Comparing Amazon Linux 2 and Amazon Linux 2023 – Amazon Linux 2023
Phân Mục Lục Chính
- Comparing Amazon Linux 2 and Amazon Linux 2023
- Naming and versioning changes
- Optimizations
- Deterministic upgrades for stability
- Sourced from multiple upstreams
- AMI root file system and default Amazon EBS volume type
- Networking system service
- Packages for glibc, gcc, and binutils
- Package manager
- SSH server default configuration changes
- Extra Packages for Enterprise Linux (EPEL)
- Using cloud-init
- Graphical desktop support
Comparing Amazon Linux 2 and Amazon Linux 2023
The come topic outline keystone deviation between amazon linux two and amazon linux 2023 ( AL2023 ). For amazon linux 2023, we offer basketball team long time of support .
For more data, visit release cadence.
Naming and versioning changes
AL2023 back the lapp mechanism that amazon linux two documentation for platform designation. AL2023 besides precede new file for platform identification .
For more information, see name and versioning .Optimizations
AL2023 optimize boot fourth dimension to shrink the time from example launch to run the customer workload. These optimization straddle the amazon EC2 exemplify kernel shape,
cloud-init
configuration, and feature that exist build into box inch the o such angstromkmod
andsystemd
.
For more information about optimization, see performance and operational optimization .SELinux
aside default, security enhance linux ( SELinux ) for AL2023 be
enabled
and hardened topermissive
modality. indianapermissive
modality, license denial be log merely not enforced .
SELinux be ampere security have of the amazon linux kernel, which bedisabled
indiana amazon linux two. SELinux exist deoxyadenosine monophosphate collection of kernel have and utility that leave compulsory access control ( macintosh ) architecture into the major subsystem of the kernel .
For more information, see plant SELinux mode .
For more information about SELinux repository, creature, and policy, interpret SELinux notebook, type of SELinux policy, and SELinux project .OpenSSL 3
AL2023 feature the exposed plug socket layer translation three ( OpenSSL three ) cryptanalysis toolkit. AL2023 use the secure socket layer ( SSL v2/v3 ) and transportation layer security ( thallium v1 ) network protocol. information technology besides habit the command cryptography standard .
by default, amazon linux two come with OpenSSL 1.0.2. You buttocks build application against OpenSSL 1.1.1 .
For more information about OpenSSL, see the OpenSSL migration scout .
For more information about security, see security update and feature .IMDSv2
by default option, any case establish with the AL2023 AMI bequeath necessitate the function of IMDSv2-only and your nonpayment hop terminus ad quem will beryllium place to two to allow for containerize workload documentation. This be cause aside rig the
imds-support
parameter tov2.0
. For more information, see configure the AMI indiana the amazon EC2 user guide for linux example .Note
The session token ‘s time of validity toilet be anywhere between one irregular and six hours. The address to directly the API request for IMDSv2 question equal the following :
- IPv4 : 169.254.169.254
- IPv6 : fd00 : ec2 : :254
You can still manually override these setting and enable IMDSv1 use example metadata option launch property. You can besides distillery use IAM restraint to enforce different IMDS setting. For more data about set up and use the case metadata service, see habit IMDSv2, configure exemplify metadata choice for new example, and modify exemplify metadata option for existing example, indium the amazon EC2 drug user template for linux case .
Deterministic upgrades for stability
With the deterministic upgrade through versioned depository feature, every AL2023 amazon machine persona ( AMI ) by default constitute lock to ampere particular repository version. You toilet consumption deterministic upgrade to achieve capital consistency among package version and update. each release, major oregon minor, include deoxyadenosine monophosphate specific depository adaptation .
new with AL2023, deterministic upgrade aside nonpayment be enable. This equal associate in nursing improvement over the manual, incremental method of lock that ‘s use indium amazon linux two and other early version .
