The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.
The Release Notes document the major features and enhancements implemented in the Red Hat Enterprise Linux 7.0 release. For detailed information regarding the changes between Red Hat Enterprise Linux 6 and 7, consult the Migration Planning Guide. Known problems are listed in the Technical Notes.
Acknowledgements
Red Hat Global Support Services would like to recognize Sterling Alexander and Michael Everette for their outstanding contributions in testing Red Hat Enterprise Linux 7.
Red Hat Enterprise Linux minor releases are an aggregation of individual enhancement, security and bug fix errata. The Red Hat Enterprise Linux 7.0 Release Notes documents the major changes made to the Red Hat Enterprise Linux 7 operating system and its accompanying applications for this minor release. Information about known issues found in this minor release is available in the Technical Notes.
Important
The online Red Hat Enterprise Linux 7.0 Release Notes, which are located online here, are to be considered the definitive, up-to-date version. Customers with questions about the release are advised to consult the online Release and Technical Notes for their version of Red Hat Enterprise Linux.
Chapter 1. Introduction
Red Hat is pleased to announce the availability of Red Hat Enterprise Linux 7.0, the next generation of Red Hat's comprehensive suite of operating systems, designed for mission-critical enterprise computing and certified by top enterprise software and hardware vendors.
Chapter 2. Architectures
Red Hat Enterprise Linux 7.0 is available as a single kit on the following architectures [1]:
The following functions and capabilities are planned to be deprecated in Red Hat Enterprise Linux 7.0, and may be removed from a future version of the product. Where appropriate, alternative capabilities are suggested below.
Table 4.1. Deprecated Packages
Functionality/Package
Alternative
Migration Notes
ext2, ext3 file system support
ext4
ext4 code can be used for ext2 and ext3 file systems
sblim-sfcb
tog-pegasus
Legacy RHN Hosted registration
subscription-manager and Subscription Asset Manager
acpid
systemd
evolution-mapi
evolution-ews
Please migrate from Microsoft Exchange Server 2003 machines
gtkhtml3
webkitgtk3
sendmail
postfix
edac-utils and mcelog
rasdaemon
libcgroup
systemd
cgutils will continue to exist in Red Hat Enterprise Linux 7.0 but systemd is evolving capabilities to enable customers to migrate in later releases
krb5-appl
openssh
OpenSSH contains functionally similar tools which are implemented using more actively maintained standards and in a more actively developed and maintained code base.
lvm1
lvm2
lvm2mirror and cmirror
lvm2 raid1
lvm2 raid1 does not support clusters. There is no plan to replace cmirror.
4.2. Removed Packages
This section list packages removed from Red Hat Enterprise Linux 7 as compared with Red Hat Enterprise Linux 6.
Table 4.2. Removed Packages
Functionality/Package
Alternative
Migration Notes
gcj
OpenJDK
Do not compile Java applications to native code with gcj.
32-bit architectures as installation architectures
64-bit architectures
Applications will still run with compatibility libraries. Test your applications on 64-bit Red Hat Enterprise Linux 6. If 32-bit boot support is required, continue to use Red Hat Enterprise Linux 6.
IBM POWER6 support
None
Continue to use Red Hat Enterprise Linux 5 or 6.
Matahari
CIM-based management
Matahari was removed from Red Hat Enterprise Linux 6.4. Do not use.
ecryptfs
Use existing LUKS or dm-crypt block-based encryption
Migration is not available; users need to recreate encrypted data.
TurboGears2 web application stack
None
OpenMotif version 2.2
Motif 2.3
Rebuild applications against the current Motif version that is in Red Hat Enterprise Linux 6.
webalizer web analytics tool
None
compiz window manager
gnome-shell
Eclipse developer toolset
None
Eclipse is now offered in the Red Hat Developer Toolset product.
Qpid and QMF
None
Qpid and QMF are available in the MRG product.
amtu
None
Common Criteria certifications no longer require this tool.
system-config-services
systemadm
pidgin front ends
empathy
perl-suidperl interpreter
None
This functionality is no longer available in upstream Perl.
gnome-disk-utility is also present in Red Hat Enterprise Linux 6. Note that system-storage-manager should be used for simpler tasks, whereas the lvm2 command can be used for fine tuning and more complex operations related to LVM.
system-config-network
nm-connection-editor, nmcli
nm-connection-editor is also present in Red Hat Enterprise Linux 6.
taskjuggler
None
thunderbird
evolution
vconfig
iproute
All vconfig features are provided by the ip tool from the iproute package. See the ip-link(8) manual page for more details.
Assorted older graphics drivers
Modern hardware or the vesa driver
xorg-x11-twm
None
xorg-x11-xdm
gdm
system-config-firewall
firewall-config and firewall-cmd
system-config-firewall is still available as part of an alternative firewall solution for static-only environments along with iptables services.
mod_perl
mod_fcgid
mod_perl is incompatible with HTTP 2.4
busybox
None
prelink
None
Note that prelink is included in Red Hat Enterprise Linux 7.0, but is disabled by default.
KVM and virtualization packages (in the ComputeNode variant)
KVM and virtualization equipped variant such as a Server variant
module-init-tools
kmod
kernel-firmware-*
linux-firmware
flight-recorder
None
wireless-tools
To do basic wireless device manipulation from the command line, please use the iw binary from the iw package.
libtopology
hwloc
digikam
None
Due to complex dependencies, the digiKam photo management program is not available in the Red Hat Enterprise Linux 7.0 software channels.
NetworkManager-openswan
NetworkManager-libreswan
KDE Display Manager, KDM
GNOME Display Manager, GDM
GNOME Display Manager is the default display manager in Red Hat Enterprise Linux 7.0. Note that KDE (K Desktop Environment) is still available and supported.
virt-tar
virt-tar-in and virt-tar-out
Note that the command line syntax has changed. Please consult the manual pages for more information.
virt-list-filesytems
virt-filesystems
Note that the command line syntax has changed. Please consult the manual pages for more information.
virt-list-partitions
virt-filesystems
Note that the command line syntax has changed. Please consult the manual pages for more information.
4.3. Deprecated Drivers and Modules
The following drivers and modules have been deprecated in Red Hat Enterprise Linux 7.0 and may be removed in future releases of Red Hat Enterprise Linux.
Graphics Drivers
xorg-x11-drv-ast
xorg-x11-drv-cirrus
xorg-x11-drv-mach64
xorg-x11-drv-mga
xorg-x11-drv-openchrome
Note that all of the above graphics drivers have Kernel Mode Setting (KMS) drivers replacing them.
Input Drivers
xorg-x11-drv-void
Storage Drivers
3w-9xxx
arcmsr
aic79xx
4.4. Discontinued Kernel Drivers, Modules and Features
This section lists drivers and modules removed from Red Hat Enterprise Linux 7.0 as compared with Red Hat Enterprise Linux 6.
The Red Hat Enterprise Linux installer, Anaconda, has been redesigned and enhanced in order to improve the installation process for Red Hat Enterprise Linux 7.
Interface
Anaconda features a new text mode that works on IBM S/390 typewriter terminals, and which can also be used in write-only mode.
Anaconda now features a newly-redesigned graphical user interface that employs a modern and intuitive hub-and-spoke interaction model.
The Anaconda installer features improved l10n (localization) support.
Initial Setup is ensured by firstboot.
Storage
Directly-formatted unpartitioned devices are supported.
The temporary file storage facility, tmpfs, can now be configured during installation.
LVM thin provisioning is now supported.
The Btrfs file system is now supported as a Technology Preview.
Networking
Networking features include support for teaming, bonding and NTP (Network Time Protocol) configuration. For further details, see Chapter 13, Networking.
Developer Tooling
Anaconda now uses the improved makeupdates script.
Other Features
Geolocation is now supported: language and timezone are preselected from GeoIP.
Screenshots are now supported globally.
Anaconda now supports add-ons.
The loader binary has been replaced by dracut modules.
The realmd DBus service has been integrated into kickstart.
