Fedora 19 includes an option for using the Extlinux bootloader, part of the Syslinux family of bootloaders. This bootloader is not as advanced as the default Grub2 bootloader and will not work in all circumstances. The target use-case for F19 is lightweight cloud images, but you may find Extlinux useful in other situations as well.

Currently, Extlinux does not support LVM, and while it does support btrfs, that support is limited. An ext2, ext3, or ext4 boot filesystem is required, as either the root filesystem or a small standalone /boot partition. Additionally, currently only X86 architectures are supported.

To enable Extlinux, either use the extlinux keyword on the Anaconda command line, or use the "--extlinux" flag for the bootloader command in kickstart. This feature is not made visible in the installer's graphical or text-mode user interfaces.

Initial setup screens have been revamped for Fedora 19. GNOME now offers user creation and configuration at first boot. Other environments will instead use the new functionality from the installer.

The Fedora 19 installer does not currently support configuration of remote authentication during installation. However, if GNOME is being installed and no users are created by the installer, the first boot of GNOME will provide a user creation dialog that supports FreeIPA and AD.

Users requiring remote authentication under other use cases should configure it in a kickstart file or after the installation is complete.

The rewrite of the anaconda installer begun in Fedora 18 continues. Fedora 19 provides support during installation for advanced storage, such as fcoe, iscsi, and multipath. The text mode of the installer has also been improved.

Fedora can now join a domain from a kickstart file or from the anaconda, using one time passwords and a simple syntax.

        # example kickstart lines to join realm:
        network --hostname=machine.ad.example.com
        realm join --one-time-password=MyPassword ad.example.com

This Fedora release builds an initramfs tailored especially for your computer hardware, allowing faster boot. If you change your machine or significant hardware, you might have to boot with the Rescue boot entry and execute dracut --regenerate-all. If you want your initramfs to be hardware independent, install the dracut-nohostonly rpm package. If you don't want rescue images at all (like in virtual machines), install the dracut-norescue rpm package.

The appearance of GRUB and GRUB menus have been changed to present a more seamless, appealing look.

A long-standing class of security issues is the link based time-of-check-time-of-use race, most commonly seen in world writable directories like /tmp. The common method of exploitation of this flaw is to cross privilege boundaries when following a given link, such as when a root process follows a link belonging to another user. In Fedora 19, we permit links to only be followed when outside a sticky world-writable directory, or when the uid of the link and follower match, or when the directory owner matches the link's owner. In previous releases, this was enforced by SELinux policy and in this release, the restrictions are enabled by sysctl settings in /usr/lib/sysctl.d/00-system.conf as an additional layer of protection:

        fs.protected_hardlinks = 1
        fs.protected_symlinks = 1

Refer to http://lwn.net/Articles/503660/ and https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7 for more detailed information about this change.

Root anchored certificate authorities are consumed from single location and shared by most applications, unless those applications are explicitly configured with other certificates.

A system administrator can now place a non-standard certificate authority to be a trusted root as a file in a directory location. After running a tool, it will be used by most applications as expected, except those otherwise configured.

For implementation details, read http://fedoraproject.org/wiki/Features/SharedSystemCertificates:Testing.

With the latest major release to SSSD the integration into Active Directory domains has been improved. AD sites are respected and SSSD tries to access the nearest domain controller. Users and groups from trusted domains are available.

Kerberos in Fedora 19 has been improved. It is now possible to authenticate using kerberos regardless of the local system time being in sync with that of the kerberos server.

Various kerberos bugs, including handling of reverse DNS records, have been fixed in order to make a more seamless kerberos experience.

Fedora 19 features gssproxy, an opensource project that aims to improve GSSAPI usage from both the kernel for authenticating remote file system access as well as user-space applications. It does provide fine-grained access control on Kerberos keytab access and it overcomes various limitations the kernel had when dealing with Kerberos tickets.

open-vm-tools, the open source implementation of VMware Tools, is now available from Fedora.

Pacemaker now supports the ability to manage resources remotely on non-cluster nodes through the use of the pacemaker_remote service. This feature allows pacemaker to manage both virtual guests and the resources that live within the guests all from the host cluster node without requiring the guest nodes to run the cluster stack.

View http://clusterlabs.org/doc/ and the usage summary at http://fedoraproject.org/wiki/Features/High_Availability_Container_Resources for more information.

