Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Using MySQL

The MySQL server is an open source fast and robust database server. MySQL is a relational database that converts data into structured information and provides an SQL interface for accessing data. It includes multiple storage engines and plugins, as well as geographic information system (GIS), and JavaScript Object Notation (JSON) features.

Learn how to install and configure MySQL on a RHEL system, how to back up MySQL data, how to migrate from an earlier MySQL version, and how to replicate a MySQL database.

2.1. Installing MySQL

RHEL 10 provides MySQL 8.4 as the initial version of the Application Stream, which can be installed easily as an RPM package. Additional MySQL versions are provided as modules with a shorter life cycle in minor releases of RHEL 10.

Note

By design, you can install only one version (stream) of the same module and, because of conflicting RPM packages, you cannot install MariaDB and MySQL on the same host. As an alternative, you can run the database server services in a container. See Using containers to run multiple MariaDB and MySQL instances on a single host.

Procedure

  1. Install MySQL server packages: 

    # dnf install mysql8.4-server
    Copy to Clipboard

  2. Enable and start the mysqld service: 

    # systemctl enable --now mysqld.service
    Copy to Clipboard

  3. Improve the security after the installation: 

    $ mysql_secure_installation
    Copy to Clipboard

    The command launches a fully interactive script, which prompts for each step in the process. The script enables you to improve security in the following ways:

    • Setting a password for root accounts
    • Removing anonymous users
    • Disallowing remote root logins (outside the local host)

2.2. Using containers to run multiple MariaDB and MySQL instances on a single host

If you install MariaDB or MySQL from packages, you can only run one of these services and only a single version of it on the same host. As an alternative, you can run the services in a container to configure the following scenarios:

  • You want to run multiple instances of MariaDB or MySQL on the same host.
  • You want to run both MariaDB and MySQL on the same host.

Prerequisites

  • The podman package is installed.

Procedure

  1. Authenticate to the registry.redhat.io registry by using your Red Hat Customer Portal account: 

    # podman login registry.redhat.io
    Copy to Clipboard

    Skip this step if you are already logged in to the container registry.

  2. Start the containers you want to use:

    • MariaDB 10.11: 

      $ podman run -d --name <container_name_1> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_1>:3306 rhel10/mariadb-1011
      Copy to Clipboard

      For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

    • MySQL 8.4: 

      $ podman run -d --name <container_name_2> -e MYSQL_ROOT_PASSWORD=<password> -p <host_port_2>:3306 rhel10/mysql-84
      Copy to Clipboard

      For more information about the usage of this container image, see the Red Hat Ecosystem Catalog.

    Important

    The container names and host ports of the two database servers must differ.

  3. To ensure that clients can access the database server on the network, open the host ports in the firewall: 

    # firewall-cmd --permanent --add-port={<host_port_1>/tcp,<host_port_2>/tcp,...}
# firewall-cmd --reload
    Copy to Clipboard

Verification

  1. Connect to the database server and log in as root: 

    # mysql -u root -p -h localhost -P <host_port> --protocol tcp
    Copy to Clipboard

  2. Optional: Display information about the running containers: 

    $ podman ps
    Copy to Clipboard

2.3. Configuring network access to MySQL

If clients in your network need to access the MySQL server remotely, you must configure the MySQL service to listen on the corresponding interfaces.

Procedure

  1. Edit the mysqld section of the /etc/my.cnf.d/mysql-server.cnf file. You can set the following configuration directives:

    • bind-address - is the address on which the server listens. Possible options are:

      • a host name
      • an IPv4 address
      • an IPv6 address

    • skip-networking - controls whether the server listens for TCP/IP connections. Possible values are:

      • 0 - to listen for all clients
      • 1 - to listen for local clients only
    • port - the port on which MySQL listens for TCP/IP connections.

  2. To ensure that clients can access the database server on the network, open the port in the firewall: 

    # firewall-cmd --permanent --add-service=mysql
# firewall-cmd --reload
    Copy to Clipboard

  3. Restart the mysqld service: 

    # systemctl restart mysqld.service
    Copy to Clipboard

2.4. Setting up TLS encryption on a MySQL server

By default, MySQL uses unencrypted connections. For secure connections, enable TLS support on the MySQL server and configure your clients to establish encrypted connections.