The Red Hat Enterprise Linux 7.0 Installation Guide provides detailed documentation on the installer and the installation process.
5.2. Boot Loader
GRUB 2
Red Hat Enterprise Linux 7.0 includes a new boot loader, GRUB 2, which is more robust, portable, and powerful than its predecessor, GRUB, which is the boot loader that Red Hat Enterprise Linux 6 uses. GRUB 2 provides a number of features and improvements, the most notable of which are:
In addition to the 64-bit Intel and AMD architectures, GRUB 2 supports a wider variety of platforms, including PowerPC.
GRUB 2 supports additional firmware types, including BIOS, EFI and OpenFirmware.
In addition to supporting Master Boot Record (MBR) partition tables, GRUB 2 supports GUID Partition Tables (GPT).
In addition to the Linux file systems, GRUB 2 also supports non-Linux file systems such as Apple Hierarchical File System Plus (HFS+) and Microsoft's NTFS file system.
Chapter 6. Storage
LIO kernel Target Subsystem
Red Hat Enterprise Linux 7.0 uses the LIO kernel target subsystem, which is the standard open source SCSI target for block storage, for all of the following storage fabrics: FCoE, iSCSI, iSER (Mellanox InfiniBand), and SRP (Mellanox InfiniBand).
Red Hat Enterpise Linux 6 uses tgtd, the SCSI Target Daemon, for iSCSI target support, and only uses LIO, the Linux kernel target, for Fibre-Channel over Ethernet (FCoE) targets via the fcoe-target-utils package.
The targetcli shell provides the general management platform for the LIO Linux SCSI target.
Fast Block Devices Caching Slower Block Devices
The ability to have fast block devices act as a cache for slower block devices is introduced as a Technology Preview in Red Hat Enterprise Linux 7.0. This feature allows a PCIe SSD device to act as a cache for direct-attached storage (DAS) or storage area network (SAN) storage, which improves file system performance.
LVM Cache
Red Hat Enterprise Linux 7.0 introduces LVM cache as a Technology Preview. This feature allows users to create logical volumes with a small fast device performing as a cache to larger slower devices. Please refer to the lvm(8) manual page for information on creating cache logical volumes.
Note that the following commands are not currently allowed on cache logical volumes:
pvmove: will skip over any cache logical volume,
lvresize, lvreduce, lvextend: cache logical volumes cannot be resized currently,
vgsplit: splitting a volume group is not allowed when cache logical volumes exist in it.
Storage Array Management with libStorageMgmt API
Red Hat Enterprise Linux 7.0 introduces storage array management as a Technology Preview. libStorageMgmt is a storage array independent Application Programming Interface (API). It provides a stable and consistent API that allows developers to programmatically manage different storage arrays and utilize the hardware-accelerated features provided. System administrators can also use it as a tool to manually configure storage and to automate storage management tasks with the included Command Line Interface (CLI).
Support for LSI Syncro
Red Hat Enterprise Linux 7.0 includes code in the megaraid_sas driver to enable LSI Syncro CS high-availability direct-attached storage (HA-DAS) adapters. While the megaraid_sas driver is fully supported for previously enabled adapters, the use of this driver for Syncro CS is available as a Technology Preview. Support for this adapter will be provided directly by LSI, your system integrator, or system vendor. Users deploying Syncro CS on Red Hat Enterprise Linux 7.0 are encouraged to provide feedback to Red Hat and LSI. For more information on LSI Syncro CS solutions, please visit http://www.lsi.com/products/shared-das/pages/default.aspx.
LVM Application Programming Interface
Red Hat Enterprise Linux 7.0 features the new LVM application programming interface (API) as a Technology Preview. This API is used to query and control certain aspects of LVM.
DIF/DIX Support
DIF/DIX is a new addition to the SCSI Standard and a Technology Preview in Red Hat Enterprise Linux 7.0. DIF/DIX increases the size of the commonly used 512-byte disk block from 512 to 520 bytes, adding the Data Integrity Field (DIF). The DIF stores a checksum value for the data block that is calculated by the Host Bus Adapter (HBA) when a write occurs. The storage device then confirms the checksum on receive, and stores both the data and the checksum. Conversely, when a read occurs, the checksum can be verified by the storage device, and by the receiving HBA.
For more information, refer to the section Block Devices with DIF/DIX Enabled in the Storage Administration Guide.
Support of Parallel NFS
Parallel NFS (pNFS) is a part of the NFS v4.1 standard that allows clients to access storage devices directly and in parallel. The pNFS architecture can improve the scalability and performance of NFS servers for several common workloads.
pNFS defines three different storage protocols or layouts: files, objects and blocks. The Red Hat Enterprise Linux 7.0 client fully supports the files layout, and the blocks and object layouts are supported as a Technology Preview.
The default file system for an Anaconda-based installation of Red Hat Enterprise Linux 7.0 is now XFS, which replaces the Fourth Extended Filesystem (ext4) used by default in Red Hat Enterprise Linux 6. The ext4 and Btrfs (B-Tree) file systems can be used as alternatives to XFS.
XFS is a highly scalable, high-performance file system which was originally designed at Silicon Graphics, Inc. It was created to support file systems up to 16 exabytes (approximately 16 million terabytes), files up to 8 exabytes (approximately 8 million terabytes) and directory structures containing tens of millions of entries. XFS supports metadata journaling, which facilitates quicker crash recovery. XFS file systems can also be defragmented and expanded while mounted and active.
For information about changes between commands used for common tasks in ext4 and XFS, see the Reference Table in the Installation Guide.
libhugetlbfs Support for IBM System z
The libhugetlbfs library is now supported on IBM System z architecture. The library enables transparent exploitation of large pages in C and C++ programs. Applications and middleware programs can profit from the performance benefits of large pages without changes or recompilations.
Chapter 8. Kernel
Red Hat Enterprise Linux 7.0 includes kernel version 3.10, which provides a number of new features, the most notable of which are listed below.
Support for Large crashkernel Sizes
Red Hat Enterprise Linux 7.0 supports the kdump crash dumping mechanism on systems with large memory (up to 3TB).
Crashkernel With More Than 1 CPU
Red Hat Enterprise Linux 7.0 enables booting crashkernel with more than one CPU. This function is supported as a Technology Preview.
Swap Memory Compression
Red Hat Enterprise Linux 7.0 introduces a new feature, swap memory compression. Swap compression is performed through zswap, a thin back end for frontswap. Utilizing the swap memory compression technology ensures a significant I/O reduction and performance gains.
NUMA-Aware Scheduling and Memory Allocation
In Red Hat Enterprise Linux 7.0, the kernel automatically relocates processes and memory between NUMA nodes in the same system, in order to improve performance on systems with non-uniform memory access (NUMA).
APIC Virtualization
Virtualization of Advanced Programmable Interrupt Controller (APIC) registers is supported by utilizing hardware capabilities of new processors to improve virtual machine monitor (VMM) interrupt handling.
vmcp Built in the Kernel
In Red Hat Enterprise Linux 7.0, the vmcp kernel module is built in the kernel. This ensures that the vmcp device node is always present, and users can send IBM z/VM hypervisor control program commands without having to load the vmcp kernel module first.
Hardware Error Reporting Mechanism
Currently, the hardware error reporting mechanisms in Linux can be problematic, mostly due to various tools (mcelog and EDAC) that collect errors from different sources with different methods as well as different tools (such as mcelog, edac-utils, and syslog) to report the error events.
The problems of hardware error reporting can be split into these two parts:
different error data collection mechanisms that collect various and sometime duplicate data,
and different tools that report these data in different locations with different time stamps, which makes it hard to correlate the events.
The goal of the new Hardware Event Reporting Mechanism, or HERM, in Red Hat Enterprise Linux 7.0 is to unify the error data collection from various sources, and report the error events to user space in a sequential timeline and single location. HERM in Red Hat Enterprise Linux 7.0 introduces a new user space daemon, rasdaemon, which catches and handles all Reliability, Availability, and Serviceability (RAS) error events that come from the kernel tracing infrastructure, and logs them. HERM in Red Hat Enterprise Linux 7.0 also provides the tools to report the errors and is able to detect different types of errors such as burst and sparse errors.