KVM and libvirt now support a performant way to live migrate virtual machines with no shared storage between the hosts. A running VM and its disk images are relocated to a new machine with no downtime.

For more information, read:

http://wiki.qemu.org/Features/LiveBlockMigration

http://wiki.qemu.org/Features/LiveBlockMigration/ImageStreamingAPI

https://www.redhat.com/archives/libvir-list/2013-February/msg00277.html

KVM and libvirt now support a paravirtual random number generator device. This can be used to prevent entropy starvation in virtual machines.

These links document and explain Virtio RNG:

http://wiki.qemu-project.org/Features/VirtIORNG

https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02235.html

https://www.redhat.com/archives/libvir-list/2013-January/msg00775.html

https://www.redhat.com/archives/libvir-list/2012-December/msg00937.html

http://egd.sourceforge.net/

http://log.amitshah.net/2013/01/about-random-numbers-and-virtual-machines/

https://lwn.net/Articles/525459/

Ready-to-run cloud images are provided as part of Fedora 19. These are available in Amazon EC2 or for direct download. The downloadable images are available in compressed raw image format and in qcow2 for immediate use with EC2, OpenStack, CloudStack, or Eucalyptus. The images are configured with cloud-init, and so will take advantage of ec2-compatible metadata services for provisioning SSH keys.

OpenShift Origin, the community-supported version of Red Hat's OpenShift, is available for the first time in Fedora 19.

OpenStack is upgraded to the latest stable release, code named "Grizzly". OpenStack Grizzly includes the Incubation projects Heat and Ceilometer, as well as numerous other upgrades and improvements. A detailed list of changes is available at https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly

Several subprojects are also available, as noted below.

Fedora 19 features MariaDB, an improved and more open fork of MySQL with a thriving community. MariaDB is used as the default mysql compatible database, and the change should be transparent to almost all MySQL users. If required, the original MySQL packages are still available as community-mysql.

To learn more about migrating to MariaDB, read https://kb.askmonty.org/en/mariadb-versus-mysql-features/ and https://kb.askmonty.org/en/mariadb-versus-mysql-compatibility/.

Apache Derby, an open source relational database implemented entirely in Java, has been updated to version 10.9.1.0. For detailed information on the changes to Derby, consult the project's website at http://db.apache.org/derby/

The functionality of sqlite has been expanded and improved with the update to version 3.7.15. The project provides a release history at http://www.sqlite.org/changes.html

Fedora 19 offers NFSTest, a suite of tools for testing NFS clients and services. Detailed information is available at http://wiki.linux-nfs.org/wiki/index.php/NFStest

Services with a PrivateTmp= directory defined in their configuration make use of a private temporary directory that is shared by all processes of the service. These temporary files are deleted when the service is stopped.

The yum-presto plugin, used for handling delta RPM files, has been merged into yum. To disable use of delta RPM packages, set deltarpm=0 in /etc/yum.conf. Refer to man yum.conf for more details.

By using the yum-plugin-fs-snapshot package, thinly provisioned LVM filesystems can be automatically snapshot on package updates.

Existing thinly provisioned volumes are required. Snapshotting is enabled in the plugin's configuration file at /etc/yum/pluginconf.d/fs-snapshot.conf:

Set enabled=1 in the [lvm] section to enable.

set create_snapshots_in_post=1 in the [main] section to create a snapshot after the yum transaction.

By handling package groups as objects rather than static lists, package managers like yum will now store the information and use it for later group related commands, and updates will automatically bring in new packages added to the group.

The OpenLMI infrastructure has been greatly improved. A new storage API and providers for monitoring, hardware information, realmd, and firewall have been added. Improvements have also been made in in the existing providers. Packaged documentation has been updated to reflect the new features.

Performance Co-Pilot, a framework and suite of servers for system-level performance monitoring and management, has been updated to version 3.7. Consult the project's release notes at http://oss.sgi.com/projects/pcp/news.html and their documentation at http://oss.sgi.com/projects/pcp/pcp-gui.git/man/html/index.html

Fedora 19 ships the 3.x series of the popular puppet toolkit. For details on puppet 3, consult the project's documentation at http://docs.puppetlabs.com/puppet/3/reference/release_notes.html