2.4.1. Placing the CA certificate, server certificate, and private key on the MySQL server

Before you can enable TLS encryption on the MySQL server, store the certificate authority (CA) certificate, the server certificate, and the private key on the MySQL server.

Prerequisites

  • The following files in Privacy Enhanced Mail (PEM) format have been copied to the server:

    • The private key of the server: server.example.com.key.pem
    • The server certificate: server.example.com.crt.pem
    • The Certificate Authority (CA) certificate: ca.crt.pem

    For details about creating a private key and certificate signing request (CSR), as well as about requesting a certificate from a CA, see your CA’s documentation.

Procedure

  1. Store the CA and server certificates in the /etc/pki/tls/certs/ directory: 

    # mv <path>/server.example.com.crt.pem /etc/pki/tls/certs/
# mv <path>/ca.crt.pem /etc/pki/tls/certs/
    Copy to Clipboard

  2. Set permissions on the CA and server certificate that enable the MySQL server to read the files: 

    # chmod 644 /etc/pki/tls/certs/server.example.com.crt.pem /etc/pki/tls/certs/ca.crt.pem
    Copy to Clipboard

    Because certificates are part of the communication before a secure connection is established, any client can retrieve them without authentication. Therefore, you do not need to set strict permissions on the CA and server certificate files.

  3. Store the server’s private key in the /etc/pki/tls/private/ directory: 

    # mv <path>/server.example.com.key.pem /etc/pki/tls/private/
    Copy to Clipboard

  4. Set secure permissions on the server’s private key: 

    # chmod 640 /etc/pki/tls/private/server.example.com.key.pem
# chgrp mysql /etc/pki/tls/private/server.example.com.key.pem
    Copy to Clipboard

    If unauthorized users have access to the private key, connections to the MySQL server are no longer secure.

  5. Restore the SELinux context: 

    # restorecon -Rv /etc/pki/tls/
    Copy to Clipboard

2.4.2. Configuring TLS on a MySQL server

To improve security, enable TLS support on the MySQL server. As a result, clients can transmit data with the server by using TLS encryption.

Prerequisites

  • You installed the MySQL server.
  • The mysqld service is running.

  • The following files in Privacy Enhanced Mail (PEM) format exist on the server and are readable by the mysql user:

    • The private key of the server: /etc/pki/tls/private/server.example.com.key.pem
    • The server certificate: /etc/pki/tls/certs/server.example.com.crt.pem
    • The Certificate Authority (CA) certificate /etc/pki/tls/certs/ca.crt.pem
  • The subject distinguished name (DN) or the subject alternative name (SAN) field in the server certificate matches the server’s host name.

Procedure

  1. Create the /etc/my.cnf.d/mysql-server-tls.cnf file:

    1. Add the following content to configure the paths to the private key, server and CA certificate: 

      [mysqld]
ssl_key = /etc/pki/tls/private/server.example.com.key.pem
ssl_cert = /etc/pki/tls/certs/server.example.com.crt.pem
ssl_ca = /etc/pki/tls/certs/ca.crt.pem
      Copy to Clipboard

    2. If you have a Certificate Revocation List (CRL), configure the MySQL server to use it: 

      ssl_crl = /etc/pki/tls/certs/example.crl.pem
      Copy to Clipboard

    3. Optional: Reject connection attempts without encryption. To enable this feature, append: 

      require_secure_transport = on
      Copy to Clipboard

    4. Optional: Set the TLS versions the server should support. For example, to support only TLS 1.3, append: 

      tls_version = TLSv1.3
      Copy to Clipboard

      By default, the server supports TLS 1.2 and TLS 1.3.