Full DynTick Support
The nohz_full boot parameter extends the original tickless kernel feature to an additional case when the tick can be stopped, when the per-cpu nr_running=1 setting is used. That is, when there is a single runnable task on a CPU's run queue.
Blacklisting kernel Modules
The modprobe utility shipped with Red Hat Enterprise Linux 7.0 allows users to blacklist kernel modules at installation time. To globally disable autoloading of a module, run the following command:
modprobe.blacklist=module
Dynamic kernel Patching
Red Hat Enterprise Linux 7.0 introduces kpatch, a dynamic "kernel patching utility", as a Technology Preview. kpatch allows users to manage a collection of binary kernel patches which can be used to dynamically patch the kernel without rebooting. Note that kpatch is supported to run on AMD64 and Intel 64 architectures only.
The Emulex ocrdma driver is included in Red Hat Enterprise Linux 7.0 as a Technology Preview. The ocrdma driver provides remote direct memory access (RDMA) capabilities over specific Emulex adapters, including XE100-based LAN on Motherboard (LOM) and OCe14000 family adapters.
dm-era Target
Red Hat Enterprise Linux 7.0 introduces the dm-era device-mapper target as a Technology Preview. dm-era keeps track of which blocks were written within a user-defined period of time called an "era". Each era target instance maintains the current era as a monotonically increasing 32-bit counter. This target enables backup software to track which blocks have changed since the last backup. It also allows for partial invalidation of the contents of a cache to restore cache coherency after rolling back to a vendor snapshot. The dm-era target is primarily expected to be paired with the dm-cache target.
Improved Block I/O Performance Using virtio-blk-data-plane
In Red Hat Enterprise Linux 7.0, the virtio-blk-data-plane I/O virtualization functionality is available as a Technology Preview. This functionality extends QEMU to perform disk I/O in a dedicated thread that is optimized for I/O performance.
PCI Bridge
QEMU previously supported only up to 32 PCI slots. Red Hat Enterprise Linux 7.0 features PCI Bridge, which allows users to configure more than 32 PCI devices. Note that hot plugging of devices behind the bridge is not supported.
QEMU Sandboxing
Red Hat Enterprise Linux 7.0 features enhanced KVM virtualization security through the use of kernel system call filtering, which improves isolation between the host system and the guest.
QEMU Virtual CPU Hot Add Support
QEMU in Red Hat Enterprise Linux 7.0 features virtual CPU (vCPU) hot add support. Virtual CPUs (vCPUs) can be added to a running virtual machine in order to meet either the workload's demands or to maintain the Service Level Agreement (SLA) associated with the workload. Note that vCPU hot plug is only supported on virtual machines using the pc-i440fx-rhel7.0.0 machine type, the default machine type on Red Hat Enterprise Linux 7.0.
Multiple Queue NICs
Multiple queue virtio_net provides better scalability; each virtual CPU can have a separate transmit or receive queue and separate interrupts that it can use without influencing other virtual CPUs.
Multiple Queue virtio_scsi
Multiple queue virtio_scsi provides better scalability; each virtual CPU can have a separate queue and interrupts that it can use without influencing other virtual CPUs.
Page Delta Compression for Live Migration
The KVM live migration feature has been improved by compressing the guest memory pages and reducing the size of the transferred migration data. This feature allows the migration to converge faster.
HyperV Enlightenment in KVM
KVM has been updated with several Microsoft Hyper-V functions; for example, support for Memory Management Unit (MMU) and Virtual Interrupt Controller. Microsoft provides a para-virtualized API between the guest and the host, and by implementing parts of this functionality on the host, and exposing it according to Microsoft specifications, Microsoft Windows guests can improve their performance.
EOI Acceleration for High Bandwidth I/O
Red Hat Enterprise Linux 7.0 utilizes Intel and AMD enhancements to Advanced Programmable Interrupt Controller (APIC) to accelerate end of interrupt (EOI) processing. For older chipsets, Red Hat Enterprise Linux 7.0 provides para-virtualization options for EOI acceleration.
USB 3.0 Support for KVM Guests
Red Hat Enterprise Linux 7.0 features improved USB support by adding USB 3.0 host adapter (xHCI) emulation as a Technology Preview.
Windows 8 and Windows Server 2012 Guest Support
Red Hat Enterprise Linux 7.0 supports Microsoft Windows 8 and Windows Server 2012 guests running inside KVM virtual machines.
I/O Throttling for QEMU Guests
This feature provides I/O throttling, or limits, for QEMU guests' block devices. I/O throttling slows down the processing of I/O memory requests. This slows down the system but prevents it from crashing. Note that it is not possible to throttle data planes.
Integration of Ballooning and Transparent Huge Pages
Ballooning and transparent huge pages are better integrated in Red Hat Enterprise Linux 7.0. Balloon pages can be moved and compacted so they can become huge pages.
Pulling System Entropy from Host
A new device, virtio-rng, can be configured for guests, which will make entropy available to guests from the host. By default, this information is sourced from the host's /dev/random file, but hardware random number generators (RNGs) available on hosts can be used as the source as well.
Bridge Zero Copy Transmit
Bridge zero-copy transmit is a performance feature to improve CPU processing of large messages. The bridge zero-copy transmit feature improves performance from guest to external traffic when using a bridge.
Live Migration Support
Live migration of a guest from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7.0 host is supported.
Discard Support in qemu-kvm
Discard support, using the fstrim or mount -o discard command, works on a guest after adding discard='unmap' to the <driver> element in the domain's XML definition. For example:
Red Hat Enterprise Linux 7.0 supports device assignment of NVIDIA professional series graphics devices (GRID and Quadro) as a secondary graphics device to emulated VGA.
Para-Virtualized Ticketlocks
Red Hat Enterprise Linux 7.0 supports para-virtualized ticketlocks (pvticketlocks) that improve performance of Red Hat Enterprise Linux 7.0 guest virtual machines running over Red Hat Enterprise Linux 7.0 hosts with oversubscribed CPUs.
Error Handling on Assigned PCIe Devices
If a PCIe device with Advanced Error Reporting (AER) encounters an error while assigned to a guest, the affected guest is brought down without impacting any other running guests or the host. The guests can be brought back up after the host driver for the device recovers from the error.
Q35 Chipset, PCI Express Bus and AHCI Bus Emulation
The Q35 machine type, required for PCI express bus support in KVM guest virtual machines, is available as a Technology Preview in Red Hat Enterprise Linux 7.0. An AHCI bus is only supported for inclusion with the Q35 machine type and is also available as a Technology Preview Red Hat Enterprise Linux 7.0.
VFIO-based PCI Device Assignment
The Virtual Function I/O (VFIO) user-space driver interface provides KVM guest virtual machines with an improved PCI device assignment solution. VFIO provides kernel-level enforcement of device isolation, improves security of device access and is compatible with features such as secure boot. VFIO replaces the KVM device assignment mechanism used in Red Hat Enterprise Linux 6.
Intel VT-d Large Pages
When using Virtual Function I/O (VFIO) device assignment with a KVM guest virtual machine on Red Hat Enterprise Linux 7.0, 2MB pages are used by the input/output memory management unit (IOMMU), thus reducing translation lookaside buffer (TLB) overhead for I/O operations. 1GB page support is planned for Red Hat Enterprise Linux 7.0. The VT-d large pages feature is only supported on certain more recent Intel-based platforms.
KVM Clock Get Time Performance
In Red Hat Enterprise Linux 7.0 the vsyscall mechanism was enhanced to support fast reads of the clock from the user space for KVM guests. A guest virtual machine running Red Hat Enterprise Linux 7.0 on a Red Hat Enterprise Linux 7.0 host will see improved performance for applications that read the time of day frequently.
