypto hardware,
– especially Crypto Express8S (CEX8S)
– and a brand new protected key crypto library package (libzpc) was added, that allows a simplified use of protected key cryptography
In addition virtually the entire cryptography stack was updated, due to the switch to OpenSSL 3.
And with that more Quantum-safe options became available:
– library for quantum-safe cryptographic algorithms (liboqs)
– post-quantum encryption and signing tool (codecrypt)
– implementation of public-key encryption scheme NTRUEncrypt (libntru)
So if you want to be at the forefront of such developments, Ubuntu is a great choice.
But nevertheless, already existing initiatives and approaches and like Pervasive Computing/Confidential Computing and Secure Execution got maintained and refined as well.
The base are often mathematical libraries, like Eigen, Blast and Atlas, in case of Ubuntu optimized for IBM zSystems hardware,
One may even further optimize these for local hardware, based on the very latest toolchain, that’s available with Ubuntu.
Juju, MicroK8s and Kubeflow are options for ML operations.
Due to the support for z16, real-time AI for in-transaction processing becomes possible, too.
And a new low-level IBM Z Deep Neural Network Library (zDNN), provides an interface for applications that make use of Neural Network Processing Assist Facility (NNPA).
To sum it up: Ubuntu Server 22.04 LTS provides a broad variety of packages and options (newest libzpc and libzDNN), allows to make the most out of the latest hardware (like z16), support you in popular technological areas (see examples above) – and all that by focusing on easy of use, by being completely Open Source and driven by a great Open Source community and Canonical.
Some more resources and references on Ubuntu 22.04:
For the full Release announcement see: https://lists.ubuntu.com/archives/ubuntu-announce/2022-April/000279.html
Ubuntu 22.04 aka Jammy Jellyfish Release Notes: https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes
Check out what’s all new in 22.04, and see the s390x paragraph)
Jammy Jellyfish Release schedule: https://discourse.ubuntu.com/t/jammy-jellyfish-release-schedule
Release ISOs, especially: http://cdimage.ubuntu.com/releases/22.04/release/ubuntu-22.04-live-server-s390x.iso
Cloud images: https://cloud-images.ubuntu.com/releases/jammy/release/ (or: https://cloud-images.ubuntu.com/)
LXC and LXD images as usual at: https://images.linuxcontainers.org/
Now good luck with catching the jellyfish 😉