Chapter 14. Infrastructure services
The following chapter contains the most notable changes to infrastructure services between RHEL 9 and RHEL 10.
The Kea DHCP server replaces ISC DHCP
Kea is a new Dynamic Host Configuration Protocol (DHCP) server solution in RHEL. Kea DHCP is an implementation from Internet Systems Consortium (ISC) that includes fully functional DHCPv4, DHCPv6, and Dynamic DNS servers. The Kea DHCP server has the following advantages:
- It is an extensible server solution with module hooks.
- It allows re-configuration through the REST API.
- It has a design that allows separation of data (leases) and execution environment.
tuned-ppd
, Valkey
, libcpuid
and dnsconfd
packages are now available
The following packages are included in Red Hat Enterprise Linux:
-
tuned-ppd
: Thetune-ppd
is a replacement ofdrop-in power-profiles-daemon
which uses TuneD as a backend. -
Valkey
: This package replaces redis and provides the same features as it. -
libcpuid
: This package has been added for accurate CPU model identification in TuneD. -
dnsconfd
:dnsconfd
is a local DNS cache configuration daemon. The newly configured daemon provides an easy way to set up DNS caching, split DNS, DNS over TLS, and other DNS features.
Significant changes in the package set for infrastructure services
The following packages are no longer included in Red Hat Enterprise Linux:
-
sendmail
: Red Hat recommends migrating to the postfix mail daemon, which is supported. -
redis
: Red Hat recommends migrating to thevalkey
package. -
dhcp
: Red Hat recommends migrating to available alternatives such asdhcpcd
andISC Kea
. -
mod_security
: Themod_security
directive is now available in the EPEL repository . -
spamassassin
: The Spamassassin mail filter is now available in EPEL repository instead of standard RHEL repository as it depends onlibdb
(Berkeley DB) library which is not available due to licensing issues. -
xsane
: The API is not yet ported toGtk3
.
The following packages have been renamed: * gpsd
: It was previously included as gpsd-minimal
.
Changes in the httpd
package
In RHEL 10.0, the httpd
package includes the following changes that affect the httpd
daemon usage and deployment:
-
The
mod_authnz_fcgi
package is now loaded by default. You can use this module withFastCGI-based
authorizer applications to authenticate. For more information, see https://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html [FastCGI authorizer applications] -
The
httpd.service
unit file now applies a number of security hardening settings by default. For example, theProtectHome=read-only
setting is now applied by default. It mounts the/home
filesystem read-only for thehttpd
service. For the full list of hardening settings , see the/usr/lib/systemd/system/httpd.service
file. The support for OpenSSL
ENGINE
has been removed. You must no longer use theSSLCryptoDevice
configuration directive.NotePKCS#11
URIs are still supported via the OpenSSLpkcs11-provider
package.-
Support for the Berkeley DB databases has been removed since Red Hat Enterprise Linux 9. Modules, such as
mod_authz_dbm
, now use the LMDB database type by default. As an alternative, you can also use the SDBM database type.
Changes in the nginx
package image mode
By default, the /usr/share/nginx/html
is the configured document root
directory for the nginx
daemon. /usr/share/nginx/html
does not have write
access in RHEL image mode. You can configure an alternative document root
directory by adding a drop-in configuration file in the /etc/nginx/default.d
directory while building image mode containers .