QCOW2 Version 3 Image Format
Red Hat Enterprise Linux 7.0 adds support for the QCOW2 version 3 Image Format.
Improved Live Migration Statistics
Information about live migration is now available to analyze and tune performance. Improved statistics include information about expected downtime, downtime, or dirty pages rate.
Live Migration Threads
The KVM live migration feature has been improved to support threading.
Hot Plugging of Character Devices and Serial Ports
Hot plugging new serial ports with new character devices is now supported in Red Hat Enterprise Linux 7.0.
Emulation of AMD Opteron G5
KVM is now able to emulate AMD Opteron G5 processors.
Support of New Intel Instructions on KVM Guests
KVM guests can use new instructions supported by Intel 22nm processors. These include:
Floating-Point Fused Multiply-Add,
256-bit Integer vectors,
big-endian move instruction (MOVBE) support,
or HLE/HLE+.
VPC and VHDX File Formats
KVM in Red Hat Enterprise Linux 7.0 includes support for the Microsoft Virtual PC (VPC) and Microsoft Hyper-V virtual hard disk (VHDX) file formats.
New Features in libguestfs
libguestfs is a set of tools for accessing and modifying virtual machine disk images. libguestfs included in Red Hat Enterprise Linux 7.0 includes a number of improvements, the most notable of which are the following:
Secure Virtualization Using SELinux, or sVirt protection, ensures enhanced security against malicious and malformed disk images.
Remote disks can be examined and modified, initially over Network Block Device (NBD).
Disks can be hot plugged for better performance in certain applications.
WHQL-Certified virtio-win Drivers
Red Hat Enterprise Linux 7.0 includes Windows Hardware Quality Labs (WHQL) certified virtio-win drivers for the latest Microsoft Windows guests, namely Microsoft Window 8, 8.1, 2012 and 2012 R2.
9.2. Xen
Red Hat Enterprise Linux 7.0 Xen HVM Guest
Users can now use Red Hat Enterprise Linux 7.0 as a guest on the popular Xen environment.
9.3. Hyper-V
Red Hat Enterprise Linux 7.0 Hosted as a Generation 2 Virtual Machine
Red Hat Enterprise Linux 7.0 can be used as a generation 2 virtual machine in the Microsoft Hyper-V Server 2012 R2 host. In addition to the functions supported in the previous generation, generation 2 provides new functions on a virtual machine; for example: secure boot, boot from a SCSI virtual hard disk, and UEFI firmware support.
Chapter 10. System and Services
systemd
systemd is a system and service manager for Linux, and replaces SysV and Upstart used in previous releases of Red Hat Enterprise Linux. systemd is compatible with SysV and Linux Standard Base init scripts.
systemd offers, among others, the following capabilities:
Aggressive parallelization capabilities.
Use of socket and D-Bus activation for starting services.
On-demand starting of daemons.
Managing of control groups.
Creating of system state snapshots and restoring of the system state.
Clusters are multiple computers (nodes) working together to increase reliability, scalability, and availability to critical production services. High Availability using Red Hat Enterprise Linux 7.0 can be deployed in a variety of configurations to suit varying needs for performance, high-availability, load balancing, and file sharing.
Note that Red Hat Enterprise Linux 7.0 Load Balancer is now part of base Red Hat Enterprise Linux.
Refer to Section 21.5, “Clustering and High Availability” for a list of documents available for Red Hat Enterprise Linux 7.0 providing information about configuration and management of Red Hat High Availability Add-On.
11.1. Pacemaker Cluster Manager
Red Hat Enterprise Linux 7.0 replaces rgmanager with Pacemaker for managing cluster resources and recovering from node failures.
Some of the benefits of Pacemaker include:
Automatic synchronization and versioning of the resource configuration.
A flexible resource and fencing model that can more closely match the user's environment.
Fencing can be used to recover from resource-level failures.
Time-based configuration options.
The ability to run the same resource on multiple nodes. For example, a web server or cluster file system.
The ability to run the same resource on multiple nodes in one of two different modes. For example, a sync source and target.
Pacemaker does not require a distributed lock manager.
Configurable behavior when quorum is lost or multiple partitions are formed.
11.2. Piranha Replaced by keepalived and HAProxy
Red Hat Enterprise Linux 7.0 replaces the Piranha Load Balancer with keepalived and HAProxy.
The keepalived package provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on the well-known and widely used Linux Virtual Server kernel module providing Layer-4 network load-balancing. The keepalived daemon implements a set of health checkers to load-balanced server pools according their state. The keepalived daemon also implements the Virtual Router Redundancy Protocol (VRRP), allowing router or director failover to achieve high availability.
HAProxy provides a reliable, high-performance network load balancer for TCP and HTTP-based applications. It is particularly suited for web sites under very high loads while needing persistence or Layer-7 processing.
11.3. High Availability Administration
The Pacemaker Configuration System, or pcs, replaces ccs, ricci and luci as the unified cluster configuration and administration tool. Some of the benefits of pcs include:
Command-line tool.
Ability to easily bootstrap a cluster, that is, getting the initial cluster up and running.
Ability to configure cluster options.
Ability to add, remove, or modify resources and their relationships to each other.
11.4. New Resource Agents
Red Hat Enterprise Linux 7.0 ships with a number of resource agents. A resource agent is a standardized interface for a cluster resource. A resource agent translates a standard set of operations into steps specific to the resource or application, and interprets their results as success or failure.
In Red Hat Enterprise Linux 7.0, the gcc toolchain is based on the gcc-4.8.x release series, and includes numerous enhancements and bugfixes relative to the Red Hat Enterprise Linux 6 equivalent. Similarly, Red Hat Enterprise Linux 7 includes binutils-2.23.52.x.
These versions correspond to the equivalent tools in Red Hat Developer Toolset 2.0; a detailed comparison of Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 gcc and binutils versions can therefore be seen here:
Notable highlights of the Red Hat Enterprise Linux 7.0 toolchain are the following:
Experimental support for building applications compliant with C++11 (including full C++11 language support) and some experimental support for C11 features.
Improved support for programming parallel applications, including OpenMP v3.1, C++11 Types and GCC Built-ins for Atomic Memory Access and experimental support for transactional memory (including Intel RTM/HLE intrinsics, built-ins, and code generation)
A new local register allocator (LRA), improving code performance.
DWARF4 is now used as the default debug format.
A variety of new architecture-specific options.
Support for AMD family 15h and 16h processors.
Link-time optimization support.
Enhanced warnings and diagnostics.
A variety of new Fortran features.
12.2. GLIBC
In Red Hat Enterprise Linux 7.0, the glibc libraries (libc, libm, libpthread, NSS plug-ins, and others) are based on the glibc 2.17 release, which includes numerous enhancements and bug fixes relative to the Red Hat Enterprise Linux 6 equivalent.
Notable highlights of the Red Hat Enterprise Linux 7.0 glibc libraries are the following:
Experimental ISO C11 support.
New Linux interfaces: prlimit, prlimit64, fanotify_init, fanotify_mark, clock_adjtime, name_to_handle_at, open_by_handle_at, syncfs, setns, sendmmsg, process_vm_readv, process_vm_writev.
New optimized string functions for AMD64 and Intel 64 architectures using Streaming SIMD Extensions (SSE), Supplemental Streaming SIMD Extensions 3 (SSSE3), Streaming SIMD Extensions 4.2 (SSE4.2), and Advanced Vector Extensions (AVX).
New optimized string functions for IBM PowerPC and IBM POWER7.
New optimized string functions for IBM S/390 and IBM System z with specifically optimized routines for IBM System z10 and IBM zEnterprise 196.
Checking versions of the FD_SET, FD_CLR, FD_ISSET, poll, and ppoll file descriptors added.
Caching of the netgroup database is now supported in the nscd daemon.
The new function secure_getenv() allows secure access to the environment, returning NULL if running in a SUID or SGID process. This function replaces the internal function __secure_getenv().