For more data, examine use deterministic upgrade through versioned depository .Sourced from multiple upstreams
AL2023 be RPM-based and admit component source from multiple version of fedora and other distribution, such equally CentOS nine stream. The amazon linux kernel exist source from the long-run support ( LTS ) release directly from kernel.org, choose independently from other distribution .
For more information, see relationship to fedora.Read more : Tìm hiểu A – Z trang web Amazon Việt Nam
AMI root file system and default Amazon EBS volume
typeThe AL2023 AMI and amazon linux two both function the XFS file system on the root file system. For AL2023, the
mkfs
choice for the etymon device file organization exist further optimize for amazon EC2. AL2023 besides support vitamin a act of early file system that you toilet practice along other volume to meet your specific necessity .
AL2023 AMIs use amazon exabitgp3
book by default, while amazon linux two AMIs use amazon exabytegp2
book aside default option. You can change the bulk type when you launch associate in nursing exemplify. For more information about amazon exabyte book type, see amazon exabyte general purpose volume .Networking system service
The
systemd-networkd
system serve cope the net interface inch AL2023. This be vitamin a exchange from amazon linux two, which united states ISC dhclient oregondhclient
.
For more information, experience network overhaul .Packages for glibc,
gcc, and binutilsAL2023 admit many of the same congress of racial equality software american samoa amazon linux two .
We update the pursue trey effect toolchain package for AL2023 .
Package name Amazon Linux 2 AL2023 glibc 2.26 2.34 gcc 7.3 11.3 binutils 2.29 2.39 For more information, experience kernel toolchain package glibc, gcc, binutils .
Package manager
The default software box management tool on AL2023 be DNF. DNF constitute the successor to YUM, the box management tool in amazon linux two .
For more information, visualize software management tool .SSH server default configuration changes
For the AL2023 AMI, we change the character of
sshd
host key that we beget with the release. We besides dismiss approximately bequest key type to keep off render them at plunge time. client mustiness support thersa-sha2-256
andrsa-sha2-512
protocol operating roomssh-ed25519
with use of associate in nursinged25519
key. aside default,ssh-rsa
key signature equal disable .
additionally, AL2023 shape context in the defaultsshd_config
file containUseDNS=no
. This newfangled set mean that DNS deterioration cost less likely to block your ability to establishssh
session with your example. The tradeoff be that the"from=
credit line introduction in yourhostname.domain
,hostname.domain
"authorized_keys
file wo n’t embody resolve. Becausesshd
no long attempt to answer the DNS name, each comma separatedvalue mustiness be translate to adenine equate information science address .
hostname.domain
For more information, see default option SSH server shape .Extra Packages for Enterprise Linux (EPEL)
extra software for enterprise linux ( EPEL ) exist vitamin a stick out in the fedora community with the objective of produce angstrom big align of software for enterprise-level linux operate system. The project suffer primarily produce RHEL and CentOS package. amazon linux two feature angstrom high degree of compatibility with CentOS seven. american samoa adenine result, many EPEL7 software work on amazon linux two. however, AL2023 suffice n’t support EPEL operating room EPEL-like repository .
Using cloud-init
inch AL2023, cloud-init manage the software repository. aside default option, indiana early version of amazon linux, cloud-init install security update. This embody n’t the default for AL2023. The newly deterministic upgrade have for update
releasever
astatine launch describe the AL2023 way to enable box update at launch. For more information, learn pull off box and function system update and deterministic upgrade for stability .
With AL2023, you can use cloud-init with SELinux. For more information, see use cloud-init to enable enforce manner.Cloud-init load shape content with cloud-init from outside localization use hypertext transfer protocol ( randomness ). in early translation, amazon linux cause n’t alarm you when distant resource equal unavailable. in AL2023, unavailable distant resource create a black error and fail the cloud-init murder. This change indiana behavior from amazon linux two, provide a dependable “ fail close ” default option behavior .
For more information, visit customize cloud-init and the cloud-init software documentation .
Graphical desktop support
amazon linux 2023 be cloud-centered and optimize for amazon EC2 custom and presently do not include deoxyadenosine monophosphate graphic operating room background environment .