  2. Restart the mysqld service: 

    # systemctl restart mysqld
    Copy to Clipboard

Verification

To simplify troubleshooting, perform the following steps on the MySQL server before you configure the local client to use TLS encryption:

  1. Verify that MySQL now has TLS encryption enabled: 

    # mysql -u root -p -h <MySQL_server_hostname> -e "SHOW session status LIKE 'Ssl_cipher';"
+---------------+------------------------+
| Variable_name | Value                  |
+---------------+------------------------+
| Ssl_cipher    | TLS_AES_256_GCM_SHA384 |
+---------------+------------------------+
    Copy to Clipboard

  2. If you configured the MySQL server to only support specific TLS versions, display the tls_version variable: 

    # mysql -u root -p -e "SHOW GLOBAL VARIABLES LIKE 'tls_version';"
+---------------+---------+
| Variable_name | Value   |
+---------------+---------+
| tls_version   | TLSv1.3 |
+---------------+---------+
    Copy to Clipboard

  3. Verify that the server uses the correct CA certificate, server certificate, and private key files: 

    # mysql -u root -e "SHOW GLOBAL VARIABLES WHERE Variable_name REGEXP '{caret}ssl_ca|{caret}ssl_cert|{caret}ssl_key';"
+-----------------+-------------------------------------------------+
| Variable_name   | Value                                           |
+-----------------+-------------------------------------------------+
| ssl_ca          | /etc/pki/tls/certs/ca.crt.pem                   |
| ssl_capath      |                                                 |
| ssl_cert        | /etc/pki/tls/certs/server.example.com.crt.pem   |
| ssl_key         | /etc/pki/tls/private/server.example.com.key.pem |
+-----------------+-------------------------------------------------+
    Copy to Clipboard

2.4.3. Requiring TLS encrypted connections for specific user accounts on a MySQL server

Users that have access to sensitive data should always use a TLS-encrypted connection to avoid sending data unencrypted over the network.

If you cannot configure on the server that a secure transport is required for all connections (require_secure_transport = on), configure individual user accounts to require TLS encryption.

Prerequisites

  • The MySQL server has TLS support enabled.
  • The user you configure to require secure transport exists.
  • The CA certificate is stored on the client.

Procedure

  1. Connect as an administrative user to the MySQL server: 

    # mysql -u root -p -h server.example.com
    Copy to Clipboard

    If your administrative user has no permissions to access the server remotely, perform the command on the MySQL server and connect to localhost.

  2. Use the REQUIRE SSL clause to enforce that a user must connect by using a TLS-encrypted connection: 

    MySQL [(none)]> ALTER USER 'example'@'%' REQUIRE SSL;
    Copy to Clipboard

Verification

  1. Connect to the server as the example user by using TLS encryption: 

    # mysql -u example -p -h server.example.com
...
MySQL [(none)]>
    Copy to Clipboard

    If no error is shown and you have access to the interactive MySQL console, the connection with TLS succeeds.

    By default, the client automatically uses TLS encryption if the server provides it. Therefore, the --ssl-ca=ca.crt.pem and --ssl-mode=VERIFY_IDENTITY options are not required, but improve the security because, with these options, the client verifies the identity of the server.

  2. Attempt to connect as the example user with TLS disabled: 

    # mysql -u example -p -h server.example.com --ssl-mode=DISABLED
ERROR 1045 (28000): Access denied for user 'example'@'server.example.com' (using password: YES)
    Copy to Clipboard

    The server rejected the login attempt because TLS is required for this user but disabled (--ssl-mode=DISABLED).

2.5. Configuring the MySQL client to use TLS encryption by default

On RHEL, you can globally configure that the MySQL client uses TLS encryption and verifies that the Common Name (CN) in the server certificate matches the hostname the user connects to. This prevents man-in-the-middle attacks.

Prerequisites

  • The MySQL server has TLS support enabled.
  • The CA certificate is stored in the /etc/pki/tls/certs/ca.crt.pem file on the client.

Procedure

  • Create the /etc/my.cnf.d/mysql-client-tls.cnf file with the following content: 

    [client]
ssl-mode=VERIFY_IDENTITY
ssl-ca=/etc/pki/tls/certs/ca.crt.pem
    Copy to Clipboard

    These settings define that the MySQL client uses TLS encryption and that the client compares the hostname with the CN in the server certificate (ssl-mode=VERIFY_IDENTITY). Additionally, it specifies the path to the CA certificate (ssl-ca).

Verification

  • Connect to the server using the hostname, and display the server status: 

    # mysql -u root -p -h server.example.com -e status
...
SSL:        Cipher in use is TLS_AES_256_GCM_SHA384
    Copy to Clipboard

    If the SSL entry contains Cipher in use is…​, the connection is encrypted.