The crypt() function now fails if passed salt bytes that violate the specification for those values. On Linux, the crypt() function will consult the /proc/sys/crypto/fips_enabled file to determine if FIPS mode is enabled, and fail on encrypted strings using the Message-Digest algorithm 5 (MD5) or Data Encryption Standard (DES) algorithm when the mode is enabled.
The clock_* suite of functions (declared in <time.h>) is now available directly in the main C library. Previously it was necessary to link with -lrt to use these functions. This change has the effect that a single-threaded program that uses a function such as clock_gettime() (and is not linked with -lrt) will no longer implicitly load the pthreads library at runtime and so will not suffer the overheads associated with multi-thread support in other code such as the C++ runtime library.
New header <sys/auxv.h> and function getauxval() allow easy access to the AT_* key-value pairs passed from the Linux kernel. The header also defines the HWCAP_* bits associated with the AT_HWCAP key.
A new class of installed header has been documented for low-level platform-specific functionality. PowerPC added the first instance with a function to provide time base register access.
12.3. GDB
In Red Hat Enterprise Linux 7.0, the GDB debugger is based on the gdb-7.6.1 release, and includes numerous enhancements and bug fixes relative to the Red Hat Enterprise Linux 6 equivalent.
This version corresponds to GDB in Red Hat Developer Toolset v2.0; a detailed comparison of Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.0 GDB versions can therefore be seen here:
Notable new features of GDB included in Red Hat Enterprise Linux 7.0 are the following:
Faster loading of symbols using the new .gdb_index section and the new gdb-add-index shell command. Note that this feature is already present in Red Hat Enterprise Linux 6.1 and later.
gdbserver now supports standard input/output (STDIO) connections, for example: (gdb) target remote | ssh myhost gdbserver - hello
More expected behavior of the watch command using the -location parameter.
Virtual method tables can be displayed by a new command, info vtbl.
Control of automatic loading of files by new commands info auto-load, set auto-load and show auto-load.
Displaying absolute path to source file names using the set filename-display absolute command.
Control flow recording with hardware support by a new command, record btrace.
Notable bug fixes in GDB included in Red Hat Enterprise Linux 7.0 are the following:
The info proc command has been updated to work on core files.
Breakpoints are now set on all matching locations in all inferiors.
The file name part of breakpoint location now matches trailing components of a source file name.
Breakpoints can now be put on inline functions.
Parameters of the template are now put in scope when the template is instantiated.
In addition, Red Hat Enterprise Linux 7.0 provides a new package, gdb-doc, which contains the GDB Manual in PDF, HTML, and info formats. The GDB Manual was part of the main RPM package in previous versions of Red Hat Enterprise Linux.
Red Hat Enterprise Linux 7.0 includes updates to the most recent versions of several performance tools, such as oprofile, papi and elfutils, bringing performance, portability, and functionality improvements.
Moreover, Red Hat Enterprise Linux 7.0 premiers:
Support for Performance Co-Pilot.
SystemTap support for (DynInst-based) instrumentation that runs entirely in unprivileged user space, as well as efficient (Byteman-based) pinpoint probing of Java applications.
Valgrind support for hardware transactional memory and improvements in modeling vectorized instructions.
12.4.1. Performance Co-Pilot
Red Hat Enterprise Linux 7.0 introduces support for Performance Co-Pilot (PCP), a suite of tools, services, and libraries for acquisition, archiving and analysis of system-level performance measurements. Its light-weight, distributed architecture makes it particularly well suited to centralized analysis of complex systems.
Performance metrics can be added using the Python, Perl, C++ and C interfaces. Analysis tools can use the client APIs (Python, C++, C) directly, and rich web applications can explore all available performance data using a JSON interface.
For further information, consult the extensive man pages in the pcp and pcp-libs-devel packages. The pcp-doc package includes the two free and open books from the upstream project:
Red Hat Enterprise Linux 7.0 includes systemtap version 2.4, which brings several new capabilities. These include optional pure user-space script execution, richer and more efficient Java probing, virtual machine probing, improved error messages, and a number of bug fixes and new features. In particular, the following:
Using the dyninst binary-editing library, SystemTap can now execute some scripts purely at user-space level; no kernel or root privileges are used. This mode, selected using the stap --dyninst, enables only those types of probes or operations that affect only the user's own processes. Note that this mode is incompatible with programs that throw C++ exceptions.
A new way of injecting probes into Java applications is supported in conjunction with the byteman tool. New SystemTap probe types, java("com.app").class("class_name").method("name(signature)").*, enable probing of individual method enter and exit events in an application, without system-wide tracing.
A new facility has been added to the SystemTap driver tooling to enable remote execution on a libvirt-managed KVM instance running on a server. It enables automated and secure transfer of a compiled SystemTap script to a virtual machine guest across a dedicated secure virtio-serial link. A new guest-side daemon loads the scripts and transfers their output back out to the host. This way is faster and more secure than SSH and does not require IP-level networking connection between the host and the guest. To test this function, run the following command:
stap --remote=libvirt://MyVirtualMachine
In addition, a number of improvements has been made to SystemTap's diagnostic messages:
Many error messages now contain cross-references to the related manual pages. These pages explain the errors and suggest corrections.
If a script input is suspected to contain typographic errors, a sorted suggestion list is offered to the user. This suggestion facility is used in a number of contexts when user-specified names may mismatch acceptable names, such as probed function names, markers, variables, files, aliases, and others.
Diagnostic duplicate-elimination has been improved.
ANSI coloring has been added to make messages easier to understand.
12.4.3. Valgrind
Red Hat Enterprise Linux 7.0 includes Valgrind, an instrumentation framework that ships with a number of tools to profile applications. This version is based on the Valgrind 3.9.0 release and includes numerous improvements relative to the Red Hat Enterprise Linux 6 and Red Hat Developer Toolset 2.0 counterparts, which were based on Valgrind 3.8.1.
Notable new features of Valgrind included in Red Hat Enterprise Linux 7.0 are the following:
Support for IBM System z Decimal Floating Point instructions on hosts that have the DFP facility installed.
Support for IBM POWER8 (Power ISA 2.07) instructions.
Support for Intel AVX2 instructions. Note that this is available only on 64-bit architectures.
Initial support for Intel Transactional Synchronization Extensions, both Restricted Transactional Memory (RTM) and Hardware Lock Elision (HLE).
Initial support for Hardware Transactional Memory on IBM PowerPC.
The default size of the translation cache has been increased to 16 sectors, reflecting the fact that large applications require instrumentation and storage of huge amounts of code. For similar reasons, the number of memory mapped segments that can be tracked has been increased by a factor of 6. The maximum number of sectors in the translation cache can be controlled by the new flag --num-transtab-sectors.
Valgrind no longer temporarily creates a mapping of the entire object to read from it. Instead, reading is done through a small fixed sized buffer. This avoids virtual memory spikes when Valgrind reads debugging information from large shared objects.
The list of used suppressions (displayed when the -v option is specified) now shows, for each used suppression, the file name and line number where the suppression is defined.
A new flag, --sigill-diagnostics can now be used to control whether a diagnostic message is printed when the just-in-time (JIT) compiler encounters an instruction it cannot translate. The actual behavior — delivery of the SIGILL signal to the application — is unchanged.
The Memcheck tool has been improved with the following features:
Improvements in handling of vectorized code, leading to significantly fewer false error reports. Use the --partial-loads-ok=yes flag to get the benefits of these changes.
Better control over the leak checker. It is now possible to specify which kind of leaks (definite, indirect, possible, and reachable) should be displayed, which should be regarded as errors, and which should be suppressed by a given leak suppression. This is done using the options --show-leak-kinds=kind1,kind2,.., --errors-for-leak-kinds=kind1,kind2,.. and an optional match-leak-kinds: line in suppression entries, respectively.
Note that generated leak suppressions contain this new line and are therefore more specific than in previous releases. To get the same behavior as previous releases, remove the match-leak-kinds: line from generated suppressions before using them.
