Chapter 14. Infrastructure services

The following chapter contains the most notable changes to infrastructure services between RHEL 9 and RHEL 10.

The Kea DHCP server replaces ISC DHCP

Kea is a new Dynamic Host Configuration Protocol (DHCP) server solution in RHEL. Kea DHCP is an implementation from Internet Systems Consortium (ISC) that includes fully functional DHCPv4, DHCPv6, and Dynamic DNS servers. The Kea DHCP server has the following advantages:

It is an extensible server solution with module hooks.
It allows re-configuration through the REST API.
It has a design that allows separation of data (leases) and execution environment.

tuned-ppd, Valkey, libcpuid and dnsconfd packages are now available

The following packages are included in Red Hat Enterprise Linux:

tuned-ppd : The tune-ppd is a replacement of drop-in power-profiles-daemon which uses TuneD as a backend.
Valkey : This package replaces redis and provides the same features as it.
libcpuid : This package has been added for accurate CPU model identification in TuneD.
dnsconfd : dnsconfd is a local DNS cache configuration daemon. The newly configured daemon provides an easy way to set up DNS caching, split DNS, DNS over TLS, and other DNS features.

Significant changes in the package set for infrastructure services

The following packages are no longer included in Red Hat Enterprise Linux:

sendmail : Red Hat recommends migrating to the postfix mail daemon, which is supported.
redis : Red Hat recommends migrating to the valkey package.
dhcp : Red Hat recommends migrating to available alternatives such as dhcpcd and ISC Kea.
mod_security: The mod_security directive is now available in the EPEL repository .
spamassassin : The Spamassassin mail filter is now available in EPEL repository instead of standard RHEL repository as it depends on libdb (Berkeley DB) library which is not available due to licensing issues.
xsane : The API is not yet ported to Gtk3.

The following packages have been renamed: * gpsd : It was previously included as gpsd-minimal.

Changes in the httpd package

In RHEL 10.0, the httpd package includes the following changes that affect the httpd daemon usage and deployment:

The mod_authnz_fcgi package is now loaded by default. You can use this module with FastCGI-based authorizer applications to authenticate. For more information, see https://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html [FastCGI authorizer applications]
The httpd.service unit file now applies a number of security hardening settings by default. For example, the ProtectHome=read-only setting is now applied by default. It mounts the /home filesystem read-only for the httpd service. For the full list of hardening settings , see the /usr/lib/systemd/system/httpd.service file.
The support for OpenSSL ENGINE has been removed. You must no longer use the SSLCryptoDevice configuration directive.
Note
PKCS#11 URIs are still supported via the OpenSSL pkcs11-provider package.
Support for the Berkeley DB databases has been removed since Red Hat Enterprise Linux 9. Modules, such as mod_authz_dbm, now use the LMDB database type by default. As an alternative, you can also use the SDBM database type.

Changes in the nginx package image mode

By default, the /usr/share/nginx/html is the configured document root directory for the nginx daemon. /usr/share/nginx/html does not have write access in RHEL image mode. You can configure an alternative document root directory by adding a drop-in configuration file in the /etc/nginx/default.d directory while building image mode containers .

Chapter 14. Infrastructure services

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

Making open source more inclusive

About Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links