    Note that the user you use in this command has permissions to authenticate remotely.

    If the hostname you connect to does not match the hostname in the TLS certificate of the server, the ssl-mode=VERIFY_IDENTITY parameter causes the connection to fail. For example, if you connect to localhost: 

    # mysql -u root -p -h localhost -e status
ERROR 2026 (HY000): SSL connection error: error:0A000086:SSL routines::certificate verify failed
    Copy to Clipboard

2.6. Backing up MySQL data

There are two main ways to back up data from a MySQL database:

Logical backup

Logical backup consists of the SQL statements necessary to restore the data. This type of backup exports information and records in plain text files.

The main advantage of logical backup over physical backup is portability and flexibility. The data can be restored on other hardware configurations, MySQL versions or Database Management System (DBMS), which is not possible with physical backups.

Note that logical backup can only be performed if the mysqld.service is running. Logical backup does not include log and configuration files.

Physical backup

Physical backup consists of copies of files and directories that store the content.

Physical backup has the following advantages compared to logical backup:

  • Output is more compact.
  • Backup is smaller in size.
  • Backup and restore are faster.

  • Backup includes log and configuration files.

    Note that physical backup must be performed when the mysqld.service is not running or all tables in the database are locked to prevent changes during the backup.

You can use one of the following MySQL backup approaches to back up data from a MySQL database:

  • Logical backup with mysqldump
  • File system backup
  • Replication as a backup solution

2.6.1. Performing logical backup with mysqldump

The mysqldump client is a backup utility, which can be used to dump a database or a collection of databases for the purpose of a backup or transfer to another database server. The output of mysqldump typically consists of SQL statements to re-create the server table structure, populate it with data, or both. mysqldump can also generate files in other formats, including XML and delimited text formats, such as CSV.

To perform the mysqldump backup, you can use one of the following options:

  • Back up one or more selected databases
  • Back up all databases
  • Back up a subset of tables from one database

Procedure

  • To dump a single database, run: 

    # mysqldump [options] --databases db_name > backup-file.sql
    Copy to Clipboard

  • To dump multiple databases at once, run: 

    # mysqldump [options] --databases db_name1 [db_name2 ...] > backup-file.sql
    Copy to Clipboard

  • To dump all databases, run: 

    # mysqldump [options] --all-databases > backup-file.sql
    Copy to Clipboard

  • To load one or more dumped full databases back into a server, run: 

    # mysql < backup-file.sql
    Copy to Clipboard

  • To load a database to a remote MySQL server, run: 

    # mysql --host=remote_host < backup-file.sql
    Copy to Clipboard

  • To dump a subset of tables from one database, add a list of the chosen tables at the end of the mysqldump command: 

    # mysqldump [options] db_name [tbl_name ...​] > backup-file.sql
    Copy to Clipboard

  • To load a subset of tables dumped from one database, run: 

    # mysql db_name < backup-file.sql
    Copy to Clipboard
    Note

    The db_name database must exist at this point.

  • To see a list of the options that mysqldump supports, run: 

    $ mysqldump --help
    Copy to Clipboard

2.6.2. Performing a file system backup on a MySQL server

To create a file system backup of MySQL data files, copy the content of the MySQL data directory to your backup location.

To back up also your current configuration or the log files, use the optional steps of the following procedure.

Procedure

  1. Stop the mysqld service: 

    # systemctl stop mysqld.service
    Copy to Clipboard

  2. Copy the data files to the required location: 

    # cp -r /var/lib/mysql/ /backup-location/data/
    Copy to Clipboard

  3. Optional: Copy the configuration files to the required location: 

    # cp -r /etc/my.cnf /etc/my.cnf.d/ /backup-location/configuration/
    Copy to Clipboard

  4. Optional: Copy the log files to the required location: 

    # cp /var/log/mysql/* /backup-location/logs/
    Copy to Clipboard

  5. Start the mysqld service: 

    # systemctl start mysqld.service
    Copy to Clipboard

  6. When loading the backed up data from the backup location to the /var/lib/mysql/ directory, ensure that mysql:mysql is an owner of all data in /var/lib/mysql/: 

    # chown -R mysql:mysql /var/lib/mysql/
    Copy to Clipboard

2.7. Migrating a MySQL instance from a previous RHEL version to MySQL 8.4 on RHEL 10

RHEL 10 provides MySQL 8.4. If you run a MySQL instance on a previous RHEL version, you can set up RHEL 10 on a new host and migrate the instance to it.