Reduced possible leak reports from the leak checker by the use of better heuristics. The available heuristics provide detection of valid interior pointers to std::stdstring, to new[] allocated arrays with elements having destructors and to interior pointers pointing to an inner part of a C++ object using multiple inheritance. They can be selected individually using the --leak-check-heuristics=heur1,heur2,... option.
Better control of stacktrace acquisition for heap-allocated blocks. Using the --keep-stacktraces option, it is possible to control independently whether a stack trace is acquired for each allocation and deallocation. This can be used to create better "use after free" errors or to decrease Valgrind's resource consumption by recording less information.
Better reporting of leak suppression usage. The list of used suppressions (shown when the -v option is specified) now shows, for each leak suppressions, how many blocks and bytes it suppressed during the last leak search.
The Valgrind GDB server integration has been improved with the following monitoring commands:
A new monitor command, v.info open_fds, that gives the list of open file descriptors and additional details.
A new monitor command, v.info execontext, that shows information about the stack traces recorded by Valgrind.
A new monitor command, v.do expensive_sanity_check_general, to run certain internal consistency checks.
12.5. Programming Languages
Ruby 2.0.0
Red Hat Enterprise Linux 7.0 provides the latest Ruby version, 2.0.0. The most notable of the changes between version 2.0.0 and 1.8.7 included in Red Hat Enterprise Linux 6 are the following:
New interpreter, YARV (yet another Ruby VM), which significantly reduces loading times, especially for applications with large trees or files.
New and faster "Lazy Sweep" garbage collector.
Ruby now supports string encoding.
Ruby now supports native threads instead of green threads.
Red Hat Enterprise Linux 7.0 includes Python 2.7.5, which is the latest Python 2.7 series release. This version contains many improvements in performance and provides forward compatibility with Python 3. The most notable of the changes in Python 2.7.5 are the following:
Red Hat Enterprise Linux 7.0 features OpenJDK7 as the default Java Development Kit (JDK) and Java 7 serves as the default Java version. All Java 7 packages (java-1.7.0-openjdk, java-1.7.0-oracle, java-1.7.0-ibm) allow installation of multiple versions in parallel, similarly to the kernel.
The ability of parallel installation allows users to try out multiple versions of the same JDK simultaneously, to tune performance and debug problems if needed. The precise JDK is selectable through /etc/alternatives/ as before.
Chapter 13. Networking
Network Teaming
Network Teaming has been introduced as an alternative to bonding for link aggregation. It is designed to be easy to maintain, debug and extended. For the user it offers performance and flexibility improvements and should be evaluated for all new installations.
NetworkManager
A number of improvements have been made to NetworkManager to make it more suitable for use in server applications. In particular, NetworkManager no longer watches for configuration file changes by default, such as those made by editors or deployment tools. It allows administrators to make it aware of external changes through the nmcli connection reload command. Changes made through NetworkManager's D-Bus API or with the NetworkManager command-line tool, nmcli, are still effective immediately.
The nmcli tool is introduced to allow users and scripts to interact with NetworkManager.
chrony Suite
The chrony suite of utilities is available to update the system clock on systems that do not fit into the conventional permanently networked, always on, dedicated server category. The chrony suite should be considered for all systems which are frequently suspended or otherwise intermittently disconnected and reconnected to a network. Mobile and virtual systems for example.
Dynamic Firewall Daemon, firewalld Suite
Red Hat Enterprise Linux 7.0 ships with the dynamic firewall daemon, firewalld, which provides a dynamically managed firewall with support for network "zones" to assign a level of trust to a network and its associated connections and interfaces. It has support for IPv4 and IPv6 firewall settings. It supports Ethernet bridges and has a separation of runtime and permanent configuration options. It also has an interface for services or applications to add firewall rules directly.
DNSSEC
DNSSEC is a set of Domain Name System Security Extensions (DNSSEC) that enables a DNS client to authenticate and check the integrity of responses from a DNS name server in order to verify their origin and to determine if they have been interfered with in transit.
OpenLMI
Red Hat Enterprise Linux 7.0 features the OpenLMI project, which provides a common infrastructure for the management of Linux systems. It allows users to configure, manage and monitor hardware, operating systems, and system services. OpenLMI is intended to simplify the task of configuring and managing production servers.
OpenLMI is designed to provide a common management interface to multiple versions of Red Hat Enterprise Linux. It builds on top of existing tools, providing an abstraction layer that hides much of the complexity of the underlying system from system administrators.
OpenLMI consists of a set of system management agents installed on a managed system, an OpenLMI controller, which manages the agents and provides an interface to them, and client applications or scripts which call the system managements agents through the OpenLMI controller.
OpenLMI allows users to:
configure, manage and monitor bare-metal production servers as well as virtual machine guests;
configure, manage and monitor local or remote systems;
configure, manage and monitor storage and networks;
call system management functions from C/C++, Python, Java, or command-line interface.
Please note that the OpenLMI software Provider is supported as a Technology Preview. The Software is fully functional, however, certain operations may consume excessive resources.
Support for Single Root I/O virtualization (SR-IOV) has been added to the qlcnic driver as a Technology Preview. Support for this functionality will be provided directly by QLogic, and customers are encouraged to provide feedback to QLogic and Red Hat. Other functionality in the qlcnic driver remains fully supported.
FreeRADIUS 3.0.1
Red Hat Enterprise Linux 7.0 includes FreeRADIUS version 3.0.1, which provides a number of new features the most notable of which are the following:
RadSec, a protocol for transporting RADIUS datagrams over TCP and TLS.
Yubikey support.
Connection pooling. The radiusd server maintains connections to a variety of back ends (SQL, LDAP, and others). Connection pooling offers greater throughput with lower resource demands.
The syntax of the server's configuration programming language, unlang, has been expanded.
Improved support for site-specific and vendor-specific attributes.
Improved debugging which highlights problems in verbose output.
SNMP trap generation.
Improved WiMAX support.
EAP-PWD support.
Trusted Network Connect
Red Hat Enterprise Linux 7.0 introduces the Trusted Network Connect functionality as a Technology Preview. Trusted Network Connect is used with existing network access control (NAC) solutions, such as TLS, 802.1x, or IPsec to integrate end point posture assessment; that is, collecting an end point's system information (such as operating system configuration settings, installed packages, and others, termed as integrity measurements). Trusted Network Connect is used to verify these measurements against network access policies before allowing the end point to access the network.
Chapter 14. Resource Management
Control Groups
Red Hat Enterprise Linux 7.0 features control groups, which is a concept for organizing processes in a tree of named groups for the purpose of resource management. They provide a way to hierarchically group and label processes and a way to apply resource limits to these groups. In Red Hat Enterprise Linux 7.0, control groups are exclusively managed through systemd. cgroups are configured in systemd unit files and are manageable with systemd's command line interface (CLI) tools.
Control groups and other resource management features are discussed in detail in Resource Management Guide.
Chapter 15. Authentication and Interoperability
New Trust Implementation
Using a user ID or group ID defined in the Active Directory instead of using a user ID and group ID generated from the user Security Identifier is now supported for Red Hat Enterprise Linux 5.9 clients and later and Red Hat Enterprise Linux 6.3 clients. This trust implementation is usable if POSIX attributes are defined in the Active Directory.
Updated slapi-nis Plug-In
Red Hat Enterprise Linux 7.0 features an updated directory server plug-in, slapi-nis, which allows users of Active Directory to authenticate on legacy clients. Note that this function is a Technology Preview.
Backup and Restore Mechanism for IPA
The backup and restore mechanism for the IPA suite is featured as a Technology Preview in Red Hat Enterprise Linux 7.0.
Samba 4.1.0
Red Hat Enterprise Linux 7.0 includes samba packages upgraded to the latest upstream version, which introduce several bug fixes and enhancements, the most notable of which is support for the SMB3 protocol in the server and client tools.
Additionally, SMB3 transport enables encrypted transport connections to Windows servers that support SMB3, as well as Samba servers. Also, Samba 4.1.0 adds support for server-side copy operations. Clients making use of server-side copy support, such as the latest Windows releases, should experience considerable performance improvements for file copy operations.
Warning
The updated samba packages remove several already deprecated configuration options. The most important are the server roles security = share and security = server. Also the web configuration tool SWAT has been completely removed. More details can be found in the Samba 4.0 and 4.1 release notes:
Note that several tdb files have been updated. This means that all tdb files are upgraded as soon as you start the new version of the smbd daemon. You cannot downgrade to an older Samba version unless you have backups of the tdb files
For more information about these changes, refer to the Release Notes for Samba 4.0 and 4.1 mentioned above.
Use of AD and LDAP sudo Providers
The AD provider is a back end used to connect to an Active Directory server. In Red Hat Enterprise Linux 7.0, using the AD sudo provider together with the LDAP provider is supported as a Technology Preview. To enable the AD sudo provider, add the sudo_provider=ad setting in the domain section of the sssd.conf file.
Chapter 16. Security
OpenSSH chroot Shell Logins
Generally, each Linux user is mapped to an SELinux user using SELinux policy, allowing Linux users to inherit the restrictions placed on SELinux users. There is a default mapping in which Linux users are mapped to to the SELinux unconfined_u user.
In Red Hat Enterprise Linux 7, the ChrootDirectory option for chrooting users can be used with unconfined users without any change, but for confined users, such as staff_u, user_u, or guest_u, the SELinux selinuxuser_use_ssh_chroot variable has to be set. Administrators are advised to use the guest_u user for all chrooted users when using the ChrootDirectory option to achieve higher security.
Multiple Required Authentications
Red Hat Enterprise Linux 7.0 supports multiple required authentications in the SSH protocol version 2 using the AuthenticationMethods option. This option lists one or more comma-separated lists of authentication method names. Successful completion of all the methods in any list is required for authentication to complete. This enables, for example, requiring a user to have to authenticate using the public key or GSSAPI before they are offered password authentication.
GSS Proxy
GSS Proxy is the system service that establishes GSS API Kerberos context on behalf of other applications. This brings security benefits; for example, in a situation when the access to the system keytab is shared between different processes, a successful attack against that process leads to Kerberos impersonation of all other processes.
Changes in NSS
The nss packages have been upgraded to upstream version 3.15.2. Message-Digest algorithm 2 (MD2), MD4, and MD5 signatures are no longer accepted for online certificate status protocol (OCSP) or certificate revocation lists (CRLs), consistent with their handling for general certificate signatures.
Advanced Encryption Standard Galois Counter Mode (AES-GCM) Cipher Suite (RFC 5288 and RFC 5289) has been added for use when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
SCAP Workbench
SCAP Workbench is a GUI front end that provides scanning functionality for SCAP content. SCAP Workbench is included as a Technology Preview in Red Hat Enterprise Linux 7.0.
You can find detailed information on the website of the upstream project:
Red Hat Enterprise Linux 7.0 introduces the OSCAP Anaconda add-on as a Technology Preview. The add-on integrates OpenSCAP utilities with the installation process and enables installation of a system following restrictions given by a SCAP content.
Chapter 17. Subscription Management
Red Hat Enterprise Linux 7.0 is available using the Red Hat Subscription Management services. The following Knowledge Base article provides a brief overview and instructions on how to register your Red Hat Enterprise Linux 7.0 system with Red Hat Subscription Management.
Certificate-Based Entitlements
Red Hat Enterprise Linux 7.0 supports new certificate-based entitlements through the subscription-manager tool. Legacy entitlements are also supported for Satellite users to provide a transition for users using Red Hat Enterprise Linux 5 and 6. Note that registering to Red Hat Network Classic using the rhn_register or rhnreg_ks tools will not work on Red Hat Enterprise Linux 7.0. You can use the mentioned tools to register to Red Hat Satellite or Proxy versions 5.6 only.
Red Hat Enterprise Linux 7.0 features the next major version of the GNOME Desktop, GNOME 3. The user experience of GNOME 3 is largely defined by GNOME Shell, which replaces the GNOME 2 desktop shell. Apart from window management, GNOME Shell provides the top bar on the screen, which hosts the "system status" area in the top right, a clock, and a hot corner that switches to Activities Overview, which provides easy access to applications and windows.
The default GNOME Shell interface in Red Hat Enterprise Linux 7.0 is GNOME Classic which features a window list at the bottom of the screen and traditional Applications and Places menus.
For more information about GNOME 3, consult the GNOME help. To access it, press the Super (Windows) key to enter the Activities Overview, type help, and then press Enter.
GNOME 3 uses the GTK+ 3 library which can be installed in parallel with GTK+ 2. Both GTK+ and GTK+ 3 are available in Red Hat Enterprise Linux 7.0. Existing GTK+ 2 applications will continue to work in GNOME 3.
GNOME Boxes
Red Hat Enterprise Linux 7.0 introduces a lightweight graphical desktop virtualization tool used to view and access virtual machines and remote systems. GNOME Boxes provides a way to test different operating systems and applications from the desktop with minimal configuration.
18.2. KDE
Red Hat Enterprise Linux 7.0 features KDE Plasma Workspaces version 4.10 and the latest version of KDE Platform and Applications. To learn more about the release, consult http://www.kde.org/announcements/4.10/
KScreen
Configuration of multiple displays is improved with KScreen, a new screen management software for KDE. KScreen provides a new user interface for monitor configuration and automatic saving and restoring of profiles for connected monitors. For detailed information about KScreen, see http://community.kde.org/Solid/Projects/ScreenManagement
Chapter 19. Web Servers and Services
Apache HTTP Server 2.4
Version 2.4 of the Apache HTTP Server (httpd) is included in Red Hat Enterprise Linux 7.0, and offers a range of new features:
an enhanced version of the "Event" processing module, improving asynchronous request process and performance;
native FastCGI support in the mod_proxy module;
support for embedded scripting using the Lua language.
MariaDB is the default implementation of MySQL in Red Hat Enterprise Linux 7.0. MariaDB is a community-developed fork of the MySQL database project, and provides a replacement for MySQL. MariaDB preserves API and ABI compatibility with MySQL and adds several new features; for example, a non-blocking client API library, the Aria and XtraDB storage engines with enhanced performance, better server status variables or enhanced replication.
PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the PostgreSQL server package, client programs, and libraries needed to access a PostgreSQL DBMS server.
Red Hat Enterprise Linux 7.0 features version 9.2 of PostgreSQL. For a list of new features, bug fixes and possible incompatibilities against version 8.4 packaged in Red Hat Enterprise Linux 6, please refer to the upstream release notes:
Red Hat Software Collections is a Red Hat offering that provides a set of dynamic programming languages, database servers, and related packages that you can install and use on multiple versions of Red Hat Enterprise Linux, including Red Hat Enterprise Linux 7.
Dynamic languages, database servers, and other tools distributed with Red Hat Software Collections do not replace the default system tools provided with Red Hat Enterprise Linux 7, nor are they used in preference to these tools.
The Red Hat Software Collections product uses an alternative packaging mechanism based on the scl utility to provide a parallel set of packages. This set allows for optional use of alternative package versions on Red Hat Enterprise Linux 7. By using the scl utility, users can pick and choose at any time which package version they want to run.
Important
The Red Hat Software Collections product has a shorter life cycle and support term than Red Hat Enterprise Linux. For more information, see the Red Hat Software Collections Product Life Cycle.
See the Red Hat Software Collections 1.1 Release Notes for important information about the Red Hat Software Collections 1.1 release. Read this book if you want to learn about the components included in the product. This book also documents the product's system requirements and known problems.
The Red Hat Software Collections product is similar to another Red Hat offering, Red Hat Developer Toolset, that uses the same packaging mechanism to provide alternative versions of developer-oriented packages.
Documentation for Red Hat Enterprise Linux 7.0 is comprised of several separate documents. Each of these documents belongs to one or more of the following subject areas:
Release Documentation
Installation and Deployment
Security
Tools and Performance
Clustering
Virtualization
21.1. Release Documentation
Release Notes
The Release Notes document the major new features in Red Hat Enterprise Linux 7.0.