Prerequisites

  • You set up RHEL 10 on a new host.
  • You performed a file system backup of the MySQL instance on the RHEL 8 or RHEL 9 host.

Procedure

  1. Install the mysql8.4-server package: 

    # dnf install mysql8.4-server
    Copy to Clipboard

  2. Stop the service if it is already running: 

    # systemctl stop mysqld.service
    Copy to Clipboard
  3. Copy the content of the /var/lib/mysql/ directory from the previous host to the same location on the RHEL 10 host.
  4. Copy the configuration files from the previous host to the /etc/my.cnf.d/ directory, and ensure that the files includes only options valid for MySQL 8.4. For details, see the upstream documentation.

  5. Restore the SELinux context: 

    # restorecon -rv /var/lib/mysql/
# restorecon -rv /etc/my.cnf.d/
    Copy to Clipboard

  6. Ensure the correct ownership of /var/lib/mysql/ and its subdirectories: 

    # chown -R mysql:mysql /var/lib/mysql/
    Copy to Clipboard

  7. Enable and start the mysqld service: 

    # systemctl enable --now mysqld.service
    Copy to Clipboard

    When the service starts, MySQL automatically checks, repairs, and updates internal tables.

Verification

  • Establish a connection to the MySQL server: 

    # mysql -u root -p -h <hostname>
    Copy to Clipboard

2.8. Replicating MySQL with TLS encryption

MySQL provides various configuration options for replication, ranging from basic to advanced. This section describes a transaction-based way to replicate in MySQL on freshly installed MySQL servers by using global transaction identifiers (GTIDs). Using GTIDs simplifies transaction identification and consistency verification.

Important

If you want to use existing MySQL servers for replication, you must first synchronize data. See the upstream documentation for more information.

2.8.1. Configuring a MySQL source server

You can set configuration options required for a MySQL source server to properly run and replicate all changes made on the database server through the TLS protocol.

Prerequisites

  • The source server is installed.

  • The source server has TLS set up.

    Important

    The source and replica certificates must be signed by the same certificate authority.

Procedure

  1. Include the following options in the /etc/my.cnf.d/mysql-server.cnf file under the [mysqld] section:

    • bind-address=source_ip_adress

      This option is required for connections made from replicas to the source.

    • server-id=id

      The id must be unique.

    • log_bin=path_to_source_server_log

      This option defines a path to the binary log file of the MySQL source server. For example: log_bin=/var/log/mysql/mysql-bin.log.

    • gtid_mode=ON

      This option enables global transaction identifiers (GTIDs) on the server.

    • enforce-gtid-consistency=ON

      The server enforces GTID consistency by allowing execution of only statements that can be safely logged by using a GTID.

    • Optional: binlog_do_db=db_name

      Use this option if you want to replicate only selected databases. To replicate more than one selected database, specify each of the databases separately: 

      binlog_do_db=db_name1
binlog_do_db=db_name2
binlog_do_db=db_name3
      Copy to Clipboard

    • Optional: binlog_ignore_db=db_name

      Use this option to exclude a specific database from replication.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service
    Copy to Clipboard

2.8.2. Configuring a MySQL replica server

You can set configuration options required for a MySQL replica server to ensure a successful replication.

Prerequisites

  • The replica server is installed.

  • The replica server has TLS set up.

    Important

    The source and replica certificates must be signed by the same certificate authority.

Procedure

  1. Include the following options in the /etc/my.cnf.d/mysql-server.cnf file under the [mysqld] section:

    • server-id=id

      The id must be unique.

    • relay-log=path_to_replica_server_log

      The relay log is a set of log files created by the MySQL replica server during replication.

    • log_bin=path_to_replica_sever_log

      This option defines a path to the binary log file of the MySQL replica server. For example: log_bin=/var/log/mysql/mysql-bin.log.

      This option is not required in a replica but strongly recommended.

    • gtid_mode=ON

      This option enables global transaction identifiers (GTIDs) on the server.