Technical Notes
The Red Hat Enterprise Linux Technical Notes contains information about known issues in this release.
Migration Planning Guide
The Red Hat Enterprise Linux Migration Planning Guide documents migration from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7.
Desktop Migration and Administration Guide
The Desktop Migration and Administration Guide is a guide to the GNOME 3 Desktop migration planning, deployment, configuration, and administration on Red Hat Enterprise Linux 7.
21.2. Installation and Deployment
Installation Guide
The Installation Guide documents relevant information regarding the installation of Red Hat Enterprise Linux 7. This book also covers advanced installation methods such as kickstart and PXE installations, and installations over VNC, as well as common post-installation tasks.
System Administrator's Guide
The System Administrator's Guide provides information about deploying, configuring, and administering Red Hat Enterprise Linux 7.
The Storage Administration Guide provides instructions on how to effectively manage storage devices and file systems on Red Hat Enterprise Linux 7. It is intended for use by system administrators with intermediate experience in either the Red Hat Enterprise Linux or Fedora distributions of Linux.
Global File System 2
The Global File System 2 book provides information about configuring and maintaining Red Hat GFS2 (Global File System 2) in Red Hat Enterprise Linux 7.
Logical Volume Manager Administration
The Logical Volume Manager Administration guide describes the LVM logical volume manager and provides information on running LVM in a clustered environment.
Kernel Crash Dump Guide
The Kernel Crash Dump Guide documents how to configure, test, and use the kdump crash recovery service available in Red Hat Enterprise Linux 7.
21.3. Security
Security Guide
The Security Guide is designed to assist users and administrators in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation and malicious activity.
SELinux User's and Administrator's Guide
The SELinux User's and Administrator's Guide covers the management and use of Security-Enhanced Linux. Note that managing confined services, which was documented in a stand-alone book in Red Hat Enterprise Linux 6, is now part of the SELinux User's and Administrator's Guide.
21.4. Tools and Performance
Resource Management Guide
The Resource Management Guide documents tools and techniques for managing system resources on Red Hat Enterprise Linux 7.
Power Management Guide
The Power Management Guide documents how to manage power consumption in Red Hat Enterprise Linux 7.
Performance Tuning Guide
The Performance Tuning Guide documents how to optimize subsystem throughput in Red Hat Enterprise Linux 7.
Developer Guide
The Developer Guide describes the different features and utilities that make Red Hat Enterprise Linux 7 an ideal enterprise platform for application development.
SystemTap Beginners Guide
The SystemTap Beginners Guide provides basic instructions on how to use SystemTap to monitor different subsystems of Red Hat Enterprise Linux in finer detail.
SystemTap Reference
The SystemTap Tapset Reference guide describes the most common tapset definitions users can apply to SystemTap scripts.
21.5. Clustering and High Availability
High Availability Add-On Administration
The High Availability Add-On Administration guide provides information on how to configure and administer the High Availability Add-On in Red Hat Enterprise Linux 7.
The Virtualization Security Guide provides an overview of virtualization security technologies provided by Red Hat, and provides recommendations for securing virtualization hosts, guests, and shared infrastructure and resources in virtualized environments.
Virtualization Tuning and Optimization Guide
The Virtualization Tuning and Optimization Guide covers KVM and virtualization performance. Within this guide you can find tips and suggestions for making full use of KVM performance features and options for your host systems and virtualized guests.
Linux Containers Guide
Linux Containers Guide includes information on configuration and managing of Linux Containers in Red Hat Enterprise Linux 7.0, and provides an overview of application examples for Linux containers.
22.1. Red Hat Enterprise Linux 7.0 International Languages
Red Hat Enterprise Linux 7.0 supports the installation of multiple languages and the changing of languages based on your requirements.
The following languages are supported in Red Hat Enterprise Linux 7.0:
East Asian Languages - Japanese, Korean, Simplified Chinese, and Traditional Chinese.
European Languages - English, German, Spanish, French, Italian, Portuguese Brazilian, and Russian.
Indic Languages - Assamese, Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Odia, Punjabi, Tamil, and Telugu.
The table below summarizes the currently supported languages, their locales, default fonts installed, and packages required for some of the supported languages.
A new YUM plug-in, yum-langpacks now allows users to install translation subpackages for various packages for the current language locale.
Changing Locale and Keyboard Layout Settings
localectl is a new utility used to query and change the system locale and keyboard layout settings; the settings are used in text consoles and inherited by desktop environments. localectl also accepts a hostname argument to administer remote systems over SSH.
22.3. Input Methods
Changes in IBus
Red Hat Enterprise Linux 7.0 includes support for the Intelligent Input Bus (IBus) version 1.5. Support for IBus is now integrated in GNOME.
Input methods can be added using the gnome-control-center region command, and the gnome-control-center keyboard command can be used to set input hotkeys.
For non-GNOME sessions, ibus can configure both XKB layouts and input methods in the ibus-setup tool and switch them with a hotkey.
The default hotkey is Super+space, replacing Control+space in ibus included in Red Hat Enterprise Linux 6. This provides a similar UI which the user can see with the Alt+Tab combination. Multiple input methods can be switched using the Alt+Tab combination.
Predictive Input Method for IBus
ibus-typing-booster is a predictive input method for the ibus platform. It predicts complete words based on partial input. Users can select the desired word from a list of suggestions and improve their typing speed and spelling. ibus-typing-booster works also with the Hunspell dictionaries and can make suggestions for a language using a Hunspell dictionary.
Note that the ibus-typing-booster package is an optional package require, and therefore will not be installed as part of the input-methods group by default.
A new tool, fonts-tweak-tool allows users to configure the default fonts per language using the user font configuration.
22.5. Language-Specific Changes
Arabic
New Arabic fonts from Paktype are available in Red Hat Enterprise Linux 7.0: paktype-ajrak, paktype-basic-naskh-farsi, paktype-basic-naskh-sindhi, paktype-basic-naskh-urdu, and paktype-basic-naskh-sa.
Chinese
The WQY Zenhei font is now the default font for Simplified Chinese.
The default engine for Simplified Chinese has been changed to ibus-libpinyin from ibus-pinyin that Red Hat Enterprise Linux 6 uses.
Indic
The new Lohit Devanagari font replaces the previous separate Lohit fonts for Hindi, Kashmiri, Konkani, Maithili, Marathi, and Nepali. Any distinct glyphs for these languages needed in the future can be handled in Lohit Devanagari with the Open Type Font locl tags.
New font packages gubbi-fonts and navilu-fonts have been added for Kannada language.
Japanese
IPA fonts are no longer installed by default
ibus-kkc, the Kana Kanji Conversion, is the new default Japanese input method engine using the new libkkc backend. It replaces ibus-anthy, anthy, and kasumi.
Korean
The Nanum font is used by default now.
New Locales
Red Hat Enterprise Linux 7.0 supports new locales, Konkani (kok_IN) and Pushto (ps_AF).
Chapter 23. Supportability and Maintenance
ABRT 2.1
Red Hat Enterprise Linux 7.0 ships with Automatic Bug Reporting Tool (ABRT) 2.1 which features an improved user interface and the ability to send uReports, lightweight anonymous problem reports suitable for machine processing such as gathering crash statistics. Note that in order to discover as many software bugs as possible, ABRT included in Red Hat Enterprise Linux 7.0 is, by default, configured to automatically send reports of application crashes to Red Hat.
The set of supported languages has been extended with Java and Ruby in ABRT 2.1.
Revision History
Revision History
Revision 0.0-0.2
Tue Jun 10 2014
EliškaSlobodová
Release of the Red Hat Enterprise Linux 7.0 Release Notes.
Revision 0.0-0.1
Thu Dec 11 2013
EliškaSlobodová
Release of the Red Hat Enterprise Linux 7.0 Beta Release Notes.