    • enforce-gtid-consistency=ON

      The server enforces GTID consistency by allowing execution of only statements that can be safely logged by using a GTID.

    • log-replica-updates=ON

      This option ensures that updates received from the source server are logged in the replica’s binary log.

    • skip-replica-start=ON

      This option ensures that the replica server does not start the replication threads when the replica server starts.

    • Optional: binlog_do_db=db_name

      Use this option if you want to replicate only certain databases. To replicate more than one database, specify each of the databases separately: 

      binlog_do_db=db_name1
binlog_do_db=db_name2
binlog_do_db=db_name3
      Copy to Clipboard

    • Optional: binlog_ignore_db=db_name

      Use this option to exclude a specific database from replication.

  2. Restart the mysqld service: 

    # systemctl restart mysqld.service
    Copy to Clipboard

2.8.3. Creating a replication user on the MySQL source server

You must create a replication user and grant this user permissions required for replication traffic. This procedure shows how to create a replication user with appropriate permissions. Execute these steps only on the source server.

Prerequisites

Procedure

  1. Create a replication user: 

    mysql> CREATE USER 'replication_user'@'replica_server_hostname' IDENTIFIED WITH mysql_native_password BY 'password';
    Copy to Clipboard

  2. Grant the user replication permissions: 

    mysql> GRANT REPLICATION SLAVE ON *.* TO 'replication_user'@'replica_server_hostname';*
    Copy to Clipboard

  3. Reload the grant tables in the MySQL database: 

    mysql> FLUSH PRIVILEGES;
    Copy to Clipboard

  4. Set the source server to read-only state: 

    mysql> SET @@GLOBAL.read_only = ON;
    Copy to Clipboard

2.8.4. Connecting the MySQL replica server to the source server

On the MySQL replica server, you must configure credentials and the address of the source server. Use the following procedure to implement the replica server.

Prerequisites

Procedure

  1. Set the replica server to read-only state: 

    mysql> SET @@GLOBAL.read_only = ON;
    Copy to Clipboard

  2. Configure the replication source: 

    mysql> CHANGE REPLICATION SOURCE TO
       SOURCE_HOST='source_hostname',
       SOURCE_USER='replication_user',
       SOURCE_PASSWORD='password',
       SOURCE_AUTO_POSITION=1,
       SOURCE_SSL=1,
       SOURCE_SSL_CA='path_to_ca_on_source',
       SOURCE_SSL_CAPATH='path_to_directory_with_certificates',
       SOURCE_SSL_CERT='path_to_source_certificate',
       SOURCE_SSL_KEY='path_to_source_key';
    Copy to Clipboard

  3. Start the replica thread in the MySQL replica server: 

    mysql> START REPLICA;
    Copy to Clipboard

  4. Unset the read-only state on both the source and replica servers: 

    mysql> SET @@GLOBAL.read_only = OFF;
    Copy to Clipboard

  5. Optional: Inspect the status of the replica server for debugging purposes: 

    mysql> SHOW REPLICA STATUS\G;
    Copy to Clipboard
    Note

    If the replica server fails to start or connect, you can skip a certain number of events following the binary log file position displayed in the output of the SHOW MASTER STATUS command. For example, skip the first event from the defined position: 

    mysql> SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1;
    Copy to Clipboard

    Afterwards, try to start the replica server again.

  6. Optional: Stop the replica thread in the replica server: 

    mysql> STOP REPLICA;
    Copy to Clipboard

2.8.5. Verifying replication on a MySQL server

After you configured replication among multiple MySQL servers, you should verify that that it works.

Procedure

  1. Create an example database on the source server: 

    mysql> CREATE DATABASE test_db_name;
    Copy to Clipboard
  2. Verify that the test_db_name database replicates on the replica server.

  3. Display status information about the binary log files of the MySQL server by executing the following command on either of the source or replica servers: 

    mysql> SHOW MASTER STATUS;
    Copy to Clipboard

    The Executed_Gtid_Set column, which shows a set of GTIDs for transactions executed on the source, must not be empty.

    Note

    The same set of GTIDs is displayed in the Executed_Gtid_Set row when you use the SHOW REPLICA STATUS on the replica server.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat