Considerations in adopting RHEL 8


Red Hat Enterprise Linux 8

Key differences between Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8

Red Hat Customer Content Services

Abstract

This document provides an overview of changes in Red Hat Enterprise Linux 8 since Red Hat Enterprise Linux 7 to help you evaluate an upgrade to Red Hat Enterprise Linux 8.

Providing feedback on Red Hat documentation

We appreciate your feedback on our documentation. Let us know how we can improve it.

Submitting feedback through Jira (account required)

  1. Log in to the Jira website.
  2. Click Create in the top navigation bar.
  3. Enter a descriptive title in the Summary field.
  4. Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
  5. Click Create at the bottom of the dialogue.

Chapter 1. Preface

This document provides an overview of differences between two major versions of Red Hat Enterprise Linux: RHEL 7 and RHEL 8. It provides a list of changes relevant for evaluating an upgrade to RHEL 8 rather than an exhaustive list of all alterations.

Capabilities and limits of RHEL 8 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.

Information regarding the RHEL life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.

The Package manifest document provides a package listing for RHEL 8.

For details regarding RHEL 8 usage, see the RHEL 8 product documentation.

For guidance regarding an in-place upgrade from RHEL 7 to RHEL 8, see Upgrading from RHEL 7 to RHEL 8.

For information about major differences between RHEL 6 and RHEL 7, see the RHEL 7 Migration Planning Guide.

Chapter 2. Architectures

Red Hat Enterprise Linux 8 is distributed with the kernel version 4.18, which provides support for the following architectures:

  • AMD and Intel 64-bit architectures
  • The 64-bit ARM architecture
  • IBM Power Systems, little endian
  • 64-bit IBM Z

Make sure you purchase the appropriate subscription for each architecture. For a list of available subscriptions, see Subscription Utilization on the Customer Portal.

Note that all architectures are supported by the standard kernel packages in RHEL 8; no kernel-alt package is needed.

Chapter 3. Repositories

Red Hat Enterprise Linux 8 is distributed through two main repositories:

  • BaseOS
  • AppStream

Both repositories are required for a basic RHEL installation, and are available with all RHEL subscriptions.

Content in the BaseOS repository is intended to provide the core set of the underlying OS functionality that provides the foundation for all installations. This content is available in the RPM format and is subject to support terms similar to those in previous releases of RHEL. For a list of packages distributed through BaseOS, see the Package manifest.

Content in the Application Stream repository includes additional user space applications, runtime languages, and databases in support of the varied workloads and use cases. Application Streams are available in the familiar RPM format, as an extension to the RPM format called modules, or as Software Collections. For a list of packages available in AppStream, see the Package manifest.

In addition, the CodeReady Linux Builder repository is available with all RHEL subscriptions. It provides additional packages for use by developers. Packages included in the CodeReady Linux Builder repository are unsupported.

For more information about RHEL 8 repositories, see the Package manifest.

Chapter 4. Application streams

Red Hat Enterprise Linux 8 introduces the concept of Application Streams. Multiple versions of user space components are now delivered and updated more frequently than the core operating system packages. This provides greater flexibility to customize Red Hat Enterprise Linux without impacting the underlying stability of the platform or specific deployments.

Components made available as Application Streams can be packaged as modules or RPM packages and are delivered through the AppStream repository in RHEL 8. Each Application Stream component has a given life cycle, either the same as RHEL 8 or shorter. For details, see Red Hat Enterprise Linux Life Cycle.

Modules are collections of packages representing a logical unit: an application, a language stack, a database, or a set of tools. These packages are built, tested, and released together.

Module streams represent versions of the Application Stream components. For example, several streams (versions) of the PostgreSQL database server are available in the postgresql module with the default postgresql:10 stream. Only one module stream can be installed on the system. Different versions can be used in separate containers.

Detailed module commands are described in the Installing, managing, and removing user-space components document. For a list of modules available in AppStream, see the Package manifest.

Chapter 5. Installer and image creation

5.1. Add-ons

5.1.1. OSCAP

The Open Security Content Automation Protocol (OSCAP) add-on is enabled by default in RHEL 8.

5.1.2. Kdump

The Kdump add-on adds support for configuring kernel crash dumping during installation. This add-on has full support in Kickstart (using the %addon com_redhat_kdump command and its options), and is fully integrated as an additional window in the graphical and text-based user interfaces.

5.2. Installer networking

A new network device naming scheme that generates network interface names based on a user-defined prefix is available in Red Hat Enterprise Linux 8. The net.ifnames.prefix boot option allows the device naming scheme to be used by the installation program and the installed system.

5.3. Installation images and packages

5.3.1. Ability to register your system, attach RHEL subscriptions, and install from the Red Hat CDN

Since Red Hat Enterprise Linux 8.2, you can register your system, attach RHEL subscriptions, and install from the Red Hat Content Delivery Network (CDN) before package installation. Interactive GUI installations, as well as automated Kickstart installations, support this feature. For more information, see the RHEL 8.2 Release Notes document.

5.3.2. Ability to register your system to Red Hat Insights during installation

Red Hat Insights is a managed service that gathers and analyzes platform and application data to predict risk, recommend actions, and track costs. Insights alerts you about warnings or optimizations that are relevant to several operational areas: system availability (including potential outages), security (for example, a new CVE is discovered for your systems), and business (such as overspending). Insights is included as part of your Red Hat subscription and is accessible through the Red Hat Hybrid Cloud Console. See also the Red Hat Insights documentation.

Since Red Hat Enterprise Linux 8.2, you can register your system to Red Hat Insights during installation. Interactive GUI installations, as well as automated Kickstart installations, support this feature. For more information, see the RHEL 8.2 Release Notes document.

5.3.3. Unified ISO

In Red Hat Enterprise Linux 8, a unified ISO automatically loads the BaseOS and AppStream installation source repositories. This feature works for the first base repository that is loaded during installation. For example, if you boot the installation with no repository configured and have the unified ISO as the base repository in the graphical user interface (GUI), or if you boot the installation using the inst.repo= option that points to the unified ISO.

As a result, the AppStream repository is enabled under the Additional Repositories section of the Installation Source GUI window. You cannot remove the AppStream repository or change its settings but you can disable it in Installation Source. This feature does not work if you boot the installation using a different base repository and then change it to the unified ISO. If you do that, the base repository is replaced. However, the AppStream repository is not replaced and points to the original file.

5.3.4. Stage2 image

In Red Hat Enterprise Linux 8, multiple network locations of stage2 or Kickstart files can be specified to prevent installation failure. This update enables the specification of multiple inst.stage2 and inst.ks boot options with network locations of stage2 and a Kickstart file. This avoids the situation in which the requested files cannot be reached and the installation fails because the contacted server with the stage2 or the Kickstart file is inaccessible.

With this new update, the installation failure can be avoided if multiple locations are specified. If all the defined locations are URLs, namely HTTP, HTTPS, or FTP, they will be tried sequentially until the requested file is fetched successfully. If there is a location that is not a URL, only the last specified location is tried. The remaining locations are ignored.

5.3.5. inst.addrepo parameter

Previously, you could only specify a base repository from the kernel boot parameters. In Red Hat Enterprise Linux 8, a new kernel parameter, inst.addrepo=<name>,<url>, allows you to specify an additional repository during installation. This parameter has two mandatory values: the name of the repository and the URL that points to the repository. For more information, see the inst-addrepo usage.

5.3.6. Installation from an expanded ISO

Red Hat Enterprise Linux 8 supports installing from a repository on a local hard drive. Previously, the only installation method from a hard drive was using an ISO image as the installation source. However, the Red Hat Enterprise Linux 8 ISO image might be too big for some file systems; for example, the FAT32 file system cannot store files larger than 4 GiB. In Red Hat Enterprise Linux 8, you can enable installation from a repository on a local hard drive; you only need to specify the directory instead of the ISO image. For example: inst.repo=hd:<device>:<path to the repository>.

For more information about the Red Hat Enterprise Linux 8 BaseOS and AppStream repositories, see the Repositories section of this document.

5.4. Installer Graphical User Interface

5.4.1. The Installation Summary window

The Installation Summary window of the Red Hat Enterprise Linux 8 graphical installation has been updated to a new three-column layout that provides improved organization of graphical installation settings.

5.5. System Purpose new in RHEL

5.5.1. System Purpose support in the graphical installation

Previously, the Red Hat Enterprise Linux installation program did not provide system purpose information to Subscription Manager. In Red Hat Enterprise Linux 8, you can set the intended purpose of the system during a graphical installation by using the System Purpose window, or in a Kickstart configuration file by using the syspurpose command. When you set a system’s purpose, the entitlement server receives information that helps auto-attach a subscription that satisfies the intended use of the system.

5.5.2. System Purpose support in Pykickstart

Previously, it was not possible for the pykickstart library to provide system purpose information to Subscription Manager. In Red Hat Enterprise Linux 8, pykickstart parses the new syspurpose command and records the intended purpose of the system during automated and partially-automated installation. The information is then passed to the installation program, saved on the newly-installed system, and available for Subscription Manager when subscribing the system.

5.6. Installer module support

5.6.1. Installing modules using Kickstart

In Red Hat Enterprise Linux 8, the installation program has been extended to handle all modular features. Kickstart scripts can now enable module and stream combinations, install module profiles, and install modular packages.

5.7. Kickstart changes

The following sections describe the changes in Kickstart commands and options in Red Hat Enterprise Linux 8.

auth or authconfig is deprecated in RHEL 8

The auth or authconfig Kickstart command is deprecated in Red Hat Enterprise Linux 8 because the authconfig tool and package have been removed.

Similarly to authconfig commands issued on command line, authconfig commands in Kickstart scripts now use the authselect-compat tool to run the new authselect tool. For a description of this compatibility layer and its known issues, see the manual page authselect-migration(7). The installation program will automatically detect use of the deprecated commands and install on the system the authselect-compat package to provide the compatibility layer.

Kickstart no longer supports Btrfs

The Btrfs file system is not supported from Red Hat Enterprise Linux 8. As a result, the Graphical User Interface (GUI) and the Kickstart commands no longer support Btrfs.

Using Kickstart files from previous RHEL releases

If you are using Kickstart files from previous RHEL releases, see the Repositories section of the Considerations in adopting RHEL 8 document for more information about the Red Hat Enterprise Linux 8 BaseOS and AppStream repositories.

5.7.1. Deprecated Kickstart commands and options

The following Kickstart commands and options have been deprecated in Red Hat Enterprise Linux 8.

Where only specific options are listed, the base command and its other options are still available and not deprecated.

  • auth or authconfig - use authselect instead
  • device
  • deviceprobe
  • dmraid
  • install - use the subcommands or methods directly as commands
  • multipath
  • bootloader --upgrade
  • ignoredisk --interactive
  • partition --active
  • reboot --kexec
  • syspurpose - use subscription-manager syspurpose instead

Except the auth or authconfig command, using the commands in Kickstart files prints a warning in the logs.

You can turn the deprecated command warnings into errors with the inst.ksstrict boot option, except for the auth or authconfig command.

5.7.2. Removed Kickstart commands and options

The following Kickstart commands and options have been completely removed in Red Hat Enterprise Linux 8. Using them in Kickstart files will cause an error.

  • device
  • deviceprobe
  • dmraid
  • install - use the subcommands or methods directly as commands
  • multipath
  • bootloader --upgrade
  • ignoredisk --interactive
  • partition --active
  • harddrive --biospart
  • upgrade (This command had already previously been deprecated.)
  • btrfs
  • part/partition btrfs
  • part --fstype btrfs or partition --fstype btrfs
  • logvol --fstype btrfs
  • raid --fstype btrfs
  • unsupported_hardware

Where only specific options and values are listed, the base command and its other options are still available and not removed.

5.8. Image creation

5.8.1. Custom system image creation with Image Builder

The Image Builder tool enables users to create customized RHEL images. As of Red Hat Enterprise Linux 8.3, Image Builder runs as a system service osbuild-composer package.

With Image Builder, users can create custom system images which include additional packages. Image Builder functionality can be accessed through:

  • a graphical user interface in the web console
  • a command-line interface in the composer-cli tool.

Image Builder output formats include, among others:

  • TAR archive
  • qcow2 file for direct use with a virtual machine or OpenStack
  • QEMU QCOW2 Image
  • cloud images for Azure, VMWare and AWS

To learn more about Image Builder, see the documentation title Composing a customized RHEL system image.

Chapter 6. Software management

6.1. Notable changes to the YUM stack

6.1.1. Package management with YUM/DNF

On Red Hat Enterprise Linux 8, installing software is ensured by the YUM tool, which is based on the DNF technology (YUM v4). We deliberately adhere to usage of the yum term for consistency with previous major versions of RHEL. However, if you type dnf instead of yum, the command works as expected because yum is an alias to dnf for compatibility.

For more details, see Installing, managing, and removing user-space components.

6.1.2. Advantages of YUM v4 over YUM v3

YUM v4 has the following advantages over the previous YUM v3 used on RHEL 7:

  • Increased performance
  • Support for modular content
  • Well-designed stable API for integration with tooling

For detailed information about differences between the new YUM v4 tool and the previous version YUM v3 from RHEL 7, see Changes in DNF CLI compared to YUM.

6.1.3. How to use YUM v4

Installing software

YUM v4 is compatible with YUM v3 when using from the command line, editing or creating configuration files.

For installing software, you can use the yum command and its particular options in the same way as on RHEL 7.

See more detailed information about Installing software packages.

Availability of plug-ins

Legacy YUM v3 plug-ins are incompatible with the new version of YUM v4. Selected yum plug-ins and utilities have been ported to the new DNF back end, and can be installed under the same names as in RHEL 7. They also provide compatibility symlinks, so the binaries, configuration files and directories can be found in usual locations.

In the event that a plug-in is no longer included, or a replacement does not meet a usability need, please reach out to Red Hat Support to request a Feature Enhancement as described in How do I open and manage a support case on the Customer Portal?

For more information, see Plugin Interface.

Availability of APIs

Note that the legacy Python API provided by YUM v3 is no longer available. Users are advised to migrate their plug-ins and scripts to the new API provided by YUM v4 (DNF Python API), which is stable and fully supported. The upstream project documents the new DNF Python API - see the DNF API Reference.

The Libdnf and Hawkey APIs (both C and Python) are to be considered unstable, and will likely change during RHEL 8 life cycle.

6.1.4. Availability of YUM configuration file options

The changes in configuration file options between RHEL 7 and RHEL 8 for the /etc/yum.conf and /etc/yum.repos.d/*.repo files are documented in the following summary.

Table 6.1. Changes in configuration file options for the /etc/yum.conf file
RHEL 7 optionRHEL 8 status

alwaysprompt

removed

assumeno

available

assumeyes

available

autocheck_running_kernel

available

autosavets

removed

bandwidth

available

bugtracker_url

available

cachedir

available

check_config_file_age

available

clean_requirements_on_remove

available

color

available

color_list_available_downgrade

available

color_list_available_install

available

color_list_available_reinstall

available

color_list_available_running_kernel

removed

color_list_available_upgrade

available

color_list_installed_extra

available

color_list_installed_newer

available

color_list_installed_older

available

color_list_installed_reinstall

available

color_list_installed_running_kernel

removed

color_search_match

available

color_update_installed

available

color_update_local

available

color_update_remote

available

commands

removed

config_file_path

available

debuglevel

available

deltarpm

available

deltarpm_metadata_percentage

removed

deltarpm_percentage

available

depsolve_loop_limit

removed

disable_excludes

available

diskspacecheck

available

distroverpkg

removed

enable_group_conditionals

removed

errorlevel

available

exactarchlist

removed

exclude

available

exit_on_lock

available

fssnap_abort_on_errors

removed

fssnap_automatic_keep

removed

fssnap_automatic_post

removed

fssnap_automatic_pre

removed

fssnap_devices

removed

fssnap_percentage

removed

ftp_disable_epsv

removed

gpgcheck

available

group_command

removed

group_package_types

available

groupremove_leaf_only

removed

history_list_view

available

history_record

available

history_record_packages

available

http_caching

removed

include

removed

installonly_limit

available

installonlypkgs

available

installrootkeep

removed

ip_resolve

available

keepalive

removed

keepcache

available

kernelpkgnames

removed

loadts_ignoremissing

removed

loadts_ignorenewrpm

removed

loadts_ignorerpm

removed

localpkg_gpgcheck

available

logfile

removed

max_connections

removed

mddownloadpolicy

removed

mdpolicy

removed

metadata_expire

available

metadata_expire_filter

removed

minrate

available

mirrorlist_expire

removed

multilib_policy

available

obsoletes

available

override_install_langs

removed

overwrite_groups

removed

password

available

payload_gpgcheck

removed

persistdir

available

pluginconfpath

available

pluginpath

available

plugins

available

protected_multilib

removed

protected_packages

available

proxy

available

proxy_password

available

proxy_username

available

query_install_excludes

removed

recent

available

recheck_installed_requires

removed

remove_leaf_only

removed

repo_gpgcheck

available

repopkgsremove_leaf_only

removed

reposdir

available

reset_nice

available

retries

available

rpmverbosity

available

shell_exit_status

removed

showdupesfromrepos

available

skip_broken

available

skip_missing_names_on_install

removed

skip_missing_names_on_update

removed

ssl_check_cert_permissions

removed

sslcacert

available

sslclientcert

available

sslclientkey

available

sslverify

available

syslog_device

removed

syslog_facility

removed

syslog_ident

removed

throttle

available

timeout

available

tolerant

removed

tsflags

available

ui_repoid_vars

removed

upgrade_group_objects_upgrade

available

upgrade_requirements_on_install

removed

usercache

removed

username

available

usr_w_check

removed

Table 6.2. Changes in configuration file options for the /etc/yum.repos.d/*.repo file
RHEL 7 optionRHEL 8 status

async

removed

bandwidth

available

baseurl

available

compare_providers_priority

removed

cost

available

deltarpm_metadata_percentage

removed

deltarpm_percentage

available

enabled

available

enablegroups

available

exclude

available

failovermethod

removed

ftp_disable_epsv

removed

gpgcakey

removed

gpgcheck

available

gpgkey

available

http_caching

removed

includepkgs

available

ip_resolve

available

keepalive

removed

metadata_expire

available

metadata_expire_filter

removed

metalink

available

mirrorlist

available

mirrorlist_expire

removed

name

available

password

available

proxy

available

proxy_password

available

proxy_username

available

repo_gpgcheck

available

repositoryid

removed

retries

available

skip_if_unavailable

available

ssl_check_cert_permissions

removed

sslcacert

available

sslclientcert

available

sslclientkey

available

sslverify

available

throttle

available

timeout

available

ui_repoid_vars

removed

username

available

6.1.5. YUM v4 features behaving differently

Some of the YUM v3 features may behave differently in YUM v4. If any such change negatively impacts your workflows, please open a case with Red Hat Support, as described in How do I open and manage a support case on the Customer Portal?

6.1.5.1. yum list presents duplicate entries

When listing packages using the yum list command, duplicate entries may be presented, one for each repository where a package of the same name and version resides.

This is intentional, and it allows the users to distinguish such packages when necessary.

For example, if package-1.2 is available in both repo1 and repo2, YUM v4 will print both instances:

[…​]
package-1.2    repo1
package-1.2    repo2
[…​]

By contrast, the legacy YUM v3 command filtered out such duplicates so that only one instance was shown:

[…​]
package-1.2    repo1
[…​]

6.1.6. Changes in the transaction history log files

The changes in the transaction history log files between RHEL 7 and RHEL 8 are documented in the following summary.

In RHEL 7, the /var/log/yum.log file stores:

  • Registry of installations, updates, and removals of the software packages
  • Transactions from yum and PackageKit

In RHEL 8, there is no direct equivalent to the /var/log/yum.log file. To display the information about the transactions, including the PackageKit and microdnf, use the yum history command.

Alternatively, you can search the /var/log/dnf.rpm.log file, but this log file does not include the transactions from PackageKit and microdnf, and it has a log rotation which provides the periodic removal of the stored information.

6.1.7. The deltarpm functionality is no longer supported

RHEL 8 no longer supports the use of delta rpms. To utilize delta rpms, a user must install the deltarpm package which is no longer available. The deltarpm replacement, drpm, does not provide the same functionality. Thus, the RHEL 8 content is not delivered in the deltarpm format. Note that this functionality will be completely removed in future RHEL releases.

6.2. Notable RPM features and changes

Red Hat Enterprise Linux (RHEL) 8 is distributed with RPM 4.14. This version introduces many enhancements over RPM 4.11, which is available in RHEL 7.

Notable features include:

  • The debuginfo packages can be installed in parallel
  • Support for weak dependencies
  • Support for rich or boolean dependencies
  • Support for packaging files above 4 GB in size
  • Support for file triggers
  • New --nopretrans and --noposttrans switches to disable the execution of the %pretrans and %posttrans scriptlets respectively.
  • New --noplugins switch to disable loading and execution of all RPM plug-ins.
  • New syslog plug-in for logging any RPM activity by the System Logging protocol (syslog).
  • The rpmbuild command can now do all build steps from a source package directly.

    This is possible if rpmbuild is used with any of the -r[abpcils] options.

  • Support for the reinstall mode.

    This is ensured by the new --reinstall option. To reinstall a previously installed package, use the syntax below:

    rpm {--reinstall} [install-options] PACKAGE_FILE

    This option ensures a proper installation of the new package and removal of the old package.

  • Support for SSD conservation mode.

    This is ensured by the new %_minimize_writes macro, which is available in the /usr/lib/rpm/macros file. The macro is by default set to 0. To minimize writing to SSD disks, set %_minimize_writes to 1.

  • New rpm2archive utility for converting rpm payload to tar archives

See more information about New RPM features in RHEL 8.

Notable changes include:

  • Stricter spec-parser
  • Simplified signature checking the output in non-verbose mode
  • Improved support for reproducible builds (builds that create an identical package):

    • Setting build time
    • Setting file mtime (file modification time)
    • Setting buildhost
  • Using the -p option to query an uninstalled PACKAGE_FILE is now optional. For this use case, the rpm command now returns the same result with or without the -p option. The only use case where the -p option is necessary is to verify that the file name does not match any Provides in the rpmdb database.
  • Additions and deprecations in macros

    • The %makeinstall macro has been deprecated. To install a program, use the %make_install macro instead.
  • The rpmbuild --sign command has been deprecated.

    Note that using the --sign option with the rpmbuild command has been deprecated. To add a signature to an already existing package, use rpm --addsign instead.

Chapter 7. Infrastructure services

7.1. Time synchronization

Accurate timekeeping is important for a number of reasons. In Linux systems, the Network Time Protocol (NTP) protocol is implemented by a daemon running in user space.

7.1.1. Implementation of NTP

RHEL 7 supported two implementations of the NTP protocol: ntp and chrony.

In RHEL 8, the NTP protocol is implemented only by the chronyd daemon, provided by the chrony package.

The ntp daemon is no longer available. If you used ntp on your RHEL 7 system, you might need to migrate to chrony.

Possible replacements for previous ntp features that are not supported by chrony are documented in Achieving some settings previously supported by ntp in chrony.

7.1.2. Introduction to chrony suite

chrony is an implementation of NTP, which performs well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuously, or run on a virtual machine.

You can use chrony:

  • To synchronize the system clock with NTP servers
  • To synchronize the system clock with a reference clock, for example a GPS receiver
  • To synchronize the system clock with a manual time input
  • As an NTPv4(RFC 5905) server or peer to provide a time service to other computers in the network

For more information about chrony, see Configuring basic system settings.

7.1.2.1. Differences between chrony and ntp

See the following resources for information about differences between chrony and ntp:

7.1.2.1.1. Chrony applies leap second correction by default

In RHEL 8, the default chrony configuration file, /etc/chrony.conf, includes the leapsectz directive.

The leapsectz directive enables chronyd to:

  • Get information about leap seconds from the system tz database (tzdata)
  • Set the TAI-UTC offset of the system clock in order that the system provides an accurate International Atomic Time (TAI) clock (CLOCK_TAI)

The directive is not compatible with servers that hide leap seconds from their clients using a leap smear, such as chronyd servers configured with the leapsecmode and smoothtime directives. If a client chronyd is configured to synchronize to such servers, remove leapsectz from the configuration file.

7.1.3. Additional information

For more information about how to configure NTP using the chrony suite, see Configuring time synchronization.

7.2. BIND - Implementation of DNS

RHEL 8 includes BIND (Berkeley Internet Name Domain) in version 9.11. This version of the DNS server introduces multiple new features and feature changes compared to version 9.10.

New features:

  • A new method of provisioning secondary servers called Catalog Zones has been added.
  • Domain Name System Cookies are now sent by the named service and the dig utility.
  • The Response Rate Limiting feature can now help with mitigation of DNS amplification attacks.
  • Performance of response-policy zone (RPZ) has been improved.
  • A new zone file format called map has been added. Zone data stored in this format can be mapped directly into memory, which enables zones to load significantly faster.
  • A new tool called delv (domain entity lookup and validation) has been added, with dig-like semantics for looking up DNS data and performing internal DNS Security Extensions (DNSSEC) validation.
  • A new mdig command is now available. This command is a version of the dig command that sends multiple pipelined queries and then waits for responses, instead of sending one query and waiting for the response before sending the next query.
  • A new prefetch option, which improves the recursive resolver performance, has been added.
  • A new in-view zone option, which allows zone data to be shared between views, has been added. When this option is used, multiple views can serve the same zones authoritatively without storing multiple copies in memory.
  • A new max-zone-ttl option, which enforces maximum TTLs for zones, has been added. When a zone containing a higher TTL is loaded, the load fails. Dynamic DNS (DDNS) updates with higher TTLs are accepted but the TTL is truncated.
  • New quotas have been added to limit queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks.
  • The nslookup utility now looks up both IPv6 and IPv4 addresses by default.
  • The named service now checks whether other name server processes are running before starting up.
  • When loading a signed zone, named now checks whether a Resource Record Signature’s (RSIG) inception time is in the future, and if so, it regenerates the RRSIG immediately.
  • Zone transfers now use smaller message sizes to improve message compression, which reduces network usage.

Feature changes:

  • The version 3 XML schema for the statistics channel, including new statistics and a flattened XML tree for faster parsing, is provided by the HTTP interface. The legacy version 2 XML schema is no longer supported.
  • The named service now listens on both IPv6 and IPv4 interfaces by default.
  • The named service no longer supports GeoIP databases. Access control lists (ACLs) defined by presumed location of query sender are unavailable.
  • Since RHEL 8.2, the named service supports GeoIP2, which is provided in the libmaxminddb data format.

7.3. DNS resolution

In RHEL 7, the nslookup and host utilities were able to accept any reply without the recursion available flag from any name server listed. In RHEL 8, nslookup and host ignore replies from name servers with recursion not available unless it is the name server that is last configured. In case of the last configured name server, answer is accepted even without the recursion available flag.

However, if the last configured name server is not responding or unreachable, name resolution fails. To prevent such fail, you can use one of the following approaches:

  • Ensure that configured name servers always reply with the recursion available flag set.
  • Allow recursion for all internal clients.

Optionally, you can also use the dig utility to detect whether recursion is available or not.

7.4. Postfix

By default in RHEL 8, Postfix uses MD5 fingerprints with the TLS for backward compatibility. But in FIPS mode, the MD5 hashing function is not available, which may cause TLS to incorrectly function in the default Postfix configuration. As a workaround, the hashing function needs to be changed to SHA-256 in the postfix configuration file.

For more details, see the related link: https://access.redhat.com/articles/5824391

7.5. Printing

7.5.2. Location of CUPs logs

CUPS provides three kinds of logs:

  • Error log
  • Access log
  • Page log

In RHEL 8, the logs are no longer stored in specific files within the /var/log/cups directory, which was used in RHEL 7. Instead, all three types are logged centrally in systemd-journald together with logs from other programs.

For more information about how to use CUPS logs in RHEL 8, see Accessing the CUPS logs in the systemd journal.

7.5.3. Additional information

For more information about how to configure printing in RHEL 8, see Configuring printing.

7.6. Performance and power management options

7.6.1. Notable changes in the recommended TuneD profile

In RHEL 8, the recommended TuneD profile, reported by the tuned-adm recommend command, is selected based on the following rules:

  • If the syspurpose role (reported by the syspurpose show command) contains atomic, and at the same time:

    • if TuneD is running on bare metal, the atomic-host profile is selected
    • if TuneD is running in a virtual machine, the atomic-guest profile is selected
  • If TuneD is running in a virtual machine, the virtual-guest profile is selected
  • If the syspurpose role contains desktop or workstation and the chassis type (reported by dmidecode) is Notebook, Laptop, or Portable, then the balanced profile is selected
  • If none of the above rules matches, the throughput-performance profile is selected

Note that the first rule that matches takes effect.

7.7. Other changes to infrastructure services components

The summary of other notable changes to particular infrastructure services components follows.

Table 7.1. Notable changes to infrastructure services components
NameType of changeAdditional information

acpid

Option change

-d (debug) no longer implies -f (foreground)

bind

Configuration option removal

dnssec-lookaside auto removed; use no instead

brltty

Configuration option change

--message-delay brltty renamed to --message-timeout

brltty

Configuration option removal

-U [--update-interval=] removed

brltty

Configuration option change

A Bluetooth device address may now contain dashes (-) instead of colons (:). The bth: and bluez: device qualifier aliases are no longer supported.

cups

Functionality removal

Upstream removed support of interface scripts because of security reasons. Use ppds and drivers provided by OS or proprietary ones.

cups

Directive options removal

Removed Digest and BasicDigest authentication types for AuthType and DefaultAuthType directives in /etc/cups/cupsd.conf. Migrate to Basic.

cups

Directive options removal

Removed Include from cupsd.conf

cups

Directive options removal

Removed ServerCertificate and ServerKey from cups-files.conf use Serverkeychain instead

cups

Directives moved between conf files

SetEnv and PassEnv moved from cupsd.conf to cups-files.conf

cups

Directives moved between conf files

PrintcapFormat moved from cupsd.conf to cups-files.conf

cups-filters

Default configuration change

Names of remote print queues discovered by cups-browsed are now created based on device ID of printer, not on the name of remote print queue.

cups-filters

Default configuration change

CreateIPPPrinterQueues must be set to All for automatic creation of queues of IPP printers

cyrus-imapd

Data format change

Cyrus-imapd 3.0.7 has different data format.

dhcp

Behavior change

dhclient sends the hardware address as a client identifier by default. The client-id option is configurable. For more information, see the /etc/dhcp/dhclient.conf file.

dhcp

Options incompatibility

The -I option is now used for standard-ddns-updates. For the previous functionality (dhcp-client-identifier), use the new -C option.

dosfstools

Behavior change

Data structures are now automatically aligned to cluster size. To disable the alignment, use the -a option. fsck.fat now defaults to interactive repair mode which previously had to be selected with the -r option.

finger

Functionality removal

 

GeoIP

Functionality removal

 

grep

Behavior change

grep now treats files containining data improperly encoded for the current locale as binary.

grep

Behavior change

grep -P no longer reports an error and exits when given invalid UTF-8 data

grep

Behavior change

grep now warns if the GREP_OPTIONS environment variable is now used. Use an alias or script instead.

grep

Behavior change

grep -P eports an error and exits in locales with multibyte character encodings other than UTF-8

grep

Behavior change

When searching binary data, grep may treat non-text bytes as line terminators, which impacts performance significantly.

grep

Behavior change

grep -z no longer automatically treats the byte '\200' as binary data.

grep

Behavior change

Context no longer excludes selected lines omitted because of -m.

irssi

Behavior change

SSLv2 and SSLv3 no longer supported

lftp

Change of options

xfer:log and xfer:log-file deprecated; now available under log:enabled and log:file commands

ntp

Functionality removal

ntp has been removed; use chrony instead

postfix

Configuration change

3.x version have compatibility safety net that runs Postfix programs with backwards-compatible default settings after an upgrade.

postfix

Configuration change

In the Postfix MySQL database client, the default option_group value has changed to client, set it to empty value for backward compatible behavior.

postfix

Configuration change

The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment. For example,

import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ=UTC XAUTHORITY DISPLAY LANG=C.

postfix

Configuration change

ECDHE - smtpd_tls_eecdh_grade defaults to auto; new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated

postfix

Configuration change

Changed defaults for append_dot_mydomain (new: no, old: yes), master.cf chroot (new: n, old: y), smtputf8 (new: yes, old: no).

postfix

Configuration change

Changed defaults for relay_domains (new: empty, old: $mydestination).

postfix

Configuration change

The mynetworks_style default value has changed from subnet to host.

powertop

Option removal

-d removed

powertop

Option change

-h is no longer alias for --html. It is now an alias for --help.

powertop

Option removal

-u removed

quagga

Functionality removal

 

sendmail

Configuration change

sendmail uses uncompressed IPv6 addresses by default, which permits a zero subnet to have a more specific match. Configuration data must use the same format, so make sure patterns such as IPv6:[0-9a-fA-F:]*:: and IPv6:: are updated before using 8.15.

spamassasin

Command line option removal

Removed --ssl-version in spamd.

spamassasin

Command line option change

In spamc, the command line option -S/--ssl can no longer be used to specify SSL/TLS version. The option can now only be used without an argument to enable TLS.

spamassasin

Change in supported SSL versions

In spamc and spamd, SSLv3 is no longer supported.

spamassasin

Functionality removal

sa-update no longer supports SHA1 validation of filtering rules, and uses SHA256/SHA512 validation instead.

vim

Default settings change

Vim runs default.vim script, if no ~/.vimrc file is available.

vim

Default settings change

Vim now supports bracketed paste from terminal. Include 'set t_BE=' in vimrc for the previous behavior.

vsftpd

Default configuration change

anonymous_enable disabled

vsftpd

Default configuration change

strict_ssl_read_eof now defaults to YES

vsftpd

Functionality removal

tcp_wrappers no longer supported

vsftpd

Default configuration change

TLSv1 and TLSv1.1 are disabled by default

wireshark

Python bindings removal

Dissectors can no longer be written in Python, use C instead.

wireshark

Option removal

-C suboption for -N option for asynchronous DNS name resolution removed

wireshark

Ouput change

With the -H option, the output no longer shows SHA1, RIPEMD160 and MD5 hashes. It now shows SHA256, RIPEMD160 and SHA1 hashes.

wvdial

Functionality removal

 

Chapter 8. Security

8.1. Changes in core cryptographic components

8.1.1. System-wide cryptographic policies are applied by default

Crypto-policies is a component in Red Hat Enterprise Linux 8, which configures the core cryptographic subsystems, covering the TLS, IPsec, DNSSEC, Kerberos protocols, and the OpenSSH suite. It provides a small set of policies, which the administrator can select using the update-crypto-policies command.

The DEFAULT system-wide cryptographic policy offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if larger than 2047 bits.

See the Consistent security by crypto policies in Red Hat Enterprise Linux 8 article on the Red Hat Blog and the update-crypto-policies(8) man page for more information.

8.1.2. Strong crypto defaults by removing insecure cipher suites and protocols

The following list contains cipher suites and protocols removed from the core cryptographic libraries in RHEL 8. They are not present in the sources, or their support is disabled during the build, so applications cannot use them.

  • DES (since RHEL 7)
  • All export grade cipher suites (since RHEL 7)
  • MD5 in signatures (since RHEL 7)
  • SSLv2 (since RHEL 7)
  • SSLv3 (since RHEL 8)
  • All ECC curves < 224 bits (since RHEL 6)
  • All binary field ECC curves (since RHEL 6)

8.1.3. Cipher suites and protocols disabled in all policy levels

The following cipher suites and protocols are disabled in all crypto policy levels. They can be enabled only by an explicit configuration of individual applications.

  • DH with parameters < 1024 bits
  • RSA with key size < 1024 bits
  • Camellia
  • ARIA
  • SEED
  • IDEA
  • Integrity-only cipher suites
  • TLS CBC mode cipher suites using SHA-384 HMAC
  • AES-CCM8
  • All ECC curves incompatible with TLS 1.3, including secp256k1
  • IKEv1 (since RHEL 8)

8.1.4. Switching the system to FIPS mode

The system-wide cryptographic policies contain a policy level that enables cryptographic modules self-checks in accordance with the requirements by Federal Information Processing Standard (FIPS) Publication 140-2. The fips-mode-setup tool that enables or disables FIPS mode internally uses the FIPS system-wide cryptographic policy level.

To switch the system to FIPS mode in RHEL 8, enter the following command and restart your system:

# fips-mode-setup --enable

See the fips-mode-setup(8) man page for more information.

8.1.5. TLS 1.0 and TLS 1.1 are deprecated

The TLS 1.0 and TLS 1.1 protocols are disabled in the DEFAULT system-wide cryptographic policy level. If your scenario, for example, a video conferencing application in the Firefox web browser, requires using the deprecated protocols, switch the system-wide cryptographic policy to the LEGACY level:

# update-crypto-policies --set LEGACY

For more information, see the Strong crypto defaults in RHEL 8 and deprecation of weak crypto algorithms Knowledgebase article on the Red Hat Customer Portal and the update-crypto-policies(8) man page on your system.

8.1.6. TLS 1.3 support in cryptographic libraries

This update enables Transport Layer Security (TLS) 1.3 by default in all major back-end crypto libraries. This enables low latency across the operating system communications layer and enhances privacy and security for applications by taking advantage of new algorithms, such as RSA-PSS or X25519.

8.1.7. DSA is deprecated in RHEL 8

The Digital Signature Algorithm (DSA) is considered deprecated in Red Hat Enterprise Linux 8. Authentication mechanisms that depend on DSA keys do not work in the default configuration. Note that OpenSSH clients do not accept DSA host keys even in the LEGACY system-wide cryptographic policy level.

8.1.8. SSL2 Client Hello has been deprecated in NSS

The Transport Layer Security (TLS) protocol version 1.2 and earlier allow to start a negotiation with a Client Hello message formatted in a way that is backward compatible with the Secure Sockets Layer (SSL) protocol version 2. Support for this feature in the Network Security Services (NSS) library has been deprecated and it is disabled by default.

Applications that require support for this feature need to use the new SSL_ENABLE_V2_COMPATIBLE_HELLO API to enable it. Support for this feature may be removed completely in future releases of Red Hat Enterprise Linux 8.

8.1.9. NSS now use SQL by default

The Network Security Services (NSS) libraries now use the SQL file format for the trust database by default. The DBM file format, which was used as a default database format in previous releases, does not support concurrent access to the same database by multiple processes and it has been deprecated in upstream. As a result, applications that use the NSS trust database to store keys, certificates, and revocation information now create databases in the SQL format by default. Attempts to create databases in the legacy DBM format fail. The existing DBM databases are opened in read-only mode, and they are automatically converted to the SQL format. Note that NSS support the SQL file format since Red Hat Enterprise Linux 6.

8.2. SSH

8.2.1. OpenSSH rebased to version 7.8p1

The openssh packages have been upgraded to upstream version 7.8p1. Notable changes include:

  • Removed support for the SSH version 1 protocol.
  • Removed support for the hmac-ripemd160 message authentication code.
  • Removed support for RC4 (arcfour) ciphers.
  • Removed support for Blowfish ciphers.
  • Removed support for CAST ciphers.
  • Changed the default value of the UseDNS option to no.
  • Disabled DSA public key algorithms by default.
  • Changed the minimal modulus size for Diffie-Hellman parameters to 2048 bits.
  • Changed semantics of the ExposeAuthInfo configuration option.
  • The UsePrivilegeSeparation=sandbox option is now mandatory and cannot be disabled.
  • Set the minimal accepted RSA key size to 1024 bits.

8.2.2. libssh implements SSH as a core cryptographic component

This change introduces libssh as a core cryptographic component in Red Hat Enterprise Linux 8. The libssh library implements the Secure SHell (SSH) protocol.

8.2.3. libssh2 is not available in RHEL 8

The deprecated libssh2 library misses features, such as support for elliptic curves or Generic Security Service Application Program Interface (GSSAPI), and it has been removed from RHEL 8 in favor of libssh

8.3. Rsyslog

8.3.1. The default rsyslog configuration file format is now non-legacy

The configuration files in the rsyslog packages now use the non-legacy format by default. The legacy format can be still used, although mixing current and legacy configuration statements has several constraints. Configurations carried from previous RHEL releases should be revised. See the rsyslog.conf(5) man page for more information.

8.3.2. The imjournal option and configuring system logging with minimized journald usage

To avoid duplicate records that might appear when journald rotated its files, the imjournal option has been added. Note that use of this option can affect performance.

Note that the system with rsyslog can be configured to provide better performance as described in the Configuring system logging without journald or with minimized journald usage Knowledgebase article.

8.3.3. Negative effects of the default logging setup on performance

The default logging environment setup might consume 4 GB of memory or even more and adjustments of rate-limit values are complex when systemd-journald is running with rsyslog.

See the Negative effects of the RHEL default logging setup on performance and their mitigations Knowledgebase article for more information.

8.4. OpenSCAP

8.4.1. OpenSCAP API consolidated

This update provides OpenSCAP shared library API that has been consolidated. 63 symbols have been removed, 14 added, and 4 have an updated signature. The removed symbols in OpenSCAP 1.3.0 include:

  • symbols that were marked as deprecated in version 1.2.0
  • SEAP protocol symbols
  • internal helper functions
  • unused library symbols
  • unimplemented symbols

8.4.2. oscap-podman replaces oscap-docker for security and compliance scanning of containers

In RHEL 8.2, a new utility for security and compliance scanning of containers has been introduced. The oscap-podman tool provides an equivalent of the oscap-docker utility that serves for scanning container and container images in RHEL 7.

For more information, see the Scanning container and container images for vulnerabilities section.

8.5. Audit

8.5.1. Audit 3.0 replaces audispd with auditd

With this update, functionality of audispd has been moved to auditd. As a result, audispd configuration options are now part of auditd.conf. In addition, the plugins.d directory has been moved under /etc/audit. The current status of auditd and its plug-ins can now be checked by running the service auditd state command.

8.6. SELinux

8.6.1. SELinux packages migrated to Python 3

  • The policycoreutils-python has been replaced by the policycoreutils-python-utils and python3-policycoreutils packages.
  • The functionality of the libselinux-python package is now provided by the python3-libselinux package.
  • The functionality of the setools-libs package is now provided by the python3-setools package.
  • The functionality of the libsemanage-python package is now provided by the python3-libsemanage package.

8.6.2. Changes in SELinux sub-packages

  • The libselinux-static, libsemanage-static, libsepol-static, and setools-libs-tcl has been removed.
  • The setools-gui and setools-console-analyses are not available in RHEL 8.0 and 8.1. RHEL 8.2 is the first minor version of RHEL 8 that contains these sub-packages.

8.6.3. Changes in SELinux policy

The init_t domain type is no longer unconfined on RHEL 8. This might cause problems for third-party applications that use a different SELinux labeling approach.

To overcome SELinux labeling problems in the non-standard locations, you can configure file context equivalency for such locations.

  1. Configure file context equivalency for the /my/apps and / directories:

    # semanage fcontext -a -e / /my/apps
  2. Verify file context equivalency by listing local customizations of the SELinux policy:

    # semanage fcontext -l -C
    
    SELinux Local fcontext Equivalence
    
    /my/apps = /
  3. Restore the context of /my/apps to the default, which is now equivalent to the context of /:

    # restorecon -Rv /my/apps
    restorecon reset /my/apps context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:root_t:s0
    restorecon reset /my/apps/bin context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:bin_t:s0
    restorecon reset /my/apps/bin/executable context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:bin_t:s0

This approach assigns correct labels to the majority of files and directories installed in the non-standard location, which also leads to correctly labeled processes started by some of the executable files.

To remove file context equivalency, use the following command:

# semanage fcontext -d -e / /my/apps
  • For additional information, see the semanage-fcontext man page on your system.

8.6.4. Changes in SELinux booleans

8.6.4.1. New SELinux booleans

This update of the SELinux system policy introduces the following booleans:

  • colord_use_nfs
  • deny_bluetooth
  • httpd_use_opencryptoki
  • logrotate_use_fusefs
  • mysql_connect_http
  • pdns_can_network_connect_db
  • ssh_use_tcpd
  • sslh_can_bind_any_port
  • sslh_can_connect_any_port
  • tor_can_onion_services
  • unconfined_dyntrans_all
  • use_virtualbox
  • virt_sandbox_share_apache_content
  • virt_use_pcscd
8.6.4.2. Removed SELinux booleans

The RHEL 8 SELinux policy does not provide the following booleans that were available in the previous release:

  • container_can_connect_any
  • ganesha_use_fusefs
8.6.4.3. Changes of default values

In RHEL 8, the following SELinux booleans are set to a different default value than in the previous release:

  • domain_can_mmap_files is now off by default.
  • httpd_graceful_shutdown is now off by default.
  • mozilla_plugin_can_network_connect is now on by default.
  • named_write_master_zones is now on by default.

Additionally, the descriptions of the antivirus_use_jit and ssh_chroot_rw_homedirs booleans have been changed.

To get a list of booleans including their meaning, and to find out if they are enabled or disabled, install the selinux-policy-devel package and use:

# semanage boolean -l

8.6.5. Changes in SELinux port types

The RHEL 8 SELinux policy provides the following additional port types:

  • appswitch_emp_port_t
  • babel_port_t
  • bfd_control_port_t
  • conntrackd_port_t
  • firepower_port_t
  • nmea_port_t
  • nsca_port_t
  • openqa_port_t
  • openqa_websockets_port_t
  • priority_e_com_port_t
  • qpasa_agent_port_t
  • rkt_port_t
  • smntubootstrap_port_t
  • statsd_port_t
  • versa_tek_port_t

Furthermore, the definitions of the dns_port_t and ephemeral_port_t port types have been changed, and the gluster_port_t port type has been removed.

8.6.6. Changes in sesearch usage

  • The sesearch command no longer uses the -C option, and it requires to include conditional expressions.
  • The -T, --type option has been changed to:

    • -T, --type_trans - find type_transition rules.
    • --type_member - find type_member rules.
    • --type_change - find type_change rules.

8.7. Removed security functionality

8.7.1. shadow-utils no longer allow all-numeric user and group names

The useradd and groupadd commands disallow user and group names consisting purely of numeric characters. The reason for not allowing such names is that this can confuse potentially many tools that work with user and group names and user and group ids (which are numbers). Please note that the all-numeric user and group names are deprecated in Red Hat Enterprise Linux 7 and their support is completely removed in Red Hat Enterprise Linux 8.

8.7.2. securetty is now disabled by default

Because of the dynamic nature of tty device files on modern Linux systems, the securetty PAM module has been disabled by default and the /etc/securetty configuration file is no longer included in RHEL. Since /etc/securetty listed many possible devices so that the practical effect in most cases was to allow by default, this change has only a minor impact. However, if you use a more restrictive configuration, you need to add a line enabling the pam_securetty.so module to the appropriate files in the /etc/pam.d directory, and create a new /etc/securetty file.

8.7.3. The Clevis HTTP pin has been removed

The Clevis HTTP pin has been removed from RHEL 8, and the clevis encrypt http sub-command is no longer available.

8.7.3.1. Coolkey has been removed

The Coolkey driver for smart cards has been removed from RHEL 8, and OpenSC now provides its functionality.

8.7.3.2. crypto-utils have been removed

The crypto-utils packages have been removed from RHEL 8. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead.

8.7.3.3. KLIPS has been removed from Libreswan

In Red Hat Enterprise Linux 8, support for Kernel IP Security (KLIPS) IPsec stack has been removed from Libreswan.

Chapter 9. Networking

9.1. NetworkManager

9.1.1. Legacy network scripts support

Network scripts are deprecated in Red Hat Enterprise Linux 8 and are no longer provided by default. The basic installation provides a new version of the ifup and ifdown scripts which call NetworkManager through the nmcli tool. In Red Hat Enterprise Linux 8, to run the ifup and the ifdown scripts, NetworkManager must be running.

Note

Custom commands in /sbin/ifup-local, ifdown-pre-local and ifdown-local scripts are not executed.

If any of these scripts are required, the installation of the deprecated network scripts in the system is still possible with the following command:

yum install network-scripts

The ifup and the ifdown scripts link to the installed legacy network scripts.

Calling the legacy network scripts shows a warning about their deprecation.

9.1.2. NetworkManager supports SR-IOV virtual functions

In Red Hat Enterprise Linux 8, NetworkManager allows configuring the number of virtual functions (VF) for interfaces that support single-root I/O virtualization (SR-IOV). Additionally, NetworkManager allows configuring some attributes of the VFs, such as the MAC address, VLAN, the spoof checking setting and allowed bitrates. Note that all properties related to SR-IOV are available in the sriov connection setting. For more details, see the nm-settings(5) man page on your system.

9.1.3. NetworkManager supports a wildcard interface name match for connections

Previously, it was possible to restrict a connection to a given interface using only an exact match on the interface name. With this update, connections have a new match.interface-name property which supports wildcards. This update enables users to choose the interface for a connection in a more flexible way using a wildcard pattern.

9.1.4. NetworkManager supports configuring ethtool offload features

With this enhancement, NetworkManager supports configuring ethtool offload features, and users no longer need to use init scripts or a NetworkManager dispatcher script. As a result, users can now configure the offload feature as a part of the connection profile using one of the following methods:

  • By using the nmcli utility
  • By editing keyfiles in the /etc/NetworkManager/system-connections/ directory
  • By editing the /etc/sysconfig/network-scripts/ifcfg-* files

Note that this feature is currently not supported in graphical interfaces and in the nmtui utility.

For further details, see Configuring an ethtool offload feature by using nmcli.

9.1.5. NetworkManager now uses the internal DHCP plug-in by default

NetworkManager supports the internal and dhclient DHCP plug-ins. By default, NetworkManager in Red Hat Enterprise Linux (RHEL) 7 uses the dhclient and RHEL 8 the internal plug-in. In certain situations, the plug-ins behave differently. For example, dhclient can use additional settings specified in the /etc/dhcp/ directory.

If you upgrade from RHEL 7 to RHEL 8 and NetworkManager behaves differently, add the following setting to the [main] section in the /etc/NetworkManager/NetworkManager.conf file to use the dhclient plug-in:

[main]
dhcp=dhclient

9.1.6. The NetworkManager-config-server package is not installed by default in RHEL 8

The NetworkManager-config-server package is only installed by default if you select either the Server or Server with GUI base environment during the setup. If you selected a different environment, use the yum install NetworkManager-config-server command to install the package.

9.2. Packet filtering

9.2.1. nftables replaces iptables as the default network packet filtering framework

The nftables framework provides packet classification facilities and it is the designated successor to the iptables, ip6tables, arptables, ebtables, and ipset tools. It offers numerous improvements in convenience, features, and performance over previous packet-filtering tools, most notably:

  • lookup tables instead of linear processing
  • a single framework for both the IPv4 and IPv6 protocols
  • rules all applied atomically instead of fetching, updating, and storing a complete rule set
  • support for debugging and tracing in the rule set (nftrace) and monitoring trace events (in the nft tool)
  • more consistent and compact syntax, no protocol-specific extensions
  • a Netlink API for third-party applications

Similarly to iptables, nftables use tables for storing chains. The chains contain individual rules for performing actions. The nft tool replaces all tools from the previous packet-filtering frameworks. The libnftables library can be used for low-level interaction with nftables Netlink API over the libmnl library.

The iptables, ip6tables, ebtables and arptables tools are replaced by nftables-based drop-in replacements with the same name. While external behavior is identical to their legacy counterparts, internally they use nftables with legacy netfilter kernel modules through a compatibility interface where required.

Effect of the modules on the nftables rule set can be observed using the nft list ruleset command. Since these tools add tables, chains, and rules to the nftables rule set, be aware that nftables rule-set operations, such as the nft flush ruleset command, might affect rule sets installed using the formerly separate legacy commands.

To quickly identify which variant of the tool is present, version information has been updated to include the back-end name. In RHEL 8, the nftables-based iptables tool prints the following version string:

$ iptables --version
iptables v1.8.0 (nf_tables)

For comparison, the following version information is printed if legacy iptables tool is present:

$ iptables --version
iptables v1.8.0 (legacy)

9.2.2. Arptables FORWARD is removed from filter tables in RHEL 8

The arptables FORWARD chain functionality has been removed in Red Hat Enterprise Linux (RHEL) 8. You can now use the FORWARD chain of the ebtables tool adding the rules into it.

9.2.3. Output of iptables-ebtables is not 100% compatible with ebtables

In RHEL 8, the ebtables command is provided by the iptables-ebtables package, which contains an nftables-based reimplementation of the tool. This tool has a different code base, and its output deviates in aspects, which are either negligible or deliberate design choices.

Consequently, when migrating your scripts parsing some ebtables output, adjust the scripts to reflect the following:

  • MAC address formatting has been changed to be fixed in length. Where necessary, individual byte values contain a leading zero to maintain the format of two characters per octet.
  • Formatting of IPv6 prefixes has been changed to conform with RFC 4291. The trailing part after the slash character no longer contains a netmask in the IPv6 address format but a prefix length. This change applies to valid (left-contiguous) masks only, while others are still printed in the old formatting.

9.2.4. New tools to convert iptables to nftables

This update adds the iptables-translate and ip6tables-translate tools to convert the existing iptables or ip6tables rules into the equivalent ones for nftables. Note that some extensions lack translation support. If such an extension exists, the tool prints the untranslated rule prefixed with the # sign. For example:

| % iptables-translate -A INPUT -j CHECKSUM --checksum-fill
| nft # -A INPUT -j CHECKSUM --checksum-fill

Additionally, users can use the iptables-restore-translate and ip6tables-restore-translate tools to translate a dump of rules. Note that before that, users can use the iptables-save or ip6tables-save commands to print a dump of current rules. For example:

| % sudo iptables-save >/tmp/iptables.dump
| % iptables-restore-translate -f /tmp/iptables.dump
| # Translated by iptables-restore-translate v1.8.0 on Wed Oct 17 17:00:13 2018
| add table ip nat
| ...

9.3. Changes in wpa_supplicant

9.3.1. journalctl can now read the wpa_supplicant log

In Red Hat Enterprise Linux (RHEL) 8, the wpa_supplicant package is built with CONFIG_DEBUG_SYSLOG enabled. This allows reading the wpa_supplicant log using the journalctl utility instead of checking the contents of the /var/log/wpa_supplicant.log file.

9.3.2. The compile-time support for wireless extensions in wpa_supplicant is disabled

The wpa_supplicant package does not support wireless extensions. When a user is trying to use wext as a command-line argument, or trying to use it on old adapters which only support wireless extensions, will not be able to run the wpa_supplicant daemon.

9.4. A new data chunk type, I-DATA, added to SCTP

This update adds a new data chunk type, I-DATA, and stream schedulers to the Stream Control Transmission Protocol (SCTP). Previously, SCTP sent user messages in the same order as they were sent by a user. Consequently, a large SCTP user message blocked all other messages in any stream until completely sent. When using I-DATA chunks, the Transmission Sequence Number (TSN) field is not overloaded. As a result, SCTP now can schedule the streams in different ways, and I-DATA allows user messages interleaving (RFC 8260). Note that both peers must support the I-DATA chunk type.

9.5. Notable TCP features in RHEL 8

Red Hat Enterprise Linux 8 is distributed with TCP networking stack version 4.18, which provides higher performances, better scalability, and more stability. Performances are boosted especially for busy TCP server with a high ingress connection rate.

Additionally, two new TCP congestion algorithms, BBR and NV, are available, offering lower latency, and better throughput than cubic in most scenarios.

9.5.1. TCP BBR support in RHEL 8

A new TCP congestion control algorithm, Bottleneck Bandwidth and Round-trip time (BBR) is now supported in Red Hat Enterprise Linux (RHEL) 8. BBR attempts to determine the bandwidth of the bottleneck link and the Round-trip time (RTT). Most congestion algorithms are based on packet loss, including CUBIC, the default Linux TCP congestion control algorithm, which have problems on high-throughput links. BBR does not react to loss events directly, it adjusts the TCP pacing rate to match it with the available bandwidth.

For more information about this, see the Red Hat Knowledgebase solution How to configure TCP BBR congestion control algorithm.

9.7. Network interface name changes

In Red Hat Enterprise Linux 8, the same consistent network device naming scheme is used by default as in RHEL 7. However, certain kernel drivers, such as e1000e, nfp, qede, sfc, tg3 and bnxt_en changed their consistent name on a fresh installation of RHEL 8. However, the names are preserved on upgrade from RHEL 7.

9.8. The ipv6, netmask, gateway, and hostname kernel parameters have been removed

The ipv6, netmask, gateway, and hostname kernel parameters to configure the network in the kernel command line are no longer available since RHEL 8.3. Instead, use the consolidated ip parameter that accepts different formats, such as the following:

ip=IP_address:peer:gateway_IP_address:net_mask:host_name:interface_name:configuration_method

For further details about the individual fields and other formats this parameter accepts, see the description of the ip parameter in the dracut.cmdline(7) man page on your system.

9.9. The -ok option of the tc command removed

The -ok option of the tc command has been removed in Red Hat Enterprise Linux 8. As a workaround, users can implement code to communicate directly via netlink with the kernel. Response messages received, indicate completion and status of sent requests. An alternative way for less time-critical applications is to call tc for each command separately. This may happen with a custom script which simulates the tc -batch behavior by printing OK for each successful tc invocation.

9.10. The PTP capabilities output format of the ethtool utility has changed

Starting with RHEL 8.4, the ethtool utility uses the netlink interface instead of the ioctl() system call to communicate with the kernel. Consequently, when you use the ethtool -T <network_controller> command, the format of Precision Time Protocol (PTP) values changes.

Previously, with the ioctl() interface, ethtool translated the capability bit names by using an ethtool-internal string table and, the ethtool -T <network_controller> command displayed, for example:

Time stamping parameters for <network_controller>:
Capabilities:
hardware-transmit (SOF_TIMESTAMPING_TX_HARDWARE)
software-transmit (SOF_TIMESTAMPING_TX_SOFTWARE)
...

With the netlink interface, ethtool receives the strings from the kernel. These strings do not include the internal SOF_TIMESTAMPING_* names. Therefore, ethtool -T <network_controller> now displays, for example:

Time stamping parameters for <network_controller>:
Capabilities:
hardware-transmit
software-transmit
...

If you use the PTP capabilities output of ethtool in scripts or applications, update them accordingly.

Chapter 10. Kernel

10.1. Resource control

10.1.1. Control group v2 available as a Technology Preview in RHEL 8

Control group v2 mechanism is a unified hierarchy control group. Control group v2 organizes processes hierarchically and distributes system resources along the hierarchy in a controlled and configurable manner.

Unlike the previous version, control group v2 has only a single hierarchy. This single hierarchy enables the Linux kernel to:

  • Categorize processes based on the role of their owner.
  • Eliminate issues with conflicting policies of multiple hierarchies.

Control group v2 supports numerous controllers:

  • CPU controller regulates the distribution of CPU cycles. This controller implements:

    • Weight and absolute bandwidth limit models for normal scheduling policy.
    • Absolute bandwidth allocation model for real time scheduling policy.
  • Memory controller regulates the memory distribution. Currently, the following types of memory usages are tracked:

    • Userland memory - page cache and anonymous memory.
    • Kernel data structures such as dentries and inodes.
    • TCP socket buffers.
  • I/O controller regulates the distribution of I/O resources.
  • Remote Direct Memory Access (RDMA) controller limits RDMA/IB specific resources that certain processes can use. These processes are grouped through the RDMA controller.
  • Process number controller enables the control group to stop any new tasks from being fork()’d or clone()’d after a certain limit.
  • Writeback controller acts as a mechanism, which balances conflicts between I/O and the memory controllers.

The information above was based on cgroups-v2 online documentation. You can refer to the same link to obtain more information about particular control group v2 controllers.

10.2. Memory management

10.2.1. 52-bit PA for 64-bit ARM available

With this update, support for 52-bit physical addressing (PA) for the 64-bit ARM architecture is available. This provides a larger physical address space than previous 48-bit PA.

10.2.2. 5-level page tables x86_64

In RHEL 7, existing memory bus had 48/46 bit of virtual/physical memory addressing capacity, and the Linux kernel implemented 4 levels of page tables to manage these virtual addresses to physical addresses. The physical bus addressing line put the physical memory upper limit capacity at 64 TB.

These limits have been extended to 57/52 bit of virtual/physical memory addressing with 128 PiB of virtual address space (64PB user/64PB kernel) and 4 PB of physical memory capacity.

With the extended address range, the memory management in RHEL 8 adds support for 5-level page table implementation. This implementation is able to handle the expanded address range with up to 128 PiB of virtual address space and 4 PiB of physical address space.

The 5-level page table is enabled by default for hardware capable of supporting this feature even if the installed physical memory is less than 64 TiB. For systems with less than 64 TiB of memory, there is a small overhead increase in walking the 5-level page table. To avoid this overhead, users can disable 5-level page table by using the no5lvl kernel command-line parameter to force the use of 4-level page table.

10.2.3. Swapping algorithm changes

In RHEL 8, there is an update in the virtual memory management of Linux kernel algorithms. This might cause anonymous memory pages (process data) to be swapped to disk more often compared to earlier versions. These changes were made because the performance impact of modern solid-state drives (SSDs) is significantly lower compared to spinning disks. To ensure optimal system performance when migrating to RHEL 8, it is recommended that users evaluate and, if necessary, adjust the swappiness settings of the system.

10.3. Performance analysis and observability tools

10.3.1. bpftool added to kernel

The bpftool utility that serves for inspection and simple manipulation of programs and maps based on extended Berkeley Packet Filtering (eBPF) has been added into the Linux kernel. bpftool is a part of the kernel source tree, and is provided by the bpftool package, which is included as a sub-package of the kernel package.

10.3.2. eBPF available as a Technology Preview

The extended Berkeley Packet Filtering (eBPF) feature is available as a Technology Preview for both networking and tracing. eBPF enables the user space to attach custom programs onto a variety of points (sockets, trace points, packet reception) to receive and process data. The feature includes a new system call bpf(), which supports creating various types of maps, and also to insert various types of programs into the kernel. Note that the bpf() syscall can be successfully used only by a user with the CAP_SYS_ADMIN capability, such as a root user. See the bpf(2) man page for more information.

10.3.3. BCC is available as a Technology Preview

BPF Compiler Collection (BCC) is a user space tool kit for creating efficient kernel tracing and manipulation programs that is available as a Technology Preview in RHEL 8. BCC provides tools for I/O analysis, networking, and monitoring of Linux operating systems using the extended Berkeley Packet Filtering (eBPF).

10.4. Booting process

10.4.1. How to install and boot custom kernels in RHEL

The Boot Loader Specification (BLS) defines a scheme and file format to manage bootloader configurations for each boot option in a drop-in directory. There is no need to manipulate the individual drop-in configuration files. This premise is particularly relevant in RHEL 8 because not all architectures use the same bootloader:

  • x86_64, aarch64 and ppc64le with open firmware use GRUB2
  • ppc64le with Open Power Abstraction Layer (OPAL) uses Petitboot
  • s390x uses zipl

Each bootloader has a different configuration file and format that has to be modified when a new kernel is installed or removed. In the previous versions of RHEL, the component that permitted this work was the grubby utility. However, for RHEL 8 the bootloader configuration was standardized by implementing the BLS file format, where grubby works as a thin wrapper around the BLS operations.

10.4.2. Early kdump support in RHEL

Previously, the kdump service started too late to register the kernel crashes that occurred in early stages of the booting process. As a result, the crash information together with a chance for troubleshooting was lost.

To address this problem, RHEL 8 introduced an early kdump support. To learn more about this mechanism, see the /usr/share/doc/kexec-tools/early-kdump-howto.txt file. Also, see the Red Hat Knowledgebase solution What is early kdump support and how do I configure it?.

Chapter 11. Hardware enablement

11.1. Removed hardware support

The following device drivers and adapters were supported in RHEL 7 but are no longer available in RHEL 8.0.

11.1.1. Removed device drivers

Support for the following device drivers has been removed in RHEL 8:

  • 3w-9xxx
  • 3w-sas
  • aic79xx
  • aoe
  • arcmsr
  • ata drivers:

    • acard-ahci
    • sata_mv
    • sata_nv
    • sata_promise
    • sata_qstor
    • sata_sil
    • sata_sil24
    • sata_sis
    • sata_svw
    • sata_sx4
    • sata_uli
    • sata_via
    • sata_vsc
  • bfa
  • cxgb3
  • cxgb3i
  • e1000
  • floppy
  • hptiop
  • initio
  • isci
  • iw_cxgb3
  • mptbase - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
  • mptctl
  • mptsas - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
  • mptscsih - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
  • mptspi - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
  • mthca
  • mtip32xx
  • mvsas
  • mvumi
  • OSD drivers:

    • osd
    • libosd
  • osst
  • pata drivers:

    • pata_acpi
    • pata_ali
    • pata_amd
    • pata_arasan_cf
    • pata_artop
    • pata_atiixp
    • pata_atp867x
    • pata_cmd64x
    • pata_cs5536
    • pata_hpt366
    • pata_hpt37x
    • pata_hpt3x2n
    • pata_hpt3x3
    • pata_it8213
    • pata_it821x
    • pata_jmicron
    • pata_marvell
    • pata_netcell
    • pata_ninja32
    • pata_oldpiix
    • pata_pdc2027x
    • pata_pdc202xx_old
    • pata_piccolo
    • pata_rdc
    • pata_sch
    • pata_serverworks
    • pata_sil680
    • pata_sis
    • pata_via
    • pdc_adma
  • pm80xx(pm8001)
  • pmcraid
  • qla3xxx - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
  • qlcnic
  • qlge
  • stex
  • sx8
  • tulip
  • ufshcd
  • wireless drivers:

    • carl9170
    • iwl4965
    • iwl3945
    • mwl8k
    • rt73usb
    • rt61pci
    • rtl8187
    • wil6210

11.1.2. Removed adapters

Support for the adapters listed below has been removed in RHEL 8. Support for other than listed adapters from the mentioned drivers remains unchanged.

PCI IDs are in the format of vendor:device:subvendor:subdevice. If the subdevice or subvendor:subdevice entry is not listed, devices with any values of such missing entries have been removed.

To check the PCI IDs of the hardware on your system, run the lspci -nn command.

  • The following adapters from the aacraid driver have been removed:

    • PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001:0x1028:0x0001
    • PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002:0x1028:0x0002
    • PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003:0x1028:0x0003
    • PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004:0x1028:0x00d0
    • PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002:0x1028:0x00d1
    • PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002:0x1028:0x00d9
    • PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a:0x1028:0x0106
    • PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a:0x1028:0x011b
    • PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a:0x1028:0x0121
    • catapult, PCI ID 0x9005:0x0283:0x9005:0x0283
    • tomcat, PCI ID 0x9005:0x0284:0x9005:0x0284
    • Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285:0x9005:0x0286
    • Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285:0x9005:0x0285
    • Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285:0x9005:0x0287
    • Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285:0x17aa:0x0286
    • Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285:0x17aa:0x0287
    • Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285:0x9005:0x0288
    • Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285:0x9005:0x0289
    • ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028a
    • ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028b
    • ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028c
    • ASR-2130S (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028d
    • AAR-2820SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029b
    • AAR-2620SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029c
    • AAR-2420SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029d
    • ICP9024RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029e
    • ICP9014RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029f
    • ICP9047MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a0
    • ICP9087MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a1
    • ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a3
    • ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x02a4
    • ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x02a5
    • ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286:0x9005:0x02a6
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0287:0x9005:0x0800
    • Themisto Jupiter Platform, PCI ID 0x9005:0x0200:0x9005:0x0200
    • Callisto Jupiter Platform, PCI ID 0x9005:0x0286:0x9005:0x0800
    • ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028e
    • ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028f
    • AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285:0x9005:0x0290
    • CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285:0x9005:0x0291
    • AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285:0x9005:0x0292
    • AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285:0x9005:0x0293
    • ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285:0x9005:0x0294
    • AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285:0x103C:0x3227
    • ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285:0x9005:0x0296
    • ASR-4005, PCI ID 0x9005:0x0285:0x9005:0x0297
    • IBM 8i (AvonPark), PCI ID 0x9005:0x0285:0x1014:0x02F2
    • IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285:0x1014:0x0312
    • IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286:0x1014:0x9580
    • IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286:0x1014:0x9540
    • ASR-4000 (BlackBird), PCI ID 0x9005:0x0285:0x9005:0x0298
    • ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x0299
    • ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x029a
    • ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a2
    • Perc 320/DC, PCI ID 0x9005:0x0285:0x1028:0x0287
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0365
    • Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0364
    • Dell PERC2/QC, PCI ID 0x1011:0x0046:0x9005:0x1364
    • HP NetRAID-4M, PCI ID 0x1011:0x0046:0x103c:0x10c2
    • Dell Catchall, PCI ID 0x9005:0x0285:0x1028
    • Legend Catchall, PCI ID 0x9005:0x0285:0x17aa
    • Adaptec Catch All, PCI ID 0x9005:0x0285
    • Adaptec Rocket Catch All, PCI ID 0x9005:0x0286
    • Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288
  • The following Mellanox Gen2 and ConnectX-2 adapters from the mlx4_core driver have been removed:

    • PCI ID 0x15B3:0x1002
    • PCI ID 0x15B3:0x676E
    • PCI ID 0x15B3:0x6746
    • PCI ID 0x15B3:0x6764
    • PCI ID 0x15B3:0x675A
    • PCI ID 0x15B3:0x6372
    • PCI ID 0x15B3:0x6750
    • PCI ID 0x15B3:0x6368
    • PCI ID 0x15B3:0x673C
    • PCI ID 0x15B3:0x6732
    • PCI ID 0x15B3:0x6354
    • PCI ID 0x15B3:0x634A
    • PCI ID 0x15B3:0x6340
  • The following adapters from the mpt2sas driver have been removed:

    • SAS2004, PCI ID 0x1000:0x0070
    • SAS2008, PCI ID 0x1000:0x0072
    • SAS2108_1, PCI ID 0x1000:0x0074
    • SAS2108_2, PCI ID 0x1000:0x0076
    • SAS2108_3, PCI ID 0x1000:0x0077
    • SAS2116_1, PCI ID 0x1000:0x0064
    • SAS2116_2, PCI ID 0x1000:0x0065
    • SSS6200, PCI ID 0x1000:0x007E
  • The following adapters from the megaraid_sas driver have been removed:

    • Dell PERC5, PCI ID 0x1028:0x0015
    • SAS1078R, PCI ID 0x1000:0x0060
    • SAS1078DE, PCI ID 0x1000:0x007C
    • SAS1064R, PCI ID 0x1000:0x0411
    • VERDE_ZCR, PCI ID 0x1000:0x0413
    • SAS1078GEN2, PCI ID 0x1000:0x0078
    • SAS0079GEN2, PCI ID 0x1000:0x0079
    • SAS0073SKINNY, PCI ID 0x1000:0x0073
    • SAS0071SKINNY, PCI ID 0x1000:0x0071
  • The following adapters from the qla2xxx driver have been removed:

    • ISP24xx, PCI ID 0x1077:0x2422
    • ISP24xx, PCI ID 0x1077:0x2432
    • ISP2422, PCI ID 0x1077:0x5422
    • QLE220, PCI ID 0x1077:0x5432
    • QLE81xx, PCI ID 0x1077:0x8001
    • QLE10000, PCI ID 0x1077:0xF000
    • QLE84xx, PCI ID 0x1077:0x8044
    • QLE8000, PCI ID 0x1077:0x8432
    • QLE82xx, PCI ID 0x1077:0x8021
  • The following adapters from the qla4xxx driver have been removed:

    • QLOGIC_ISP8022, PCI ID 0x1077:0x8022
    • QLOGIC_ISP8324, PCI ID 0x1077:0x8032
    • QLOGIC_ISP8042, PCI ID 0x1077:0x8042
  • The following adapters from the be2iscsi driver have been removed:

    • BladeEngine 2 (BE2) devices

      • BladeEngine2 10Gb iSCSI Initiator (generic), PCI ID 0x19a2:0x212
      • OneConnect OCe10101, OCm10101, OCe10102, OCm10102 BE2 adapter family, PCI ID 0x19a2:0x702
      • OCe10100 BE2 adapter family, PCI ID 0x19a2:0x703
    • BladeEngine 3 (BE3) devices

      • OneConnect TOMCAT iSCSI, PCI ID 0x19a2:0x0712
      • BladeEngine3 iSCSI, PCI ID 0x19a2:0x0222
  • The following Ethernet adapters controlled by the be2net driver have been removed:

    • BladeEngine 2 (BE2) devices

      • OneConnect TIGERSHARK NIC, PCI ID 0x19a2:0x0700
      • BladeEngine2 Network Adapter, PCI ID 0x19a2:0x0211
    • BladeEngine 3 (BE3) devices

      • OneConnect TOMCAT NIC, PCI ID 0x19a2:0x0710
      • BladeEngine3 Network Adapter, PCI ID 0x19a2:0x0221
  • The following adapters from the lpfc driver have been removed:

    • BladeEngine 2 (BE2) devices

      • OneConnect TIGERSHARK FCoE, PCI ID 0x19a2:0x0704
    • BladeEngine 3 (BE3) devices

      • OneConnect TOMCAT FCoE, PCI ID 0x19a2:0x0714
    • Fibre Channel (FC) devices

      • FIREFLY, PCI ID 0x10df:0x1ae5
      • PROTEUS_VF, PCI ID 0x10df:0xe100
      • BALIUS, PCI ID 0x10df:0xe131
      • PROTEUS_PF, PCI ID 0x10df:0xe180
      • RFLY, PCI ID 0x10df:0xf095
      • PFLY, PCI ID 0x10df:0xf098
      • LP101, PCI ID 0x10df:0xf0a1
      • TFLY, PCI ID 0x10df:0xf0a5
      • BSMB, PCI ID 0x10df:0xf0d1
      • BMID, PCI ID 0x10df:0xf0d5
      • ZSMB, PCI ID 0x10df:0xf0e1
      • ZMID, PCI ID 0x10df:0xf0e5
      • NEPTUNE, PCI ID 0x10df:0xf0f5
      • NEPTUNE_SCSP, PCI ID 0x10df:0xf0f6
      • NEPTUNE_DCSP, PCI ID 0x10df:0xf0f7
      • FALCON, PCI ID 0x10df:0xf180
      • SUPERFLY, PCI ID 0x10df:0xf700
      • DRAGONFLY, PCI ID 0x10df:0xf800
      • CENTAUR, PCI ID 0x10df:0xf900
      • PEGASUS, PCI ID 0x10df:0xf980
      • THOR, PCI ID 0x10df:0xfa00
      • VIPER, PCI ID 0x10df:0xfb00
      • LP10000S, PCI ID 0x10df:0xfc00
      • LP11000S, PCI ID 0x10df:0xfc10
      • LPE11000S, PCI ID 0x10df:0xfc20
      • PROTEUS_S, PCI ID 0x10df:0xfc50
      • HELIOS, PCI ID 0x10df:0xfd00
      • HELIOS_SCSP, PCI ID 0x10df:0xfd11
      • HELIOS_DCSP, PCI ID 0x10df:0xfd12
      • ZEPHYR, PCI ID 0x10df:0xfe00
      • HORNET, PCI ID 0x10df:0xfe05
      • ZEPHYR_SCSP, PCI ID 0x10df:0xfe11
      • ZEPHYR_DCSP, PCI ID 0x10df:0xfe12
    • Lancer FCoE CNA devices

      • OCe15104-FM, PCI ID 0x10df:0xe260
      • OCe15102-FM, PCI ID 0x10df:0xe260
      • OCm15108-F-P, PCI ID 0x10df:0xe260

11.1.3. Other removed hardware support

11.1.3.1. AGP graphics cards are no longer supported

Graphics cards using the Accelerated Graphics Port (AGP) bus are not supported in Red Hat Enterprise Linux 8. Use the graphics cards with the PCI Express bus as the recommended replacement.

11.1.3.2. FCoE software removal

Fibre Channel over Ethernet (FCoE) software has been removed from Red Hat Enterprise Linux 8. Specifically, the fcoe.ko kernel module is no longer available for creating software FCoE interfaces over Ethernet adapters and drivers. This change is due to a lack of industry adoption for software-managed FCoE.

Specific changes to Red Hat Enterprise 8 include:

  • The fcoe.ko kernel module is no longer available. This removes support for software FCoE with Data Center Bridging enabled Ethernet adapters and drivers.
  • Link-level software configuration via Data Center Bridging eXchange (DCBX) using lldpad is no longer supported for FCoE.

    • The fcoe-utils tools (specifically fcoemon) is configured by default to not validate DCB configuration or communicate with lldpad.
    • The lldpad integration in fcoemon might be permanently disabled.
  • The libhbaapi and libhbalinux libraries are no longer used by fcoe-utils, and will not undergo any direct testing from Red Hat.

Support for the following remains unchanged:

  • Currently supported offloading FCoE adapters that appear as Fibre Channel adapters to the operating system and do not use the fcoe-utils management tools, unless stated in a separate note. This applies to select adapters supported by the lpfc FC driver. Note that the bfa driver is not included in Red Hat Enterprise Linux 8.
  • Currently supported offloading FCoE adapters that do use the fcoe-utils management tools but have their own kernel drivers instead of fcoe.ko and manage DCBX configuration in their drivers and/or firmware, unless stated in a separate note. The fnic, bnx2fc, and qedf drivers will continue to be fully supported in Red Hat Enterprise Linux 8.
  • The libfc.ko and libfcoe.ko kernel modules that are required for some of the supported drivers covered by the previous statement.

For more information, see Software FCoE and Fibre Channel no longer support the target mode.

11.1.3.3. The e1000 network driver is not supported in RHEL 8

In Red Hat Enterprise Linux 8, the e1000 network driver is not supported. This affects both bare metal and virtual environments. However, the newer e1000e network driver continues to be fully supported in RHEL 8.

11.1.3.4. RHEL 8 does not support the tulip driver

With this update, the tulip network driver is no longer supported. As a consequence, when using RHEL 8 on a Generation 1 virtual machine (VM) on the Microsoft Hyper-V hypervisor, the "Legacy Network Adapter" device does not work, which causes PXE installation of such VMs to fail.

For the PXE installation to work, install RHEL 8 on a Generation 2 Hyper-V VM. If you require a RHEL 8 Generation 1 VM, use ISO installation.

11.1.3.5. The qla2xxx driver no longer supports target mode

Support for target mode with the qla2xxx QLogic Fibre Channel driver has been disabled. The effects of this change are:

  • The kernel no longer provides the tcm_qla2xxx module.
  • The rtslib library and the targetcli utility no longer support qla2xxx.

Initiator mode with qla2xxx is still supported.

Chapter 12. File systems and storage

12.1. File systems

12.1.1. Btrfs has been removed

The Btrfs file system has been removed in Red Hat Enterprise Linux 8. This includes the following components:

  • The btrfs.ko kernel module
  • The btrfs-progs package
  • The snapper package

You can no longer create, mount, or install on Btrfs file systems in Red Hat Enterprise Linux 8. The Anaconda installer and the Kickstart commands no longer support Btrfs.

12.1.2. XFS now supports shared copy-on-write data extents

The XFS file system supports shared copy-on-write data extent functionality. This feature enables two or more files to share a common set of data blocks. When either of the files sharing common blocks changes, XFS breaks the link to common blocks and creates a new file. This is similar to the copy-on-write (COW) functionality found in other file systems.

Shared copy-on-write data extents are:

Fast
Creating shared copies does not utilize disk I/O.
Space-efficient
Shared blocks do not consume additional disk space.
Transparent
Files sharing common blocks act like regular files.

Userspace utilities can use shared copy-on-write data extents for:

  • Efficient file cloning, such as with the cp --reflink command
  • Per-file snapshots

This functionality is also used by kernel subsystems such as Overlayfs and NFS for more efficient operation.

Shared copy-on-write data extents are now enabled by default when creating an XFS file system, starting with the xfsprogs package version 4.17.0-2.el8.

Note that Direct Access (DAX) devices currently do not support XFS with shared copy-on-write data extents. To create an XFS file system without this feature, use the following command:

# mkfs.xfs -m reflink=0 block-device

Red Hat Enterprise Linux 7 can mount XFS file systems with shared copy-on-write data extents only in the read-only mode.

12.1.3. The ext4 file system now supports metadata checksums

With this update, ext4 metadata is protected by checksums. This enables the file system to recognize the corrupt metadata, which avoids damage and increases the file system resilience.

12.1.4. The /etc/sysconfig/nfs file and legacy NFS service names are no longer available

In Red Hat Enterprise Linux 8.0, the NFS configuration has moved from the /etc/sysconfig/nfs configuration file, which was used in Red Hat Enterprise Linux 7, to /etc/nfs.conf.

The /etc/nfs.conf file uses a different syntax. Red Hat Enterprise Linux 8 attempts to automatically convert all options from /etc/sysconfig/nfs to /etc/nfs.conf when upgrading from Red Hat Enterprise Linux 7.

Both configuration files are supported in Red Hat Enterprise Linux 7. Red Hat recommends that you use the new /etc/nfs.conf file to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.

Additionally, the following NFS service aliases have been removed and replaced by their upstream names:

  • nfs.service, replaced by nfs-server.service
  • nfs-secure.service, replaced by rpc-gssd.service
  • rpcgssd.service, replaced by rpc-gssd.service
  • nfs-idmap.service, replaced by nfs-idmapd.service
  • rpcidmapd.service, replaced by nfs-idmapd.service
  • nfs-lock.service, replaced by rpc-statd.service
  • nfslock.service, replaced by rpc-statd.service

12.2. Storage

12.2.1. The BOOM boot manager simplifies the process of creating boot entries

BOOM is a boot manager for Linux systems that use boot loaders supporting the BootLoader Specification for boot entry configuration. It enables flexible boot configuration and simplifies the creation of new or modified boot entries: for example, to boot snapshot images of the system created using LVM.

BOOM does not modify the existing boot loader configuration, and only inserts additional entries. The existing configuration is maintained, and any distribution integration, such as kernel installation and update scripts, continue to function as before.

BOOM has a simplified command-line interface (CLI) and API that ease the task of creating boot entries.

12.2.2. Stratis is now available

Stratis is a new local storage manager. It provides managed file systems on top of pools of storage with additional features to the user.

Stratis enables you to more easily perform storage tasks such as:

  • Manage snapshots and thin provisioning
  • Automatically grow file system sizes as needed
  • Maintain file systems

To administer Stratis storage, use the stratis utility, which communicates with the stratisd background service.

Stratis is provided as a Technology Preview.

For more information, see the Stratis documentation: Setting up Stratis file systems.

12.2.3. LUKS2 is now the default format for encrypting volumes

In RHEL 8, the LUKS version 2 (LUKS2) format replaces the legacy LUKS (LUKS1) format. The dm-crypt subsystem and the cryptsetup tool now uses LUKS2 as the default format for encrypted volumes. LUKS2 provides encrypted volumes with metadata redundancy and auto-recovery in case of a partial metadata corruption event.

Due to the internal flexible layout, LUKS2 is also an enabler of future features. It supports auto-unlocking through the generic kernel-keyring token built in libcryptsetup that allow users unlocking of LUKS2 volumes using a passphrase stored in the kernel-keyring retention service.

Other notable enhancements include:

  • The protected key setup using the wrapped key cipher scheme.
  • Easier integration with Policy-Based Decryption (Clevis).
  • Up to 32 key slots - LUKS1 provides only 8 key slots.

For more details, see the cryptsetup(8) and cryptsetup-reencrypt(8) man pages.

12.2.4. Multiqueue scheduling on block devices

Block devices now use multiqueue scheduling in Red Hat Enterprise Linux 8. This enables the block layer performance to scale well with fast solid-state drives (SSDs) and multi-core systems.

The SCSI Multiqueue (scsi-mq) driver is now enabled by default, and the kernel boots with the scsi_mod.use_blk_mq=Y option. This change is consistent with the upstream Linux kernel.

Device Mapper Multipath (DM Multipath) requires the scsi-mq driver to be active.

12.2.5. VDO now supports all architectures

Virtual Data Optimizer (VDO) is now available on all of the architectures supported by RHEL 8.

12.2.6. VDO no longer supports read cache

The read cache functionality has been removed from Virtual Data Optimizer (VDO). The read cache is always disabled on VDO volumes, and you can no longer enable it using the --readCache option of the vdo utility.

Red Hat might reintroduce the VDO read cache in a later Red Hat Enterprise Linux release, using a different implementation.

12.2.7. The dmraid package has been removed

The dmraid package has been removed from Red Hat Enterprise Linux 8. Users requiring support for combined hardware and software RAID host bus adapters (HBA) should use the mdadm utility, which supports native MD software RAID, the SNIA RAID Common Disk Data Format (DDF), and the Intel® Matrix Storage Manager (IMSM) formats.

12.2.8. Software FCoE and Fibre Channel no longer support the target mode

  • Software FCoE: NIC Software FCoE target functionality is removed in Red Hat Enterprise Linux 8.0.
  • Fibre Channel no longer supports the target mode. Target mode is disabled for the qla2xxx QLogic Fibre Channel driver in Red Hat Enterprise Linux 8.0.

For more information, see FCoE software removal.

12.2.9. The detection of marginal paths in DM Multipath has been improved

The multipathd service now supports improved detection of marginal paths. This helps multipath devices avoid paths that are likely to fail repeatedly, and improves performance. Marginal paths are paths with persistent but intermittent I/O errors.

The following options in the /etc/multipath.conf file control marginal paths behavior:

  • marginal_path_double_failed_time
  • marginal_path_err_sample_time
  • marginal_path_err_rate_threshold
  • marginal_path_err_recheck_gap_time

DM Multipath disables a path and tests it with repeated I/O for the configured sample time if:

  • the listed multipath.conf options are set,
  • a path fails twice in the configured time, and
  • other paths are available.

If the path has more than the configured err rate during this testing, DM Multipath ignores it for the configured gap time, and then retests it to see if it is working well enough to be reinstated.

For more information, see the multipath.conf man page on your system.

12.2.10. New overrides section of the DM Multipath configuration file

The /etc/multipath.conf file now includes an overrides section that allows you to set a configuration value for all of your devices. These attributes are used by DM Multipath for all devices unless they are overwritten by the attributes specified in the multipaths section of the /etc/multipath.conf file for paths that contain the device. This functionality replaces the all_devs parameter of the devices section of the configuration file, which is no longer supported.

12.2.11. NVMe/FC is fully supported on Broadcom Emulex and Marvell Qlogic Fibre Channel adapters

The NVMe over Fibre Channel (NVMe/FC) transport type is now fully supported in Initiator mode when used with Broadcom Emulex and Marvell Qlogic Fibre Channel 32Gbit adapters that feature NVMe support.

NVMe over Fibre Channel is an additional fabric transport type for the Nonvolatile Memory Express (NVMe) protocol, in addition to the Remote Direct Memory Access (RDMA) protocol that was previously introduced in Red Hat Enterprise Linux.

Enabling NVMe/FC:

  • To enable NVMe/FC in the lpfc driver, edit the /etc/modprobe.d/lpfc.conf file and add the following option:

    lpfc_enable_fc4_type=3
  • To enable NVMe/FC in the qla2xxx driver, edit the /etc/modprobe.d/qla2xxx.conf file and add the following option:

    qla2xxx.ql2xnvmeenable=1

Additional restrictions:

  • NVMe clustering is not supported with NVMe/FC.
  • kdump is not supported with NVMe/FC.
  • Booting from Storage Area Network (SAN) NVMe/FC is not supported.

12.2.12. Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)

DIF/DIX is an addition to the SCSI Standard. It remains in Technology Preview for all HBAs and storage arrays, except for those specifically listed as supported.

DIF/DIX increases the size of the commonly used 512 byte disk block from 512 to 520 bytes, adding the Data Integrity Field (DIF). The DIF stores a checksum value for the data block that is calculated by the Host Bus Adapter (HBA) when a write occurs. The storage device then confirms the checksum on receipt, and stores both the data and the checksum. Conversely, when a read occurs, the checksum can be verified by the storage device, and by the receiving HBA.

12.2.13. libstoragemgmt-netapp-plugin has been removed

The libstoragemgmt-netapp-plugin package used by the libStorageMgmt library has been removed. It is no longer supported because:

  • The package requires the NetApp 7-mode API, which is being phased out by NetApp.
  • RHEL 8 has removed default support for the TLSv1.0 protocol with the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher, using this plug-in with TLS does not work.

12.2.14. Removal of Cylinder-Head-Sector addressing from sfdisk and cfdisk

Cylinder-Head-Sector (CHS) addressing is no longer useful for modern storage devices. It has been removed as an option from the sfdisk and cfdisk commands. Since RHEL 8, you cannot use the following options:

  • -C, --cylinders number
  • -H, --heads number
  • -S, --sectors number

For more information, see the sfdisk(8) and cfdisk(8) man pages.

12.3. LVM

12.3.1. Removal of clvmd for managing shared storage devices

LVM no longer uses clvmd (cluster lvm daemon) for managing shared storage devices. Instead, LVM now uses lvmlockd (lvm lock daemon).

  • For details about using lvmlockd, see the lvmlockd(8) man page on your system. For details about using shared storage in general, see the lvmsystemid(7) man page on your system.
  • For information about using LVM in a Pacemaker cluster, see the help screen for the LVM-activate resource agent.
  • For an example of a procedure to configure a shared logical volume in a Red Hat High Availability cluster, see Configuring a GFS2 file system in a cluster.

12.3.2. Removal of lvmetad daemon

LVM no longer uses the lvmetad daemon for caching metadata, and will always read metadata from disk. LVM disk reading has been reduced, which reduces the benefits of caching.

Previously, autoactivation of logical volumes was indirectly tied to the use_lvmetad setting in the lvm.conf configuration file. The correct way to disable autoactivation continues to be setting auto_activation_volume_list in the lvm.conf file.

12.3.3. LVM can no longer manage devices formatted with the GFS pool volume manager or the lvm1 metadata format.

LVM can no longer manage devices formatted with the GFS pool volume manager or the`lvm1` metadata format. if you created your logical volume before Red Hat Enterprise Linux 4 was introduced, then this may affect you. Volume groups using the lvm1 format should be converted to the lvm2 format using the vgconvert command.

12.3.4. LVM libraries and LVM Python bindings have been removed

The lvm2app library and LVM Python bindings, which were provided by the lvm2-python-libs package, have been removed. Red Hat recommends the following solutions instead:

  • The LVM D-Bus API in combination with the lvm2-dbusd service. This requires using Python version 3.
  • The LVM command-line utilities with JSON formatting; this formatting has been available since the lvm2 package version 2.02.158.
  • The libblockdev library, included in AppStream, for C/C++

You must port any applications using the removed libraries and bindings to the D-Bus API before upgrading to Red Hat Enterprise Linux 8.

12.3.5. The ability to mirror the log for LVM mirrors has been removed

The mirrored log feature of mirrored LVM volumes has been removed. Red Hat Enterprise Linux (RHEL) 8 no longer supports creating or activating LVM volumes with a mirrored mirror log.

The recommended replacements are:

  • RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure.
  • Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command: lvconvert --mirrorlog disk my_vg/my_lv.

Chapter 13. High availability and clusters

In Red Hat Enterprise Linux 8, pcs fully supports the Corosync 3 cluster engine and the Kronosnet (knet) network abstraction layer for cluster communication. When planning an upgrade to a RHEL 8 cluster from an existing RHEL 7 cluster, some of the considerations you must take into account are as follows:

  • Application versions: What version of the highly-available application will the RHEL 8 cluster require?
  • Application process order: What may need to change in the start and stop processes of the application?
  • Cluster infrastructure: Since pcs supports multiple network connections in RHEL 8, does the number of NICs known to the cluster change?
  • Needed packages: Do you need to install all of the same packages on the new cluster?

Because of these and other considerations for running a Pacemaker cluster in RHEL 8, it is not possible to perform in-place upgrades from RHEL 7 to RHEL 8 clusters and you must configure a new cluster in RHEL 8. You cannot run a cluster that includes nodes running both RHEL 7 and RHEL 8.

Additionally, you should plan for the following before performing an upgrade:

  • Final cutover: What is the process to stop the application running on the old cluster and start it on the new cluster to reduce application downtime?
  • Testing: Is it possible to test your upgrade strategy ahead of time in a development/test environment?

The major differences in cluster creation and administration between RHEL 7 and RHEL 8 are listed in the following sections.

13.1. New formats for pcs cluster setup, pcs cluster node add and pcs cluster node remove commands

In Red Hat Enterprise Linux 8, pcs fully supports the use of node names, which are now required and replace node addresses in the role of node identifier. Node addresses are now optional.

  • In the pcs host auth command, node addresses default to node names.
  • In the pcs cluster setup and pcs cluster node add commands, node addresses default to the node addresses specified in the pcs host auth command.

With these changes, the formats for the commands to set up a cluster, add a node to a cluster, and remove a node from a cluster have changed. For information about these new command formats, see the help display for the pcs cluster setup, pcs cluster node add and pcs cluster node remove commands.

13.2. Master resources renamed to promotable clone resources

Red Hat Enterprise Linux (RHEL) 8 supports Pacemaker 2.0, in which a master/slave resource is no longer a separate type of resource but a standard clone resource with a promotable meta-attribute set to true. The following changes have been implemented in support of this update:

  • It is no longer possible to create master resources with the pcs command. Instead, it is possible to create promotable clone resources. Related keywords and commands have been changed from master to promotable.
  • All existing master resources are displayed as promotable clone resources.
  • When managing a RHEL7 cluster in the Web UI, master resources are still called master, as RHEL7 clusters do not support promotable clones.

13.3. New commands for authenticating nodes in a cluster

Red Hat Enterprise Linux (RHEL) 8 incorporates the following changes to the commands used to authenticate nodes in a cluster.

  • The new command for authentication is pcs host auth. This command allows users to specify host names, addresses and pcsd ports.
  • The pcs cluster auth command authenticates only the nodes in a local cluster and does not accept a node list
  • It is now possible to specify an address for each node. pcs/pcsd will then communicate with each node using the specified address. These addresses can be different than the ones corosync uses internally.
  • The pcs pcsd clear-auth command has been replaced by the pcs pcsd deauth and pcs host deauth commands. The new commands allow users to deauthenticate a single host as well as all hosts.
  • Previously, node authentication was bidirectional, and running the pcs cluster auth command caused all specified nodes to be authenticated against each other. The pcs host auth command, however, causes only the local host to be authenticated against the specified nodes. This allows better control of what node is authenticated against what other nodes when running this command. On cluster setup itself, and also when adding a node, pcs automatically synchronizes tokens on the cluster, so all nodes in the cluster are still automatically authenticated as before and the cluster nodes can communicate with each other.

Note that these changes are not backward compatible. Nodes that were authenticated on a RHEL 7 system will need to be authenticated again.

13.4. LVM volumes in a Red Hat High Availability active/passive cluster

When configuring LVM volumes as resources in a Red Hat HA active/passive cluster in RHEL 8, you configure the volumes as an LVM-activate resource. In RHEL 7, you configured the volumes as an LVM resource. For an example of a cluster configuration procedure that includes configuring an LVM volume as a resource in an active/passive cluster in RHEL 8, see Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster.

13.5. Shared LVM volumes in a Red Hat High Availability active/active cluster

In RHEL 8, LVM uses the LVM lock daemon lvmlockd instead of clvmd for managing shared storage devices in an active/active cluster. This requires that you configure the logical volumes on which you mount a GFS2 file system as shared logical volumes.

Additionally, this requires that you use the LVM-activate resource agent to manage an LVM volume and that you use the lvmlockd resource agent to manage the lvmlockd daemon.

For a full procedure for configuring a RHEL 8 Pacemaker cluster that includes GFS2 file systems using shared logical volumes, see Configuring a GFS2 file system in a cluster.

13.6. GFS2 file systems in a RHEL 8 Pacemaker cluster

In RHEL 8, LVM uses the LVM lock daemon lvmlockd instead of clvmd for managing shared storage devices in an active/active cluster as described in Section 12.3.1, “Removal of clvmd for managing shared storage devices”.

To use GFS2 file systems that were created on a RHEL 7 system in a RHEL 8 cluster, you must configure the logical volumes on which they are mounted as shared logical volumes in a RHEL 8 system, and you must start locking for the volume group. For an example of the procedure that configures existing RHEL 7 logical volumes as shared logical volumes for use in a RHEL 8 Pacemaker cluster, see Migrating a GFS2 file system from RHEL7 to RHEL8.

Chapter 14. Shells and command-line tools

14.1. Localization is distributed in multiple packages

In RHEL 8, locales and translations are no longer provided by the single glibc-common package. Instead, every locale and language is available in a glibc-langpack-CODE package. Additionally, not all locales are installed by default, only these selected in the installer. Users must install all further locale packages that they need separately.

The meta-packages which install extra add-on packages containing translations, dictionaries and locales for every package installed on the system are called langpacks.

For more information see Using langpacks.

14.2. Removed support for all-numeric user and group names

In Red Hat Enterprise Linux (RHEL) 8, the useradd and groupadd commands does not allow you to use user and group names consisting purely of numeric characters. The reason for not allowing such names is that this can confuse tools that work with user and group names and user and group ids, which are numbers.

See more information about Adding a new user from the command line.

14.3. The nobody user replaces nfsnobody

Red Hat Enterprise Linux (RHEL) 7 used the nobody user and group pair with the ID of 99 and the nfsnobody user and group pair with the ID of 65534, which is also the default kernel overflow ID.

In RHEL 8, both of these pair have been merged into the nobody user and group pair, which uses the ID of 65534. The nfsnobody pair is not created in RHEL 8.

This change reduces the confusion about files that are owned by nobody but are not related to NFS.

14.4. Version control systems

RHEL 8 provides the following version control systems:

  • Git 2.18, a distributed revision control system with a decentralized architecture.
  • Mercurial 4.8, a lightweight distributed version control system, designed for efficient handling of large projects.
  • Subversion 1.10, a centralized version control system.

Note that the Concurrent Versions System (CVS) and Revision Control System (RCS), available in RHEL 7, are not distributed with RHEL 8.

14.4.1. Notable changes in Subversion 1.10

Subversion 1.10 introduces a number of new features since the version 1.7 distributed in RHEL 7, as well as the following compatibility changes:

  • Due to incompatibilities in the Subversion libraries used for supporting language bindings, Python 3 bindings for Subversion 1.10 are unavailable. As a consequence, applications that require Python bindings for Subversion are unsupported.
  • Repositories based on Berkeley DB are no longer supported. Before upgrading, back up repositories created with Subversion 1.7 by using the svnadmin dump command. After installing RHEL 8, restore the repositories using the svnadmin load command.
  • Existing working copies checked out by the Subversion 1.7 client in RHEL 7 must be upgraded to the new format before they can be used from Subversion 1.10. After installing RHEL 8, run the svn upgrade command in each working copy.
  • Smartcard authentication for accessing repositories using https:// is no longer supported.

14.5. Packages moved from crontab entries to systemd timer

The packages used in crontab entries now use systemd timers. Run the following commands to find packages with systemd timer entries:

$ repoquery --qf %{name} -f '/usr/lib/systemd/system/*.timer'
$ repoquery --qf %{name} -f '/etc/cron./'

Chapter 15. Dynamic programming languages, web servers, database servers

15.1. Dynamic programming languages

15.1.1. Notable changes in Python

15.1.1.1. Python 3 is the default Python implementation in RHEL 8

Red Hat Enterprise Linux 8 is distributed with several versions of Python 3. Python 3.6 is going to be supported for the whole life cycle of RHEL 8. The respective package might not be installed by default.

Python 2.7 is available in the python2 package. However, Python 2 will have a shorter life cycle and its aim is to facilitate a smoother transition to Python 3 for customers.

For details, see Python versions.

Neither the default python package nor the unversioned /usr/bin/python executable is distributed with RHEL 8. Customers are advised to use python3 or python2 directly. Alternatively, administrators can configure the unversioned python command using the alternatives command. See Configuring the unversioned Python.

15.1.1.2. Migrating from Python 2 to Python 3

As a developer, you may want to migrate your former code that is written in Python 2 to Python 3.

For more information about how to migrate large code bases to Python 3, see The Conservative Python 3 Porting Guide.

Note that after this migration, the original Python 2 code becomes interpretable by the Python 3 interpreter and stays interpretable for the Python 2 interpreter as well.

15.1.1.3. Configuring the unversioned Python

System administrators can configure the unversioned python command, located at /usr/bin/python, using the alternatives command. Note that the required package, python3, python38, python39, python3.11, python3.12, or python2, must be installed before configuring the unversioned command to the respective version.

Important

The /usr/bin/python executable is controlled by the alternatives system. Any manual changes may be overwritten upon an update.

Additional Python-related commands, such as pip3, do not have configurable unversioned variants.

15.1.1.3.1. Configuring the unversioned python command directly

You can configure the unversioned python command directly to a selected version of Python.

Prerequisites

  • Ensure that the required version of Python is installed.

Procedure

  • To configure the unversioned python command to Python 3.6, use:

    # alternatives --set python /usr/bin/python3
  • To configure the unversioned python command to Python 3.8, use:

    # alternatives --set python /usr/bin/python3.8
  • To configure the unversioned python command to Python 3.9, use:

    # alternatives --set python /usr/bin/python3.9
  • To configure the unversioned python command to Python 3.11, use:

    # alternatives --set python /usr/bin/python3.11
  • To configure the unversioned python command to Python 3.12, use:

    # alternatives --set python /usr/bin/python3.12
  • To configure the unversioned python command to Python 2, use:

    # alternatives --set python /usr/bin/python2
15.1.1.3.2. Configuring the unversioned python command to the required Python version interactively

You can configure the unversioned python command to the required Python version interactively.

Prerequisites

  • Ensure that the required version of Python is installed.

Procedure

  1. To configure the unversioned python command interactively, use:

    # alternatives --config python
  2. Select the required version from the provided list.
  3. To reset this configuration and remove the unversioned python command, use:

    # alternatives --auto python
15.1.1.3.3. Additional resources
  • alternatives(8) and unversioned-python(1) man pages on your system
15.1.1.4. Handling interpreter directives in Python scripts

In Red Hat Enterprise Linux 8, executable Python scripts are expected to use interpreter directives (also known as hashbangs or shebangs) that explicitly specify at a minimum the major Python version. For example:

#!/usr/bin/python3
#!/usr/bin/python3.6
#!/usr/bin/python3.8
#!/usr/bin/python3.9
#!/usr/bin/python3.11
#!/usr/bin/python3.12
#!/usr/bin/python2

The /usr/lib/rpm/redhat/brp-mangle-shebangs buildroot policy (BRP) script is run automatically when building any RPM package, and attempts to correct interpreter directives in all executable files.

The BRP script generates errors when encountering a Python script with an ambiguous interpreter directive, such as:

#!/usr/bin/python

or

#!/usr/bin/env python
15.1.1.4.1. Modifying interpreter directives in Python scripts

Modify interpreter directives in the Python scripts that cause the build errors at RPM build time.

Prerequisites

  • Some of the interpreter directives in your Python scripts cause a build error.

Procedure

To modify interpreter directives, complete one of the following tasks:

  • Apply the pathfix.py script from the platform-python-devel package:

    # pathfix.py -pn -i %{__python3} PATH …​

    Note that multiple PATHs can be specified. If a PATH is a directory, pathfix.py recursively scans for any Python scripts matching the pattern ^[a-zA-Z0-9_]+\.py$, not only those with an ambiguous interpreter directive. Add this command to the %prep section or at the end of the %install section.

  • Modify the packaged Python scripts so that they conform to the expected format. For this purpose, pathfix.py can be used outside the RPM build process, too. When running pathfix.py outside an RPM build, replace %{__python3} from the example above with a path for the interpreter directive, such as /usr/bin/python3.

If the packaged Python scripts require a version other than Python 3.6, adjust the preceding commands to include the required version.

15.1.1.4.2. Changing /usr/bin/python3 interpreter directives in your custom packages

By default, interpreter directives in the form of /usr/bin/python3 are replaced with interpreter directives pointing to Python from the platform-python package, which is used for system tools with Red Hat Enterprise Linux. You can change the /usr/bin/python3 interpreter directives in your custom packages to point to a specific version of Python that you have installed from the AppStream repository.

Procedure

  • To build your package for a specific version of Python, add the python*-rpm-macros subpackage of the respective python package to the BuildRequires section of the spec file. For example, for Python 3.6, include the following line:

    BuildRequires:  python36-rpm-macros

    As a result, the /usr/bin/python3 interpreter directives in your custom package are automatically converted to /usr/bin/python3.6.

Note

To prevent the BRP script from checking and modifying interpreter directives, use the following RPM directive:

%undefine __brp_mangle_shebangs
15.1.1.5. Python binding of the net-snmp package is unavailable

The Net-SNMP suite of tools does not provide binding for Python 3, which is the default Python implementation in RHEL 8. Consequently, python-net-snmp, python2-net-snmp, or python3-net-snmp packages are unavailable in RHEL 8.

15.1.2. Notable changes in PHP

Red Hat Enterprise Linux 8 is distributed with PHP 7.2. This version introduces the following major changes over PHP 5.4, which is available in RHEL 7:

  • PHP uses FastCGI Process Manager (FPM) by default (safe for use with a threaded httpd)
  • The php_value and php-flag variables should no longer be used in the httpd configuration files; they should be set in pool configuration instead: /etc/php-fpm.d/*.conf
  • PHP script errors and warnings are logged to the /var/log/php-fpm/www-error.log file instead of /var/log/httpd/error.log
  • When changing the PHP max_execution_time configuration variable, the httpd ProxyTimeout setting should be increased to match
  • The user running PHP scripts is now configured in the FPM pool configuration (the /etc/php-fpm.d/www.conf file; the apache user is the default)
  • The php-fpm service needs to be restarted after a configuration change or after a new extension is installed
  • The zip extension has been moved from the php-common package to a separate package, php-pecl-zip

The following extensions have been removed:

  • aspell
  • mysql (note that the mysqli and pdo_mysql extensions are still available, provided by php-mysqlnd package)
  • memcache

15.1.3. Notable changes in Perl

Perl 5.26, distributed with RHEL 8, introduces the following changes over the version available in RHEL 7:

  • Unicode 9.0 is now supported.
  • New op-entry, loading-file, and loaded-file SystemTap probes are provided.
  • Copy-on-write mechanism is used when assigning scalars for improved performance.
  • The IO::Socket::IP module for handling IPv4 and IPv6 sockets transparently has been added.
  • The Config::Perl::V module to access perl -V data in a structured way has been added.
  • A new perl-App-cpanminus package has been added, which contains the cpanm utility for getting, extracting, building, and installing modules from the Comprehensive Perl Archive Network (CPAN) repository.
  • The current directory . has been removed from the @INC module search path for security reasons.
  • The do statement now returns a deprecation warning when it fails to load a file because of the behavioral change described above.
  • The do subroutine(LIST) call is no longer supported and results in a syntax error.
  • Hashes are randomized by default now. The order in which keys and values are returned from a hash changes on each perl run. To disable the randomization, set the PERL_PERTURB_KEYS environment variable to 0.
  • Unescaped literal { characters in regular expression patterns are no longer permissible.
  • Lexical scope support for the $_ variable has been removed.
  • Using the defined operator on an array or a hash results in a fatal error.
  • Importing functions from the UNIVERSAL module results in a fatal error.
  • The find2perl, s2p, a2p, c2ph, and pstruct tools have been removed.
  • The ${^ENCODING} facility has been removed. The encoding pragma’s default mode is no longer supported. To write source code in other encoding than UTF-8, use the encoding’s Filter option.
  • The perl packaging is now aligned with upstream. The perl package installs also core modules and is suitable for development. On production systems, use the perl-interpreter package, which contains the main /usr/bin/perl interpreter. In previous releases, the perl package included just a minimal interpreter, whereas the perl-core package included both the interpreter and the core modules.
  • The IO::Socket::SSL Perl module no longer loads a certificate authority certificate from the ./certs/my-ca.pem file or the ./ca directory, a server private key from the ./certs/server-key.pem file, a server certificate from the ./certs/server-cert.pem file, a client private key from the ./certs/client-key.pem file, and a client certificate from the ./certs/client-cert.pem file. Specify the paths to the files explicitly instead.

15.1.4. Notable changes in Ruby

RHEL 8 provides Ruby 2.5, which introduces numerous new features and enhancements over Ruby 2.0.0 available in RHEL 7. Notable changes include:

  • Incremental garbage collector has been added.
  • The Refinements syntax has been added.
  • Symbols are now garbage collected.
  • The $SAFE=2 and $SAFE=3 safe levels are now obsolete.
  • The Fixnum and Bignum classes have been unified into the Integer class.
  • Performance has been improved by optimizing the Hash class, improved access to instance variables, and the Mutex class being smaller and faster.
  • Certain old APIs have been deprecated.
  • Bundled libraries, such as RubyGems, Rake, RDoc, Psych, Minitest, and test-unit, have been updated.
  • Other libraries, such as mathn, DL, ext/tk, and XMLRPC, which were previously distributed with Ruby, are deprecated or no longer included.
  • The SemVer versioning scheme is now used for Ruby versioning.

15.1.5. Notable changes in SWIG

RHEL 8 includes the Simplified Wrapper and Interface Generator (SWIG) version 3.0, which provides numerous new features, enhancements, and bug fixes over the version 2.0 distributed in RHEL 7. Most notably, support for the C++11 standard has been implemented. SWIG now supports also Go 1.6, PHP 7, Octave 4.2, and Python 3.5.

15.1.6. Node.js new in RHEL

Node.js, a software development platform for building fast and scalable network applications in the JavaScript programming language, is provided for the first time in RHEL. It was previously available only as a Software Collection. RHEL 8 provides Node.js 10.

15.2. Tcl

Tool command language (Tcl) is a dynamic programming language. The interpreter for this language, together with the C library, is provided by the tcl package.

Using Tcl paired with Tk (Tcl/Tk) enables creating cross-platform GUI applications. Tk is provided by the tk package.

Note that Tk can refer to any of the following:

  • A programming toolkit for multiple languages
  • A Tk C library bindings available for multiple languages, such as C, Ruby, Perl and Python
  • A wish interpreter that instantiates a Tk console
  • A Tk extension that adds a number of new commands to a particular Tcl interpreter

15.2.1. Notable changes in Tcl/Tk 8.6

RHEL 8 is distributed with Tcl/Tk version 8.6, which provides multiple notable changes over Tcl/Tk version 8.5:

  • Object-oriented programming support
  • Stackless evaluation implementation
  • Enhanced exceptions handling
  • Collection of third-party packages built and installed with Tcl
  • Multi-thread operations enabled
  • SQL database-powered scripts support
  • IPv6 networking support
  • Built-in Zlib compression
  • List processing

    Two new commands, lmap and dict map are available, which allow the expression of transformations over Tcl containers.

  • Stacked channels by script

    Two new commands, chan push and chan pop are available, which allow to add or remove transformations to or from I/O channels.

For more detailed information about Tcl/Tk version 8.6 changes and new feaures, see the following resources:

If you need to migrate to Tcl/Tk 8.6, see Migration path for users scripting their tasks with Tcl/Tk.

15.3. Web servers

15.3.1. Notable changes in the Apache HTTP Server

The Apache HTTP Server has been updated from version 2.4.6 in RHEL 7 to version 2.4.37 in RHEL 8. This updated version includes several new features, but maintains backwards compatibility with the RHEL 7 version at the level of configuration and Application Binary Interface (ABI) of external modules.

New features include:

  • HTTP/2 support is now provided by the mod_http2 package, which is a part of the httpd module.
  • systemd socket activation is supported. See httpd.socket(8) man page for more details.
  • Multiple new modules have been added:

    • mod_proxy_hcheck - a proxy health-check module
    • mod_proxy_uwsgi - a Web Server Gateway Interface (WSGI) proxy
    • mod_proxy_fdpass - provides support for the passing the socket of the client to another process
    • mod_cache_socache - an HTTP cache using, for example, memcache backend
    • mod_md - an ACME protocol SSL/TLS certificate service
  • The following modules now load by default:

    • mod_request
    • mod_macro
    • mod_watchdog
  • A new subpackage, httpd-filesystem, has been added, which contains the basic directory layout for the Apache HTTP Server including the correct permissions for the directories.
  • Instantiated service support, httpd@.service has been introduced. See the httpd.service man page for more information.
  • A new httpd-init.service replaces the %post script to create a self-signed mod_ssl key pair.
  • Automated TLS certificate provisioning and renewal using the Automatic Certificate Management Environment (ACME) protocol is now supported with the mod_md package (for use with certificate providers such as Let’s Encrypt).
  • The Apache HTTP Server now supports loading TLS certificates and private keys from hardware security tokens directly from PKCS#11 modules. As a result, a mod_ssl configuration can now use PKCS#11 URLs to identify the TLS private key, and, optionally, the TLS certificate in the SSLCertificateKeyFile and SSLCertificateFile directives.
  • A new ListenFree directive in the /etc/httpd/conf/httpd.conf file is now supported.

    Similarly to the Listen directive, ListenFree provides information about IP addresses, ports, or IP address-and-port combinations that the server listens to. However, with ListenFree, the IP_FREEBIND socket option is enabled by default. Hence, httpd is allowed to bind to a nonlocal IP address or to an IP address that does not exist yet. This allows httpd to listen on a socket without requiring the underlying network interface or the specified dynamic IP address to be up at the time when httpd is trying to bind to it.

    Note that the ListenFree directive is currently available only in RHEL 8.

    For more details on ListenFree, see the following table:

    Table 15.1. ListenFree directive’s syntax, status, and modules
    SyntaxStatusModules

    ListenFree [IP-address:]portnumber [protocol]

    MPM

    event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2

Other notable changes include:

  • The following modules have been removed:

  • The default type of the DBM authentication database used by the Apache HTTP Server in RHEL 8 has been changed from SDBM to db5.
  • The mod_wsgi module for the Apache HTTP Server has been updated to Python 3. WSGI applications are now supported only with Python 3, and must be migrated from Python 2.
  • The multi-processing module (MPM) configured by default with the Apache HTTP Server has changed from a multi-process, forked model (known as prefork) to a high-performance multi-threaded model, event.

    Any third-party modules that are not thread-safe need to be replaced or removed. To change the configured MPM, edit the /etc/httpd/conf.modules.d/00-mpm.conf file. See the httpd.service(8) man page for more information.

  • The minimum UID and GID allowed for users by suEXEC are now 1000 and 500, respectively (previously 100 and 100).
  • The /etc/sysconfig/httpd file is no longer a supported interface for setting environment variables for the httpd service. The httpd.service(8) man page has been added for the systemd service.
  • Stopping the httpd service now uses a “graceful stop” by default.
  • The mod_auth_kerb module has been replaced by the mod_auth_gssapi module.

For instructions on deploying, see Setting up the Apache HTTP web server.

15.3.2. The nginx web server new in RHEL

RHEL 8 introduces nginx 1.14, a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. nginx was previously available only as a Software Collection.

The nginx web server now supports loading TLS private keys from hardware security tokens directly from PKCS#11 modules. As a result, an nginx configuration can use PKCS#11 URLs to identify the TLS private key in the ssl_certificate_key directive.

15.3.3. Apache Tomcat removed in RHEL 8.0, reintroduced in RHEL 8.8

The Apache Tomcat server was removed from Red Hat Enterprise Linux 8.0 and reintroduced in RHEL 8.8. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0.

Users of earlier minor versions than RHEL 8.8 who require a servlet container can use the JBoss Web Server.

15.4. Proxy caching servers

15.4.1. Varnish Cache new in RHEL

Varnish Cache, a high-performance HTTP reverse proxy, is provided for the first time in RHEL. It was previously available only as a Software Collection. Varnish Cache stores files or fragments of files in memory that are used to reduce the response time and network bandwidth consumption on future equivalent requests. RHEL 8.0 is distributed with Varnish Cache 6.0.

15.4.2. Notable changes in Squid

RHEL 8.0 is distributed with Squid 4.4, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. This release provides numerous new features, enhancements, and bug fixes over the version 3.5 available in RHEL 7.

Notable changes include:

  • Configurable helper queue size
  • Changes to helper concurrency channels
  • Changes to the helper binary
  • Secure Internet Content Adaptation Protocol (ICAP)
  • Improved support for Symmetric Multi Processing (SMP)
  • Improved process management
  • Removed support for SSL
  • Removed Edge Side Includes (ESI) custom parser
  • Multiple configuration changes

15.5. Database servers

RHEL 8 provides the following database servers:

  • MySQL 8.0, a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
  • MariaDB 10.3, a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
  • PostgreSQL 10 and PostgreSQL 9.6, an advanced object-relational database management system (DBMS).
  • Redis 5, an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, and sorted sets. Redis is provided for the first time in RHEL.

Note that the NoSQL MongoDB database server is not included in RHEL 8.0 because it uses the Server Side Public License (SSPL).

Database servers are not installable in parallel

The mariadb and mysql modules cannot be installed in parallel in RHEL 8.0 due to conflicting RPM packages.

By design, it is impossible to install more than one version (stream) of the same module in parallel. For example, you need to choose only one of the available streams from the postgresql module, either 10 (default) or 9.6. Parallel installation of components is possible in Red Hat Software Collections for RHEL 6 and RHEL 7. In RHEL 8, different versions of database servers can be used in containers.

15.5.1. Notable changes in MariaDB 10.3

MariaDB 10.3 provides numerous new features over the version 5.5 distributed in RHEL 7, such as:

  • Common table expressions
  • System-versioned tables
  • FOR loops
  • Invisible columns
  • Sequences
  • Instant ADD COLUMN for InnoDB
  • Storage-engine independent column compression
  • Parallel replication
  • Multi-source replication

In addition, the new mariadb-connector-c packages provide a common client library for MySQL and MariaDB. This library is usable with any version of the MySQL and MariaDB database servers. As a result, the user is able to connect one build of an application to any of the MySQL and MariaDB servers distributed with RHEL 8.

Other notable changes include:

  • MariaDB Galera Cluster, a synchronous multi-source cluster, is now a standard part of MariaDB.
  • InnoDB is used as the default storage engine instead of XtraDB.
  • The mariadb-bench subpackage has been removed.
  • The default allowed level of the plug-in maturity has been changed to one level less than the server maturity. As a result, plug-ins with a lower maturity level that were previously working, will no longer load.

See also Using MariaDB on Red Hat Enterprise Linux 8.

15.5.2. Notable changes in MySQL 8.0

RHEL 8 is distributed with MySQL 8.0, which provides, for example, the following enhancements:

  • MySQL now incorporates a transactional data dictionary, which stores information about database objects.
  • MySQL now supports roles, which are collections of privileges.
  • The default character set has been changed from latin1 to utf8mb4.
  • Support for common table expressions, both nonrecursive and recursive, has been added.
  • MySQL now supports window functions, which perform a calculation for each row from a query, using related rows.
  • InnoDB now supports the NOWAIT and SKIP LOCKED options with locking read statements.
  • GIS-related functions have been improved.
  • JSON functionality has been enhanced.
  • The new mariadb-connector-c packages provide a common client library for MySQL and MariaDB. This library is usable with any version of the MySQL and MariaDB database servers. As a result, the user is able to connect one build of an application to any of the MySQL and MariaDB servers distributed with RHEL 8.

In addition, the MySQL 8.0 server distributed with RHEL 8 is configured to use mysql_native_password as the default authentication plug-in because client tools and libraries in RHEL 8 are incompatible with the caching_sha2_password method, which is used by default in the upstream MySQL 8.0 version.

To change the default authentication plug-in to caching_sha2_password, edit the /etc/my.cnf.d/mysql-default-authentication-plugin.cnf file as follows:

[mysqld]
default_authentication_plugin=caching_sha2_password

15.5.3. Notable changes in PostgreSQL

RHEL 8.0 provides two versions of the PostgreSQL database server, distributed in two streams of the postgresql module: PostgreSQL 10 (the default stream) and PostgreSQL 9.6. RHEL 7 includes PostgreSQL version 9.2.

Notable changes in PostgreSQL 9.6 are, for example:

  • Parallel execution of the sequential operations: scan, join, and aggregate
  • Enhancements to synchronous replication
  • Improved full-text search enabling users to search for phrases
  • The postgres_fdw data federation driver now supports remote join, sort, UPDATE, and DELETE operations
  • Substantial performance improvements, especially regarding scalability on multi-CPU-socket servers

Major enhancements in PostgreSQL 10 include:

  • Logical replication using the publish and subscribe keywords
  • Stronger password authentication based on the SCRAM-SHA-256 mechanism
  • Declarative table partitioning
  • Improved query parallelism
  • Significant general performance improvements
  • Improved monitoring and control

See also Using PostgreSQL on Red Hat Enterprise Linux 8.

Chapter 16. Compilers and development tools

16.1. Changes in toolchain since RHEL 7

The following sections list changes in toolchain since the release of the described components in Red Hat Enterprise Linux 7. See also Release notes for Red Hat Enterprise Linux 8.0.

16.1.1. Changes in GCC in RHEL 8

In Red Hat Enterprise Linux 8, the GCC toolchain is based on the GCC 8.2 release series. Notable changes since Red Hat Enterprise Linux 7 include:

  • Numerous general optimizations have been added, such as alias analysis, vectorizer improvements, identical code folding, inter-procedural analysis, store merging optimization pass, and others.
  • The Address Sanitizer has been improved.
  • The Leak Sanitizer for detection of memory leaks has been added.
  • The Undefined Behavior Sanitizer for detection of undefined behavior has been added.
  • Debug information can now be produced in the DWARF5 format. This capability is experimental.
  • The source code coverage analysis tool GCOV has been extended with various improvements.
  • Support for the OpenMP 4.5 specification has been added. Additionally, the offloading features of the OpenMP 4.0 specification are now supported by the C, C++, and Fortran compilers.
  • New warnings and improved diagnostics have been added for static detection of certain likely programming errors.
  • Source locations are now tracked as ranges rather than points, which allows much richer diagnostics. The compiler now offers “fix-it” hints, suggesting possible code modifications. A spell checker has been added to offer alternative names and ease detecting typos.

Security

GCC has been extended to provide tools to ensure additional hardening of the generated code. Improvements related to security include:

  • The __builtin_add_overflow, __builtin_sub_overflow, and __builtin_mul_overflow built-in functions for arithmetics with overflow checking have been added.
  • The -fstack-clash-protection option has been added to generate additional code guarding against stack clash.
  • The -fcf-protection option was introduced to check target addresses of control-flow instructions for increased program security.
  • The new -Wstringop-truncation warning option lists calls to bounded string manipulation functions such as strncat, strncpy, or stpncpy that might truncate the copied string or leave the destination unchanged.
  • The -Warray-bounds warning option has been improved to detect out-of-bounds array indices and pointer offsets better.
  • The -Wclass-memaccess warning option has been added to warn about potentially unsafe manipulation of objects of non-trivial class types by raw memory access functions such as memcpy or realloc.

Architecture and processor support

Improvements to architecture and processor support include:

  • Multiple new architecture-specific options for the Intel AVX-512 architecture, a number of its microarchitectures, and Intel Software Guard Extensions (SGX) have been added.
  • Code generation can now target the 64-bit ARM architecture LSE extensions, ARMv8.2-A 16-bit Floating-Point Extensions (FPE), and ARMv8.2-A, ARMv8.3-A, and ARMv8.4-A architecture versions.
  • Handling of the -march=native option on the ARM and 64-bit ARM architectures has been fixed.
  • Support for the z13 and z14 processors of the 64-bit IBM Z architecture has been added.

Languages and standards

Notable changes related to languages and standards include:

  • The default standard used when compiling code in the C language has changed to C17 with GNU extensions.
  • The default standard used when compiling code in the C++ language has changed to C++14 with GNU extensions.
  • The C++ runtime library now supports the C++11 and C++14 standards.
  • The C++ compiler now implements the C++14 standard with many new features such as variable templates, aggregates with non-static data member initializers, the extended constexpr specifier, sized deallocation functions, generic lambdas, variable-length arrays, digit separators, and others.
  • Support for the C language standard C11 has been improved: ISO C11 atomics, generic selections, and thread-local storage are now available.
  • The new __auto_type GNU C extension provides a subset of the functionality of C++11 auto keyword in the C language.
  • The _FloatN and _FloatNx type names specified by the ISO/IEC TS 18661-3:2015 standard are now recognized by the C front end.
  • The default standard used when compiling code in the C language has changed to C17 with GNU extensions. This has the same effect as using the --std=gnu17 option. Previously, the default was C89 with GNU extensions.
  • GCC can now experimentally compile code using the C++17 language standard and certain features from the C++20 standard.
  • Passing an empty class as an argument now takes up no space on the Intel 64 and AMD64 architectures, as required by the platform ABI. Passing or returning a class with only deleted copy and move constructors now uses the same calling convention as a class with a non-trivial copy or move constructor.
  • The value returned by the C++11 alignof operator has been corrected to match the C _Alignof operator and return minimum alignment. To find the preferred alignment, use the GNU extension __alignof__.
  • The main version of the libgfortran library for Fortran language code has been changed to 5.
  • Support for the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed. Use the Go Toolset for Go code development.

16.1.2. Security enhancements in GCC in RHEL 8

This following are changes in GCC related to security and added since the release of Red Hat Enterprise Linux 7.0.

New warnings

These warning options have been added:

OptionDisplays warnings for

-Wstringop-truncation

Calls to bounded string manipulation functions such as strncat, strncpy, and stpncpy that might either truncate the copied string or leave the destination unchanged.

-Wclass-memaccess

Objects of non-trivial class types manipulated in potentially unsafe ways by raw memory functions such as memcpy or realloc.

The warning helps detect calls that bypass user-defined constructors or copy-assignment operators, corrupt virtual table pointers, data members of const-qualified types or references, or member pointers. The warning also detects calls that would bypass access controls to data members.

-Wmisleading-indentation

Places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader.

-Walloc-size-larger-than=size

Calls to memory allocation functions where the amount of memory to allocate exceeds size. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute alloc_size.

-Walloc-zero

Calls to memory allocation functions that attempt to allocate zero amount of memory. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute alloc_size.

-Walloca

All calls to the alloca function.

-Walloca-larger-than=size

Calls to the alloca function where the requested memory is more than size.

-Wvla-larger-than=size

Definitions of Variable Length Arrays (VLA) that can either exceed the specified size or whose bound is not known to be sufficiently constrained.

-Wformat-overflow=level

Both certain and likely buffer overflow in calls to the sprintf family of formatted output functions. For more details and explanation of the level value, see the gcc(1) manual page.

-Wformat-truncation=level

Both certain and likely output truncation in calls to the snprintf family of formatted output functions. For more details and explanation of the level value, see the gcc(1) manual page.

-Wstringop-overflow=type

Buffer overflow in calls to string handling functions such as memcpy and strcpy. For more details and explanation of the level value, see the gcc(1) manual page.

Warning improvements

These GCC warnings have been improved:

  • The -Warray-bounds option has been improved to detect more instances of out-of-bounds array indices and pointer offsets. For example, negative or excessive indices into flexible array members and string literals are detected.
  • The -Wrestrict option introduced in GCC 7 has been enhanced to detect many more instances of overlapping accesses to objects via restrict-qualified arguments to standard memory and string manipulation functions such as memcpy and strcpy.
  • The -Wnonnull option has been enhanced to detect a broader set of cases of passing null pointers to functions that expect a non-null argument (decorated with attribute nonnull).

New UndefinedBehaviorSanitizer

A new run-time sanitizer for detecting undefined behavior called UndefinedBehaviorSanitizer has been added. The following options are noteworthy:

OptionCheck

-fsanitize=float-divide-by-zero

Detect floating-point division by zero.

-fsanitize=float-cast-overflow

Check that the result of floating-point type to integer conversions do not overflow.

-fsanitize=bounds

Enable instrumentation of array bounds and detect out-of-bounds accesses.

-fsanitize=alignment

Enable alignment checking and detect various misaligned objects.

-fsanitize=object-size

Enable object size checking and detect various out-of-bounds accesses.

-fsanitize=vptr

Enable checking of C++ member function calls, member accesses, and some conversions between pointers to base and derived classes. Additionally, detect when referenced objects do not have correct dynamic type.

-fsanitize=bounds-strict

Enable strict checking of array bounds. This enables -fsanitize=bounds and instrumentation of flexible array member-like arrays.

-fsanitize=signed-integer-overflow

Diagnose arithmetic overflows even on arithmetic operations with generic vectors.

-fsanitize=builtin

Diagnose at run time invalid arguments to __builtin_clz or __builtin_ctz prefixed builtins. Includes checks from -fsanitize=undefined.

-fsanitize=pointer-overflow

Perform cheap run-time tests for pointer wrapping. Includes checks from -fsanitize=undefined.

New options for AddressSanitizer

These options have been added to AddressSanitizer:

OptionCheck

-fsanitize=pointer-compare

Warn about comparison of pointers that point to a different memory object.

-fsanitize=pointer-subtract

Warn about subtraction of pointers that point to a different memory object.

-fsanitize-address-use-after-scope

Sanitize variables whose address is taken and used after a scope where the variable is defined.

Other sanitizers and instrumentation

  • The option -fstack-clash-protection has been added to insert probes when stack space is allocated statically or dynamically to reliably detect stack overflows and thus mitigate the attack vector that relies on jumping over a stack guard page provided by the operating system.
  • A new option -fcf-protection=[full|branch|return|none] has been added to perform code instrumentation and increase program security by checking that target addresses of control-flow transfer instructions (such as indirect function call, function return, indirect jump) are valid.

Additional resources

  • For more details and explanation of the values supplied to some of the options above, see the gcc(1) manual page:

    $ man gcc

16.1.3. Compatibility-breaking changes in GCC in RHEL 8

C++ ABI change in std::string and std::list

The Application Binary Interface (ABI) of the std::string and std::list classes from the libstdc++ library changed between RHEL 7 (GCC 4.8) and RHEL 8 (GCC 8) to conform to the C++11 standard. The libstdc++ library supports both the old and new ABI, but some other C++ system libraries do not. As a consequence, applications that dynamically link against these libraries will need to be rebuilt. This affects all C++ standard modes, including C++98. It also affects applications built with Red Hat Developer Toolset compilers for RHEL 7, which kept the old ABI to maintain compatibility with the system libraries.

GCC no longer builds Ada, Go, and Objective C/C++ code

Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed from the GCC compiler.

To build Go code, use the Go Toolset instead.

16.2. Compiler toolsets

RHEL 8 provides the following compiler toolsets as Application Streams:

  • LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.
  • Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries.
  • Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

For more details and information about usage, see the compiler toolsets user guides on the Red Hat Developer Tools page.

16.3. Java implementations and Java tools in RHEL 8

The RHEL 8 AppStream repository includes:

  • The java-11-openjdk packages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
  • The java-1.8.0-openjdk packages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
  • The icedtea-web packages, which provide an implementation of Java Web Start.
  • The ant module, providing a Java library and command-line tool for compiling, assembling, testing, and running Java applications. Ant has been updated to version 1.10.
  • The maven module, providing a software project management and comprehension tool. Maven was previously available only as a Software Collection or in the unsupported Optional channel.
  • The scala module, providing a general purpose programming language for the Java platform. Scala was previously available only as a Software Collection.

In addition, the java-1.8.0-ibm packages are distributed through the Supplementary repository. Note that packages in this repository are unsupported by Red Hat.

16.4. Compatibility-breaking changes in GDB

The version of GDB provided in Red Hat Enterprise Linux 8 contains a number of changes that break compatibility, especially for cases where the GDB output is read directly from the terminal. The following sections provide more details about these changes.

Parsing output of GDB is not recommended. Prefer scripts using the Python GDB API or the GDB Machine Interface (MI).

GDBserver now starts inferiors with shell

To enable expansion and variable substitution in inferior command line arguments, GDBserver now starts the inferior in a shell, same as GDB.

To disable using the shell:

  • When using the target extended-remote GDB command, disable shell with the set startup-with-shell off command.
  • When using the target remote GDB command, disable shell with the --no-startup-with-shell option of GDBserver.

Example 16.1. Example of shell expansion in remote GDB inferiors

This example shows how running the /bin/echo /* command through GDBserver differs on Red Hat Enterprise Linux versions 7 and 8:

  • On RHEL 7:

    $ gdbserver --multi :1234
    $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*'
    /*
  • On RHEL 8:

    $ gdbserver --multi :1234
    $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*'
    /bin /boot (...) /tmp /usr /var
gcj support removed

Support for debugging Java programs compiled with the GNU Compiler for Java (gcj) has been removed.

New syntax for symbol dumping maintenance commands

The symbol dumping maintenance commands syntax now includes options before file names. As a result, commands that worked with GDB in RHEL 7 do not work in RHEL 8.

As an example, the following command no longer stores symbols in a file, but produces an error message:

(gdb) maintenance print symbols /tmp/out main.c

The new syntax for the symbol dumping maintenance commands is:

maint print symbols [-pc address] [--] [filename]
maint print symbols [-objfile objfile] [-source source] [--] [filename]
maint print psymbols [-objfile objfile] [-pc address] [--] [filename]
maint print psymbols [-objfile objfile] [-source source] [--] [filename]
maint print msymbols [-objfile objfile] [--] [filename]
Thread numbers are no longer global

Previously, GDB used only global thread numbering. The numbering has been extended to be displayed per inferior in the form inferior_num.thread_num, such as 2.1. As a consequence, thread numbers in the $_thread convenience variable and in the InferiorThread.num Python attribute are no longer unique between inferiors.

GDB now stores a second thread ID per thread, called the global thread ID, which is the new equivalent of thread numbers in previous releases. To access the global thread number, use the $_gthread convenience variable and InferiorThread.global_num Python attribute.

For backwards compatibility, the Machine Interface (MI) thread IDs always contains the global IDs.

Example 16.2. Example of GDB thread number changes

On Red Hat Enterprise Linux 7:

# debuginfo-install coreutils
$ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread'
(...)
  Id   Target Id         Frame
* 2    process 203923 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109
  1    process 203914 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109
$1 = 2
(...)
$2 = 1

On Red Hat Enterprise Linux 8:

# dnf debuginfo-install coreutils
$ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread'
(...)
  Id   Target Id         Frame
  1.1  process 4106488 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109
* 2.1  process 4106494 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109
$1 = 1
(...)
$2 = 1
Memory for value contents can be limited

Previously, GDB did not limit the amount of memory allocated for value contents. As a consequence, debugging incorrect programs could cause GDB to allocate too much memory. The max-value-size setting has been added to enable limiting the amount of allocated memory. The default value of this limit is 64 KiB. As a result, GDB in Red Hat Enterprise Linux 8 will not display too large values, but report that the value is too large instead.

As an example, printing a value defined as char s[128*1024]; produces different results:

  • On Red Hat Enterprise Linux 7, $1 = 'A' <repeats 131072 times>
  • On Red Hat Enterprise Linux 8, value requires 131072 bytes, which is more than max-value-size
Sun version of stabs format no longer supported

Support for the Sun version of the stabs debug file format has been removed. The stabs format produced by GCC in RHEL with the gcc -gstabs option is still supported by GDB.

Sysroot handling changes

The set sysroot path command specifies system root when searching for files needed for debugging. Directory names supplied to this command may now be prefixed with the string target: to make GDB read the shared libraries from the target system (both local and remote). The formerly available remote: prefix is now treated as target:. Additionally, the default system root value has changed from an empty string to target: for backward compatibility.

The specified system root is prepended to the file name of the main executable, when GDB starts processes remotely, or when it attaches to already running processes (both local and remote). This means that for remote processes, the default value target: makes GDB always try to load the debugging information from the remote system. To prevent this, run the set sysroot command before the target remote command so that local symbol files are found before the remote ones.

HISTSIZE no longer controls GDB command history size

Previously, GDB used the HISTSIZE environment variable to determine how long command history should be kept. GDB has been changed to use the GDBHISTSIZE environment variable instead. This variable is specific only to GDB. The possible values and their effects are:

  • a positive number - use command history of this size,
  • -1 or an empty string - keep history of all commands,
  • non-numeric values - ignored.
Completion limiting added

The maximum number of candidates considered during completion can now be limited using the set max-completions command. To show the current limit, run the show max-completions command. The default value is 200. This limit prevents GDB from generating excessively large completion lists and becoming unresponsive.

As an example, the output after the input p <tab><tab> is:

  • on RHEL 7: Display all 29863 possibilities? (y or n)
  • on RHEL 8: Display all 200 possibilities? (y or n)
HP-UX XDB compatibility mode removed

The -xdb option for the HP-UX XDB compatibility mode has been removed from GDB.

Handling signals for threads

Previously, GDB could deliver a signal to the current thread instead of the thread for which the signal was actually sent. This bug has been fixed, and GDB now always passes the signal to the correct thread when resuming execution.

Additionally, the signal command now always correctly delivers the requested signal to the current thread. If the program is stopped for a signal and the user switched threads, GDB asks for confirmation.

Breakpoint modes always-inserted off and auto merged

The breakpoint always-inserted setting has been changed. The auto value and corresponding behavior has been removed. The default value is now off. Additionally, the off value now causes GDB to not remove breakpoints from the target until all threads stop.

remotebaud commands no longer supported

The set remotebaud and show remotebaud commands are no longer supported. Use the set serial baud and show serial baud commands instead.

16.5. Compatibility-breaking changes in compilers and development tools

librtkaio removed

With this update, the librtkaio library has been removed. This library provided high-performance real-time asynchronous I/O access for some files, which was based on Linux kernel Asynchronous I/O support (KAIO).

As a result of the removal:

  • Applications using the LD_PRELOAD method to load librtkaio display a warning about a missing library, load the librt library instead and run correctly.
  • Applications using the LD_LIBRARY_PATH method to load librtkaio load the librt library instead and run correctly, without any warning.
  • Applications using the dlopen() system call to access librtkaio directly load the librt library instead.

Users of librtkaio have the following options:

  • Use the fallback mechanism described above, without any changes to their applications.
  • Change code of their applications to use the librt library, which offers a compatible POSIX-compliant API.
  • Change code of their applications to use the libaio library, which offers a compatible API.

Both librt and libaio can provide comparable features and performance under specific conditions.

Note that the libaio package has Red Hat compatibility level of 2, while librtk and the removed librtkaio level 1.

For more details, see https://fedoraproject.org/wiki/Changes/GLIBC223_librtkaio_removal

Sun RPC and NIS interfaces removed from glibc

The glibc library no longer provides Sun RPC and NIS interfaces for new applications. These interfaces are now available only for running legacy applications. Developers must change their applications to use the libtirpc library instead of Sun RPC and libnsl2 instead of NIS. Applications can benefit from IPv6 support in the replacement libraries.

The nosegneg libraries for 32-bit Xen have been removed

Previously, the glibc i686 packages contained an alternative glibc build, which avoided the use of the thread descriptor segment register with negative offsets (nosegneg). This alternative build was only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. These alternative builds are no longer used and they have been removed.

make new operator != causes a different interpretation of certain existing makefile syntax

The != shell assignment operator has been added to GNU make as an alternative to the $(shell …​) function to increase compatibility with BSD makefiles. As a consequence, variables with name ending in exclamation mark and immediately followed by assignment such as variable!=value are now interpreted as the shell assignment. To restore the previous behavior, add a space after the exclamation mark, such as variable! =value.

For more details and differences between the operator and the function, see the GNU make manual.

Valgrind library for MPI debugging support removed

The libmpiwrap.so wrapper library for Valgrind provided by the valgrind-openmpi package has been removed. This library enabled Valgrind to debug programs using the Message Passing Interface (MPI). This library was specific to the Open MPI implementation version in previous versions of Red Hat Enterprise Linux.

Users of libmpiwrap.so are encouraged to build their own version from upstream sources specific to their MPI implementation and version. Supply these custom-built libraries to Valgrind using the LD_PRELOAD technique.

Development headers and static libraries removed from valgrind-devel

Previously, the valgrind-devel sub-package used to include development files for developing custom valgrind tools. This update removes these files because they do not have a guaranteed API, have to be linked statically, and are unsupported. The valgrind-devel package still does contain the development files for valgrind-aware programs and header files such as valgrind.h, callgrind.h, drd.h, helgrind.h, and memcheck.h, which are stable and well-supported.

Chapter 17. Identity Management

17.1. Identity Management packages are installed as a module

In RHEL 8, the packages necessary for installing an Identity Management (IdM) server and client are distributed as a module. The client stream is the default stream of the idm module, and you can download the packages necessary for installing the client without enabling the stream.

The IdM server module stream is called DL1 and contains multiple profiles that correspond to the different types of IdM servers:

  • server: an IdM server without integrated DNS
  • dns: an IdM server with integrated DNS
  • adtrust: an IdM server that has a trust agreement with Active Directory
  • client: an IdM client

To download the packages in a specific profile of the DL1 stream:

  1. Enable the stream:

    # yum module enable idm:DL1
  2. Switch to the RPMs delivered through the stream:

    # yum distro-sync
  3. Install the selected profile:

    # yum module install idm:DL1/profile

    Replace profile with one of the specific profiles defined above.

For details, see Installing packages required for an Identity Management server and Packages required to install an Identity Management client.

17.2. Adding a RHEL 9 replica in FIPS mode to an IdM deployment in FIPS mode that was initialized with RHEL 8.6 or earlier fails

The default RHEL 9 FIPS cryptographic policy aiming to comply with FIPS 140-3 does not allow the use of the AES HMAC-SHA1 encryption types' key derivation function as defined by RFC3961, section 5.1.

This constraint does not allow you to add a RHEL 9 IdM replica in FIPS mode to a RHEL 8 IdM environment in FIPS mode in which the first server was installed on a RHEL 8.6 or earlier systems. This is because there are no common encryption types between RHEL 9 and the previous RHEL versions, which commonly use the AES HMAC-SHA1 encryption types but do not use the AES HMAC-SHA2 encryption types.

Note

You can view the encryption type of your IdM master key by entering the following command on the first IdM server in the RHEL 8 deployment:

# kadmin.local getprinc K/M | grep -E '^Key:'

If the string in the output contains the sha1 term, you must enable the use of AES HMAC-SHA1 on the RHEL 9 replica.

We are working on a solution to generate missing AES HMAC-SHA2-encrypted Kerberos keys on RHEL 7 and RHEL 8 servers. This will achieve FIPS 140-3 compliance on the RHEL 9 replica. However, this process cannot be fully automated, because the design of Kerberos key cryptography makes it impossible to convert existing keys to different encryption types. The only way is to ask users to renew their passwords.

17.3. Active Directory users can now administer Identity Management

In Red Hat Enterprise Linux (RHEL) 7, external group membership allows AD users and groups to access IdM resources in a POSIX environment with the help of the System Security Services Daemon (SSSD).

The IdM LDAP server has its own mechanisms to grant access control. RHEL 8 introduces an update that allows adding an ID user override for an AD user as a member of an IdM group. An ID override is a record describing what a specific Active Directory user or group properties should look like within a specific ID view, in this case the Default Trust View. As a consequence of the update, the IdM LDAP server is able to apply access control rules for the IdM group to the AD user.

AD users are now able to use the self service features of IdM UI, for example to upload their SSH keys, or change their personal data. An AD administrator is able to fully administer IdM without having two different accounts and passwords.

Note

Currently, selected features in IdM may still be unavailable to AD users. For example, setting passwords for IdM users as an AD user from the IdM admins group might fail.

17.4. IdM supports Ansible roles and modules for installation and management

Red Hat Enterprise Linux 8.1 introduces the ansible-freeipa package, which provides Ansible roles and modules for Identity Management (IdM) deployment and management. You can use Ansible roles to install and uninstall IdM servers, replicas, and clients. You can use Ansible modules to manage IdM groups, topology, and users. There are also example playbooks available.

This update simplifies the installation and configuration of IdM based solutions.

17.5. ansible-freeipa is available in the AppStream repository with all dependencies

Starting with RHEL 8.6, installing the ansible-freeipa package automatically installs the ansible-core package, a more basic version of ansible, as a dependency. Both ansible-freeipa and ansible-core are available in the rhel-9-for-x86_64-appstream-rpms repository.

ansible-freeipa in RHEL 8.6 contains all the modules that it contained prior to RHEL 8.6.

Prior to RHEL 8.6, you first had to enable the Ansible repository and install the ansible package. Only then could you install ansible-freeipa.

17.6. An alternative to the traditional RHEL ansible-freeipa repository: Ansible Automation Hub

As of Red Hat Enterprise Linux 8.6, you can download ansible-freeipa modules from the Ansible Automation Hub (AAH) instead of downloading them from the standard RHEL repository. By using AAH, you can benefit from the faster updates of the ansible-freeipa modules available in this repository.

In AAH, ansible-freeipa roles and modules are distributed in the collection format. Note that you need an Ansible Automation Platform (AAP) subscription to access the content on the AAH portal. You also need ansible version 2.14 or later.

The redhat.rhel_idm collection has the same content as the traditional ansible-freeipa package. However, the collection format uses a fully qualified collection name (FQCN) that consists of a namespace and the collection name. For example, the redhat.rhel_idm.ipadnsconfig module corresponds to the ipadnsconfig module in ansible-freeipa provided by a RHEL repository. The combination of a namespace and a collection name ensures that the objects are unique and can be shared without any conflicts.

17.7. Identity Management users can use external identity providers to authenticate to IdM

As of RHEL 8.10, you can associate Identity Management (IdM) users with external identity providers (IdPs) that support the OAuth 2 device authorization flow. Examples of such IdPs include Red Hat build of Keycloak, Azure Entra ID, Github, Google, and Facebook.

If an IdP reference and an associated IdP user ID exist in IdM, you can use them to enable an IdM user to authenticate at the external IdP. After performing authentication and authorization at the external IdP, the IdM user receives a Kerberos ticket with single sign-on capabilities. The user must authenticate with the SSSD version available in RHEL 8.7 or later.

You can also use the idp ansible-freeipa module to configure IdP authentication for IdM users.

17.8. Session recording solution for RHEL 8 added

A session recording solution has been added to Red Hat Enterprise Linux 8 (RHEL 8). A new tlog package and its associated web console session player enable to record and playback the user terminal sessions. The recording can be configured per user or user group via the System Security Services Daemon (SSSD) service. All terminal input and output is captured and stored in a text-based format in a system journal. The input is inactive by default for security reasons not to intercept raw passwords and other sensitive information.

The solution can be used for auditing of user sessions on security-sensitive systems. In the event of a security breach, the recorded sessions can be reviewed as a part of a forensic analysis. The system administrators are now able to configure the session recording locally and view the result from the RHEL 8 web console interface or from the Command-Line Interface using the tlog-play utility.

17.9. Removed Identity Management functionality

17.9.1. No NTP Server IdM server role

Because ntpd has been deprecated in favor of chronyd in RHEL 8, IdM servers are no longer configured as Network Time Protocol (NTP) servers and are only configured as NTP clients. The RHEL 7 NTP Server IdM server role has also been deprecated in RHEL 8.

17.9.2. NSS databases not supported in OpenLDAP

The OpenLDAP suite in previous versions of Red Hat Enterprise Linux (RHEL) used the Mozilla Network Security Services (NSS) for cryptographic purposes. With RHEL 8, OpenSSL, which is supported by the OpenLDAP community, replaces NSS. OpenSSL does not support NSS databases for storing certificates and keys. However, it still supports privacy enhanced mail (PEM) files that serve the same purpose.

17.9.3. Selected Python Kerberos packages have been replaced

In Red Hat Enterprise Linux (RHEL) 8, the python-gssapi package has replaced Python Kerberos packages such as python-krbV, python-kerberos, python-requests-kerberos, and python-urllib2_kerberos. Notable benefits include:

  • python-gssapi is easier to use than python-kerberos and python-krbV.
  • python-gssapi supports both python 2 and python 3 whereas python-krbV does not.
  • Additional Kerberos packages, python-requests-gssapi and python-urllib-gssapi, are currently available in the Extra Packages for Enterprise Linux (EPEL) repository.

The GSSAPI-based packages allow the use of other Generic Security Services API (GSSAPI) mechanisms in addition to Kerberos, such as the NT LAN Manager NTLM for backward compatibility reasons.

This update improves the maintainability and debuggability of GSSAPI in RHEL 8.

17.10. SSSD

17.10.1. AD GPOs are now enforced by default

In RHEL 8, the default setting for the ad_gpo_access_control option is enforcing, which ensures that access control rules based on Active Directory Group Policy Objects (GPOs) are evaluated and enforced.

In contrast, the default for this option in RHEL 7 is permissive, which evaluates but does not enforce GPO-based access control rules. With permissive mode, a syslog message is recorded every time a user would be denied access by a GPO, but those users are still allowed to log in.

Note

Red Hat recommends ensuring GPOs are configured correctly in Active Directory before upgrading from RHEL 7 to RHEL 8.

Misconfigured GPOs that do not affect authorization in default RHEL 7 hosts may affect default RHEL 8 hosts.

For more information about GPOs, see Applying Group Policy Object access control in RHEL and the ad_gpo_access_control entry in the sssd-ad Manual page.

17.10.2. authselect replaces authconfig

In RHEL 8, the authselect utility replaces the authconfig utility. authselect comes with a safer approach to PAM stack management that makes the PAM configuration changes simpler for system administrators. authselect can be used to configure authentication methods such as passwords, certificates, smart cards and fingerprint. authselect does not configure services required to join remote domains. This task is performed by specialized tools, such as realmd or ipa-client-install.

17.10.3. KCM replaces KEYRING as the default credential cache storage

In RHEL 8, the default credential cache storage is the Kerberos Credential Manager (KCM) which is backed by the sssd-kcm deamon. KCM overcomes the limitations of the previously used KEYRING, such as its being difficult to use in containerized environments because it is not namespaced, and to view and manage quotas.

With this update, RHEL 8 contains a credential cache that is better suited for containerized environments and that provides a basis for building more features in future releases.

17.10.4. sssctl prints an HBAC rules report for an IdM domain

With this update, the sssctl utility of the System Security Services Daemon (SSSD) can print an access control report for an Identity Management (IdM) domain. This feature meets the need of certain environments to see, for regulatory reasons, a list of users and groups that can access a specific client machine. Running sssctl access-report domain_name on an IdM client prints the parsed subset of host-based access control (HBAC) rules in the IdM domain that apply to the client machine.

Note that no other providers than IdM support this feature.

17.10.5. As of RHEL 8.8, SSSD no longer caches local users by default nor serves them through the nss_sss module

In RHEL 8.8 and later, the System Security Services Daemon (SSSD) files provider, which serves users and groups from the /etc/passwd and /etc/group files, is disabled by default. The default value of the enable_files_domain setting in the /etc/sssd/sssd.conf configuration file is false.

For RHEL 8.7 and earlier versions, the SSSD files provider is enabled by default. The default value of the enable_files_domain setting in the sssd.conf configuration file is true, and the sss nsswitch module precedes files in the /etc/nsswitch.conf file.

17.10.6. SSSD now allows you to select one of the multiple smart-card authentication devices

By default, the System Security Services Daemon (SSSD) tries to detect a device for smart-card authentication automatically. If there are multiple devices connected, SSSD selects the first one it detects. Consequently, you cannot select a particular device, which sometimes leads to failures.

With this update, you can configure a new p11_uri option for the [pam] section of the sssd.conf configuration file. This option enables you to define which device is used for smart-card authentication.

For example, to select a reader with the slot id 2 detected by the OpenSC PKCS#11 module, add:

p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2

to the [pam] section of sssd.conf.

For details, see the man sssd.conf page.

17.11. Removed SSSD functionality

17.11.1. sssd-secrets has been removed

The sssd-secrets component of the System Security Services Daemon (SSSD) has been removed in Red Hat Enterprise Linux 8. This is because Custodia, a secrets service provider, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Identity Management Vault.

17.11.2. The SSSD version of libwbclient has been removed

The SSSD implementation of the libwbclient package allowed the Samba smbd service to retrieve user and group information from AD without the need to run the winbind service. As Samba now requires that the winbind service is running and handling communication with AD, the related code has been removed from smdb for security reasons. As this additional required functionality is not part of SSSD and the SSSD implementation of libwbclient cannot be used with recent versions of Samba, the SSSD implementation of libwbclient has been removed in RHEL 8.5.

Chapter 18. The web console

18.1. The web console is now available by default

Packages for the RHEL 8 web console, also known as Cockpit, are now part of Red Hat Enterprise Linux default repositories, and can therefore be immediately installed on a registered RHEL 8 system.

In addition, on a non-minimal installation of RHEL 8, the web console is automatically installed and firewall ports required by the console are automatically open.

A system message has also been added prior to login that provides information about how to enable or access the web console.

18.2. New firewall interface

The Networking tab in the RHEL 8 web console now includes the Firewall settings. In this section, users can:

  • Enable/disable firewall
  • Add/remove services

For details, see Managing firewall using the web console.

18.3. Subscription management

The RHEL 8 web console provides an interface for using Red Hat Subscription Manager installed on your local system. The Subscription Manager connects to the Red Hat Customer Portal and verifies all available:

  • Active subscriptions
  • Expired subscriptions
  • Renewed subscriptions

If you want to renew the subscription or get a different one in Red Hat Customer Portal, you do not have to update the Subscription Manager data manually. The Subscription Manager synchronizes data with Red Hat Customer Portal automatically.

Note

The web console’s Subscriptions page is now provided by the new subscription-manager-cockpit package.

For details, see Managing subscriptions in the web console.

18.4. Better IdM integration for the web console

If your system is enrolled in an Identity Management (IdM) domain, the RHEL 8 web console now uses the domain’s centrally managed IdM resources by default. This includes the following benefits:

  • The IdM domain’s administrators can use the web console to manage the local machine.
  • The console’s web server automatically switches to a certificate issued by the IdM certificate authority (CA) and accepted by browsers.
  • Users with a Kerberos ticket in the IdM domain do not need to provide login credentials to access the web console.
  • SSH hosts known to the IdM domain are accessible to the web console without manually adding an SSH connection.

Note that for IdM integration with the web console to work properly, the user first needs to run the ipa-advise utility with the enable-admins-sudo option in the IdM server.

18.5. The web console is now compatible with mobile browsers

With this update, the web console menus and pages can be navigated on mobile browser variants. This makes it possible to manage systems using the RHEL 8 web console from a mobile device.

18.6. The web console front page now displays missing updates and subscriptions

If a system managed by the RHEL 8 web console has outdated packages or a lapsed subscription, a warning is now displayed on the web console front page of the system.

18.7. The web console now supports PBD enrollment

With this update, you can use the RHEL 8 web console interface to apply Policy-Based Decryption (PBD) rules to disks on managed systems. This uses the Clevis decryption client to facilitate a variety of security management functions in the web console, such as automatic unlocking of LUKS-encrypted disk partitions.

18.8. Support LUKS v2

In the web console’s Storage tab, you can now create, lock, unlock, resize, and otherwise configure encrypted devices using the LUKS (Linux Unified Key Setup) version 2 format.

This new version of LUKS offers:

  • More flexible unlocking policies
  • Stronger cryptography
  • Better compatibility with future changes

18.9. Virtual machines can now be managed using the web console

The Virtual Machines page can now be added to the RHEL 8 web console interface, which enables the user to create and manage libvirt-based virtual machines.

For information about the differences in virtual management features between the web console and the Virtual Machine Manager, see Differences in virtualization features in Virtual Machine Manager and the web console.

18.10. Internet Explorer unsupported by the web console

Support for the Internet Explorer browser has been removed from the RHEL 8 web console. Attempting to open the web console in Internet Explorer now displays an error screen with a list of recommended browsers that can be used instead.

Chapter 19. Virtualization

19.1. Virtual machines can now be managed using the web console

The Virtual Machines page can now be added to the RHEL 8 web console interface, which enables the user to create and manage libvirt-based virtual machines (VMs).

In addition, the Virtual Machine Manager (virt-manager) application has been deprecated, and may become unsupported in a future major release of RHEL.

Note, however, that the web console currently does not provide all of the virtual management features that virt-manager does. For details about the differences in available features between the RHEL 8 web console and the Virtual Machine Manager, see the Configuring and managing virtualization document.

19.2. The Q35 machine type is now supported by virtualization

Red hat Enterprise Linux 8 introduces the support for Q35, a more modern PCI Express-based machine type. This provides a variety of improvements in features and performance of virtual devices, and ensures that a wider range of modern devices are compatible with virtualization. In addition, virtual machines created in Red Hat Enterprise Linux 8 are set to use Q35 by default.

Note that the previously default PC machine type has become deprecated and may become unsupported in a future major release of RHEL. However, changing the machine type of existing VMs from PC to Q35 is not recommended.

Notable differences between PC and Q35 include:

  • Older operating systems, such as Windows XP, do not support Q35 and will not boot if used on a Q35 VM.
  • Currently, when using RHEL 6 as the operating system on a Q35 VM, hot-plugging a PCI device to that VM in some cases does not work. In addition, certain legacy virtio devices do not work properly on RHEL 6 Q35 VMs.

    Therefore, using the PC machine type is recommended for RHEL 6 VMs.

  • Q35 emulates PCI Express (PCI-e) buses instead of PCI. As a result, a different device topology and addressing scheme is presented to the guest OS.
  • Q35 has a built-in SATA/AHCI controller, instead of an IDE controller.
  • The SecureBoot feature only works on Q35 VMs.

19.3. Removed virtualization functionality

The cpu64-rhel6 CPU model has been deprecated and removed

The cpu64-rhel6 QEMU virtual CPU model has been deprecated in RHEL 8.1, and has been removed from RHEL 8.2. It is recommended that you use the other CPU models provided by QEMU and libvirt, according to the CPU present on the host machine.

IVSHMEM has been disabled

The inter-VM shared memory device (IVSHMEM) feature, which provides shared memory between multiple virtual machines, is now disabled in Red Hat Enterprise Linux 8. A virtual machine configured with this device will fail to boot. Similarly, attempting to hot-plug such a device device will fail as well.

virt-install can no longer use NFS locations

With this update, the virt-install utility cannot mount NFS locations. As a consequence, attempting to install a virtual machine using virt-install with a NFS address as a value of the --location option fails. To work around this change, mount your NFS share prior to using virt-install, or use a HTTP location.

RHEL 8 does not support the tulip driver

With this update, the tulip network driver is no longer supported. As a consequence, when using RHEL 8 on a Generation 1 virtual machine (VM) on the Microsoft Hyper-V hypervisor, the "Legacy Network Adapter" device does not work, which causes PXE installation of such VMs to fail.

For the PXE installation to work, install RHEL 8 on a Generation 2 Hyper-V VM. If you require a RHEL 8 Generation 1 VM, use ISO installation.

LSI Logic SAS and Parallel SCSI drivers are not supported

The LSI Logic SAS driver (mptsas) and LSI Logic Parallel driver (mptspi) for SCSI are no longer supported. As a consequence, the drivers can be used for installing RHEL 8 as a guest operating system on a VMWare hypervisor to a SCSI disk, but the created VM will not be supported by Red Hat.

Installing virtio-win no longer creates a floppy disk image with the Windows drivers

Due to the limitation of floppy drives, virtio-win drivers are no longer provided as floppy images. Users should use the ISO image instead.

Chapter 20. Containers

A set of container images is available for Red Hat Enterprise Linux 8. Notable changes include:

  • Docker is not included in RHEL 8.0. For working with containers, use the podman, buildah, skopeo, and runc tools.

    For information about these tools and on using containers in RHEL 8, see Building, running, and managing containers.

  • The podman tool has been released as a fully supported feature.

    The podman tool manages pods, container images, and containers on a single node. It is built on the libpod library, which enables management of containers and groups of containers, called pods.

    To learn how to use podman, see Building, running, and managing containers.

  • In RHEL 8 GA, Red Hat Universal Base Images (UBI) are newly available. UBIs replace some of the images Red Hat previously provided, such as the standard and the minimal RHEL base images.

    Unlike older Red Hat images, UBIs are freely redistributable. This means they can be used in any environment and shared anywhere. You can use them even if you are not a Red Hat customer.

    For UBI documentation, see Building, running, and managing containers.

  • In RHEL 8 GA, additional container images are available that provide AppStream components, for which container images are distributed with Red Hat Software Collections in RHEL 7. All of these RHEL 8 images are based on the ubi8 base image.
  • Container images ARM for the 64-bit ARM architecture are fully supported in RHEL 8.
  • The rhel-tools container has been removed in RHEL 8. The sos and redhat-support-tool tools are provided in the support-tools container. System administrators can also use this image as a base for building system tools container image.
  • The support for rootless containers is available as a technology preview in RHEL 8.

    Rootless containers are containers that are created and managed by regular system users without administrative permissions.

Chapter 21. Desktop and graphics

21.1. GNOME Shell is the default desktop environment

RHEL 8 is distributed with GNOME Shell as the default desktop environment.

All packages related to KDE Plasma Workspaces (KDE) have been removed, and it is no longer possible to use KDE as an alternative to the default GNOME desktop environment.

Red Hat does not support migration from RHEL 7 with KDE to RHEL 8 GNOME. Users of RHEL 7 with KDE are recommended to back up their data and install RHEL 8 with GNOME Shell.

21.2. Notable changes in GNOME Shell

RHEL 8 is distributed with GNOME Shell, version 3.28.

This section:

  • Highlights enhancements related to GNOME Shell, version 3.28.
  • Informs about the change in default combination of GNOME Shell environment and display protocol.
  • Explains how to access features that are not available by default.
  • Explains changes in GNOME tools for software management.

21.2.1. GNOME Shell, version 3.28 in RHEL 8

GNOME Shell, version 3.28 is available in RHEL 8. Notable enhancements include:

  • New GNOME Boxes features
  • New on-screen keyboard
  • Extended devices support, most significantly integration for the Thunderbolt 3 interface
  • Improvements for GNOME Software, dconf-editor and GNOME Terminal

21.2.2. GNOME Shell environments

GNOME 3 provides two essential environments:

  • GNOME Standard
  • GNOME Classic

Both environments can use two different protocols to build a graphical user interface:

  • The X11 protocol, which uses X.Org as the display server.
  • The Wayland protocol, which uses GNOME Shell as the Wayland compositor and display server.

    This solution of display server is further referred as GNOME Shell on Wayland.

The default combination in RHEL 8 is GNOME Standard environment using GNOME Shell on Wayland as the display server.

However, you may want to switch to another combination of GNOME Shell environment and graphics protocol stack. For more information, see Section 21.3, “Selecting GNOME environment and display protocol”.

Additional resources

21.2.3. Desktop icons

In RHEL 8, the Desktop icons functionality is no longer provided by the Nautilus file manager, but by the desktop icons gnome-shell extension.

To be able to use the extension, you must install the gnome-shell-extension-desktop-icons package available in the Appstream repository.

Additional resources

21.2.4. Fractional scaling

On a GNOME Shell on Wayland session, the fractional scaling feature is available. The feature makes it possible to scale the GUI by fractions, which improves the appearance of scaled GUI on certain displays.

Note that the feature is currently considered experimental and is, therefore, disabled by default.

To enable fractional scaling, run the following command:

# gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"

21.2.5. GNOME Software for package management

The gnome-packagekit package that provided a collection of tools for package management in graphical environment on RHEL 7 is no longer available.

On RHEL 8, similar functionality is provided by the GNOME Software utility, which enables you to install and update applications and gnome-shell extensions. GNOME Software is distributed in the gnome-software package.

Additional resources

21.2.6. Opening graphical applications with sudo

When attempting to open a graphical application in a terminal using the sudo command, you must do the following:

X11 applications

If the application uses the X11 display protocol, add the local user root in the X server access control list. As a result, root is allowed to connect to Xwayland, which translates the X11 protocol into the Wayland protocol and reversely.

Example 21.1. Adding root to the X server access control list to open xclock with sudo

$ xhost +si:localuser:root

$ sudo xclock

Wayland applications

If the application is Wayland native, include the -E option.

Example 21.2. Opening GNOME Calculator with sudo

$ sudo -E gnome-calculator

Otherwise, if you type just sudo and the name of the application, the operation of opening the application fails with the following error message:

No protocol specified
Unable to init server: could not connect: connection refused
# Failed to parse arguments: Cannot open display

21.3. Selecting GNOME environment and display protocol

For switching between various combinations of GNOME environment and graphics protocol stacks, use the following procedure.

Procedure

  1. From the login screen (GDM), click the gear button next to the Sign In button.

    Note

    You cannot access this option from the lock screen. The login screen appears when you first start RHEL 8 or when you log out of your current session.

    gnome environments new

  2. From the drop-down menu that appears, select the option that you prefer.

    Note

    Note that in the menu that appears on the login screen, the X.Org display server is marked as X11 display server.

Important

The change of GNOME environment and graphics protocol stack resulting from the above procedure is persistent across user logouts, and also when powering off or rebooting the computer.

21.4. Removed functionality

gnome-terminal removed support for non-UTF8 locales in RHEL 8

The gnome-terminal application in RHEL 8 and later releases refuses to start when the system locale is set to non-UTF8 because only UTF8 locales are supported. For more information, see the The gnome-terminal application fails to start when the system locale is set to non-UTF8 Knowledgebase article.

Chapter 22. Internationalization

22.1. RHEL 8 International Languages

Red Hat Enterprise Linux 8 supports the installation of multiple languages and the changing of languages based on your requirements.

  • East Asian Languages - Japanese, Korean, Simplified Chinese, and Traditional Chinese.
  • European Languages - English, German, Spanish, French, Italian, Portuguese, and Russian.

The following table lists the fonts and input methods provided for various major languages.

LanguageDefault Font (Font Package)Input Methods

English

dejavu-sans-fonts

 

French

dejavu-sans-fonts

 

German

dejavu-sans-fonts

 

Italian

dejavu-sans-fonts

 

Russian

dejavu-sans-fonts

 

Spanish

dejavu-sans-fonts

 

Portuguese

dejavu-sans-fonts

 

Simplified Chinese

google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts

ibus-libpinyin, libpinyin

Traditional Chinese

google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts

ibus-libzhuyin, libzhuyin

Japanese

google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts

ibus-kkc, libkkc

Korean

google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts

ibus-hangul, libhangu

22.2. Notable changes to internationalization in RHEL 8

RHEL 8 introduces the following changes to internationalization compared to RHEL 7:

  • Support for the Unicode 11 computing industry standard has been added.
  • Internationalization is distributed in multiple packages, which allows for smaller footprint installations. For more information, see Using langpacks.
  • The glibc package updates for multiple locales are now synchronized with the Common Locale Data Repository (CLDR).

Chapter 23. Red Hat Enterprise Linux for SAP Solutions

Red Hat Enterprise Linux for SAP Solutions provides a consistent foundation for SAP workloads. For a list of features and benefits provided by the RHEL for SAP Solutions subscription for business critical IT landscapes, like SAP environments, see Overview of the Red Hat Enterprise Linux for SAP Solutions subscription. The following resources provide an overview of the changes between RHEL 7 and RHEL 8.

In addition to the two main RHEL repositories, BaseOS and AppStream, the RHEL 8 for SAP Solutions subscription includes the SAP Solutions and SAP NetWeaver repositories. Both repositories are required for SAP environments and workloads.

Repository name changes between RHEL 7 and RHEL 8

The following table lists the repositories that were renamed between RHEL 7 for SAP HANA / Solutions, and RHEL 8 for SAP Solutions:

Original repository name(s)New repository name(s) [a]Changed sinceNote

rhel-sap-hana-for-rhel-7-<server|for-power-le>-rpms

rhel-8-for-<arch>-sap-solutions-rpms

RHEL 8.0

Also applies to Extended Update Support (EUS) and Update Services for SAP Solutions (E4S) repositories

rhel-sap-for-rhel-7-<server|for-power-le>-rpms

rhel-8-for-<arch>-sap-netweaver-rpms

RHEL 8.0

Also applies to Extended Update Support (EUS) and Update Services for SAP Solutions (E4S) repositories

[a] This table uses examples to help identify the full repository ID, where <arch> is the specific architecture.

Appendix A. Changes to packages

The following chapters contain changes to packages between RHEL 7 and RHEL 8, as well as changes between minor releases of RHEL 8.

A.1. New packages

A.1.1. Packages added in RHEL 8 minor releases

The following packages were added in RHEL 8 minor relases starting from RHEL 8.1:

PackageRepositoryNew in

aardvark-dns

rhel8-AppStream

RHEL 8.6

accel-config

rhel8-BaseOS

RHEL 8.4

accel-config-devel

rhel8-CRB

RHEL 8.4

accel-config-libs

rhel8-BaseOS

RHEL 8.4

adwaita-icon-theme-devel

rhel8-CRB

RHEL 8.6

adwaita-qt5

rhel8-AppStream

RHEL 8.5

alsa-sof-firmware

rhel8-BaseOS

RHEL 8.3

alsa-sof-firmware-debug

rhel8-BaseOS

RHEL 8.3

anaconda-widgets-devel

rhel8-CRB

RHEL 8.7

annobin-annocheck

rhel8-AppStream

RHEL 8.3

ansible-collection-microsoft-sql

rhel8-AppStream

RHEL 8.5

ansible-collection-redhat-rhel_mgmt

rhel8-AppStream

RHEL 8.5

ansible-core

rhel8-AppStream

RHEL 8.6

ansible-freeipa

rhel8-AppStream

RHEL 8.1

ansible-freeipa-tests

rhel8-AppStream

RHEL 8.5

ansible-pcp

rhel8-AppStream

RHEL 8.5

ansible-test

rhel8-AppStream

RHEL 8.6

apiguardian

rhel8-AppStream

RHEL 8.4

asio-devel

rhel8-CRB

RHEL 8.1

asio-devel

rhel8-CRB

RHEL 8.3

aspnetcore-runtime-3.1

rhel8-AppStream

RHEL 8.2

aspnetcore-runtime-5.0

rhel8-AppStream

RHEL 8.3

aspnetcore-runtime-6.0

rhel8-AppStream

RHEL 8.5

aspnetcore-runtime-7.0

rhel8-AppStream

RHEL 8.7

aspnetcore-runtime-8.0

rhel8-AppStream

RHEL 8.10

aspnetcore-targeting-pack-3.1

rhel8-AppStream

RHEL 8.2

aspnetcore-targeting-pack-5.0

rhel8-AppStream

RHEL 8.3

aspnetcore-targeting-pack-6.0

rhel8-AppStream

RHEL 8.5

aspnetcore-targeting-pack-7.0

rhel8-AppStream

RHEL 8.7

aspnetcore-targeting-pack-8.0

rhel8-AppStream

RHEL 8.10

autogen-libopts-devel

rhel8-CRB

RHEL 8.3

avahi-glib-devel

rhel8-CRB

RHEL 8.4

avahi-gobject-devel

rhel8-CRB

RHEL 8.4

avahi-tools

rhel8-AppStream

RHEL 8.9

avahi-ui

rhel8-CRB

RHEL 8.4

avahi-ui-devel

rhel8-CRB

RHEL 8.4

bash-devel

rhel8-CRB

RHEL 8.6

batik-css

rhel8-AppStream

RHEL 8.4

batik-util

rhel8-AppStream

RHEL 8.4

bcc-devel

rhel8-CRB

RHEL 8.2

bind9.16

rhel8-AppStream

RHEL 8.6

bind9.16-chroot

rhel8-AppStream

RHEL 8.6

bind9.16-devel

rhel8-CRB

RHEL 8.6

bind9.16-dnssec-utils

rhel8-CRB

RHEL 8.6

bind9.16-doc

rhel8-CRB

RHEL 8.6

bind9.16-libs

rhel8-AppStream

RHEL 8.6

bind9.16-license

rhel8-AppStream

RHEL 8.6

bind9.16-utils

rhel8-AppStream

RHEL 8.6

chan

rhel8-AppStream

RHEL 8.3

cifs-utils-devel

rhel8-CRB

RHEL 8.8

clang-resource-filesystem

rhel8-AppStream

RHEL 8.5

clang-tools-extra-devel

rhel8-AppStream

RHEL 8.10

cockpit-leapp

rhel8-AppStream

RHEL 8.7

compat-exiv2-026

rhel8-AppStream

RHEL 8.2

compat-hwloc1

rhel8-BaseOS

RHEL 8.5

compat-sap-c++-10

rhel8-SAP

RHEL 8.3

compat-sap-c++-11

rhel8-SAP

RHEL 8.5

compat-sap-c++-12

rhel8-SAP

RHEL 8.7

conmon

rhel8-AppStream

RHEL 8.2

coreos-installer

rhel8-AppStream

RHEL 8.5

coreos-installer-bootinfra

rhel8-AppStream

RHEL 8.5

coreos-installer-dracut

rhel8-AppStream

RHEL 8.6

crit

rhel8-AppStream

RHEL 8.2

criu-devel

rhel8-AppStream

RHEL 8.5

criu-libs

rhel8-AppStream

RHEL 8.5

crun

rhel8-AppStream

RHEL 8.3

crypto-policies-scripts

rhel8-BaseOS

RHEL 8.3

dejavu-lgc-sans-fonts

rhel8-AppStream

RHEL 8.4

delve

rhel8-AppStream

RHEL 8.2

directory-maven-plugin-javadoc

rhel8-AppStream

RHEL 8.2

directory-maven-plugin

rhel8-AppStream

RHEL 8.2

disruptor

rhel8-AppStream

RHEL 8.6

dotnet-apphost-pack-3.1

rhel8-AppStream

RHEL 8.2

dotnet-apphost-pack-5.0

rhel8-AppStream

RHEL 8.3

dotnet-apphost-pack-6.0

rhel8-AppStream

RHEL 8.5

dotnet-apphost-pack-7.0

rhel8-AppStream

RHEL 8.7

dotnet-apphost-pack-8.0

rhel8-AppStream

RHEL 8.10

dotnet-build-reference-packages

rhel8-CRB

RHEL 8.5

dotnet-hostfxr-3.1

rhel8-AppStream

RHEL 8.2

dotnet-hostfxr-5.0

rhel8-AppStream

RHEL 8.3

dotnet-hostfxr-6.0

rhel8-AppStream

RHEL 8.5

dotnet-hostfxr-7.0

rhel8-AppStream

RHEL 8.7

dotnet-hostfxr-8.0

rhel8-AppStream

RHEL 8.10

dotnet-runtime-3.1

rhel8-AppStream

RHEL 8.2

dotnet-runtime-5.0

rhel8-AppStream

RHEL 8.3

dotnet-runtime-6.0

rhel8-AppStream

RHEL 8.5

dotnet-runtime-7.0

rhel8-AppStream

RHEL 8.7

dotnet-runtime-8.0

rhel8-AppStream

RHEL 8.10

dotnet-sdk-3.1-source-built-artifacts

rhel8-CRB

RHEL 8.5

dotnet-sdk-3.1

rhel8-AppStream

RHEL 8.2

dotnet-sdk-5.0

rhel8-AppStream

RHEL 8.3

dotnet-sdk-5.0-source-built-artifacts

rhel8-CRB

RHEL 8.5

dotnet-sdk-6.0

rhel8-AppStream

RHEL 8.5

dotnet-sdk-6.0-source-built-artifacts

rhel8-CRB

RHEL 8.6

dotnet-sdk-7.0

rhel8-AppStream

RHEL 8.7

dotnet-sdk-7.0-source-built-artifacts

rhel8-CRB

RHEL 8.7

dotnet-sdk-8.0

rhel8-AppStream

RHEL 8.10

dotnet-sdk-8.0-source-built-artifacts

rhel8-CRB

RHEL 8.10

dotnet-targeting-pack-3.1

rhel8-AppStream

RHEL 8.2

dotnet-targeting-pack-5.0

rhel8-AppStream

RHEL 8.3

dotnet-targeting-pack-6.0

rhel8-AppStream

RHEL 8.5

dotnet-targeting-pack-7.0

rhel8-AppStream

RHEL 8.7

dotnet-targeting-pack-8.0

rhel8-AppStream

RHEL 8.10

dotnet-templates-3.1

rhel8-AppStream

RHEL 8.2

dotnet-templates-5.0

rhel8-AppStream

RHEL 8.3

dotnet-templates-6.0

rhel8-AppStream

RHEL 8.5

dotnet-templates-7.0

rhel8-AppStream

RHEL 8.7

dotnet-templates-8.0

rhel8-AppStream

RHEL 8.10

dotnet5.0-build-reference-packages

rhel8-CRB

RHEL 8.5

dwarves

rhel8-CRB

RHEL 8.2

ecj

rhel8-AppStream

RHEL 8.8

eclipse-ecf-core

rhel8-AppStream

RHEL 8.4

eclipse-ecf-runtime

rhel8-AppStream

RHEL 8.4

eclipse-emf-core

rhel8-AppStream

RHEL 8.4

eclipse-emf-runtime

rhel8-AppStream

RHEL 8.4

eclipse-emf-xsd

rhel8-AppStream

RHEL 8.4

eclipse-equinox-osgi

rhel8-AppStream

RHEL 8.4

eclipse-jdt

rhel8-AppStream

RHEL 8.4

eclipse-p2-discovery

rhel8-AppStream

RHEL 8.4

eclipse-pde

rhel8-AppStream

RHEL 8.4

eclipse-platform

rhel8-AppStream

RHEL 8.4

eclipse-swt

rhel8-AppStream

RHEL 8.4

ee4j-parent

rhel8-AppStream

RHEL 8.2

efivar-devel

rhel8-CRB

RHEL 8.6

egl-utils

rhel8-AppStream

RHEL 8.7

elfutils-debuginfod

rhel8-BaseOS

RHEL 8.3

elfutils-debuginfod-client-devel

rhel8-AppStream

RHEL 8.2

elfutils-debuginfod-client

rhel8-AppStream

RHEL 8.2

emoji-picker

rhel8-AppStream

RHEL 8.4

eth-tools-basic

rhel8-AppStream

RHEL 8.5

eth-tools-fastfabric

rhel8-AppStream

RHEL 8.5

evince-devel

rhel8-CRB

RHEL 8.4

evolution-data-server-ui

rhel8-AppStream

RHEL 8.10

evolution-data-server-ui-devel

rhel8-AppStream

RHEL 8.10

fapolicyd

rhel8-AppStream

RHEL 8.1

fapolicyd-selinux

rhel8-AppStream

RHEL 8.3

fasterxml-oss-parent

rhel8-AppStream

RHEL 8.10

fdo-admin-cli

rhel8-AppStream

RHEL 8.6

fdo-client

rhel8-AppStream

RHEL 8.6

fdo-init

rhel8-AppStream

RHEL 8.6

fdo-manufacturing-server

rhel8-AppStream

RHEL 8.6

fdo-owner-cli

rhel8-AppStream

RHEL 8.6

fdo-owner-onboarding-server

rhel8-AppStream

RHEL 8.6

fdo-rendezvous-server

rhel8-AppStream

RHEL 8.6

felix-gogo-command

rhel8-AppStream

RHEL 8.4

felix-gogo-runtime

rhel8-AppStream

RHEL 8.4

felix-gogo-shell

rhel8-AppStream

RHEL 8.4

felix-scr

rhel8-AppStream

RHEL 8.4

fence-agents-ibm-powervs

rhel8-AppStream

RHEL 8.6

fence-agents-ibm-vpc

rhel8-AppStream

RHEL 8.6

fence-agents-kubevirt

rhel8-AppStream

RHEL 8.6

fence-agents-openstack

rhel8-HighAvailability

RHEL 8.7

fence-virtd-cpg

rhel8-AppStream

RHEL 8.6

flatpak-devel

rhel8-CRB

RHEL 8.5

flatpak-selinux

rhel8-AppStream

RHEL 8.2

flatpak-session-helper

rhel8-AppStream

RHEL 8.2

flatpak-spawn

rhel8-AppStream

RHEL 8.4

flatpak-xdg-utils

rhel8-AppStream

RHEL 8.4

frr-selinux

rhel8-AppStream

RHEL 8.7

fstrm

rhel8-AppStream

RHEL 8.4

fstrm-devel

rhel8-AppStream

RHEL 8.4

fstrm-utils

rhel8-CRB

RHEL 8.7

fwupd-devel

rhel8-CRB

RHEL 8.6

gcc-plugin-annobin

rhel8-AppStream

RHEL 8.7

gcc-toolset-9-libasan-devel

rhel8-AppStream

RHEL 8.2

gcc-toolset-9-libatomic-devel

rhel8-AppStream

RHEL 8.2

gcc-toolset-9-liblsan-devel

rhel8-AppStream

RHEL 8.2

gcc-toolset-9-libtsan-devel

rhel8-AppStream

RHEL 8.2

gcc-toolset-9-libubsan-devel

rhel8-AppStream

RHEL 8.2

gcc-toolset-10

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-annobin

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-binutils

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-binutils-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-build

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-dwz

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-dyninst

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-dyninst-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-debuginfod-client

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-debuginfod-client-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-libelf

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-libelf-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-elfutils-libs

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gcc

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gcc-c++

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gcc-gdb-plugin

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gcc-gfortran

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gcc-plugin-devel

rhel8-CRB

RHEL 8.5

gcc-toolset-10-gdb

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gdb-doc

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-gdb-gdbserver

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libasan-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libatomic-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libitm-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-liblsan-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libquadmath-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libstdc++-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libstdc++-docs

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libtsan-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-libubsan-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-ltrace

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-make

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-make-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-perftools

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-runtime

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-strace

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-client

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-initscript

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-runtime

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-sdt-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-systemtap-server

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-toolchain

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-valgrind

rhel8-AppStream

RHEL 8.3

gcc-toolset-10-valgrind-devel

rhel8-AppStream

RHEL 8.3

gcc-toolset-11

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-annobin-annocheck

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-annobin-docs

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-annobin-plugin-gcc

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-binutils

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-binutils-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-build

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-dwz

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-dyninst

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-dyninst-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-debuginfod-client

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-debuginfod-client-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-libelf

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-libelf-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-elfutils-libs

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gcc

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gcc-c++

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gcc-gdb-plugin

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gcc-gfortran

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gcc-plugin-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gdb

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gdb-doc

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-gdb-gdbserver

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libasan-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libatomic-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libgccjit

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libgccjit-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libgccjit-docs

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libitm-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-liblsan-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libquadmath-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libstdc++-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libstdc++-docs

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libtsan-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-libubsan-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-ltrace

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-make

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-make-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-perftools

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-runtime

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-strace

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-client

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-initscript

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-runtime

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-sdt-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-systemtap-server

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-toolchain

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-valgrind

rhel8-AppStream

RHEL 8.5

gcc-toolset-11-valgrind-devel

rhel8-AppStream

RHEL 8.5

gcc-toolset-12

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-annobin-annocheck

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-annobin-docs

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-annobin-plugin-gcc

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-binutils

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-binutils-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-binutils-gold

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-build

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-dwz

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-gcc

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-gcc-c++

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-gcc-gfortran

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-gcc-plugin-annobin

rhel8-AppStream

RHEL 8.8

gcc-toolset-12-gcc-plugin-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-gdb

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libasan-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libatomic-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libgccjit

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libgccjit-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libgccjit-docs

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libitm-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-liblsan-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libquadmath-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libstdc++-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libstdc++-docs

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libtsan-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-libubsan-devel

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-offload-nvptx

rhel8-AppStream

RHEL 8.7

gcc-toolset-12-runtime

rhel8-AppStream

RHEL 8.7

gcc-toolset-13

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-annobin-annocheck

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-annobin-docs

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-annobin-plugin-gcc

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-binutils

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-binutils-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-binutils-gold

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-dwz

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gcc

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gcc-c++

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gcc-gfortran

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gcc-plugin-annobin

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gcc-plugin-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-gdb

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libasan-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libatomic-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libgccjit

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libgccjit-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libitm-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-liblsan-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libquadmath-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libstdc++-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libstdc++-docs

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libtsan-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-libubsan-devel

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-offload-nvptx

rhel8-AppStream

RHEL 8.9

gcc-toolset-13-runtime

rhel8-AppStream

RHEL 8.9

gdm-devel

rhel8-CRB

RHEL 8.6

gdm-pam-extensions-devel

rhel8-CRB

RHEL 8.6

git-credential-libsecret

rhel8-AppStream

RHEL 8.3

git-lfs

rhel8-AppStream

RHEL 8.3

glade

rhel8-CRB

RHEL 8.7

glassfish-jsp

rhel8-AppStream

RHEL 8.4

glibc-doc

rhel8-BaseOS

RHEL 8.7

glibc-gconv-extra

rhel8-AppStream

RHEL 8.6

gnome-session-kiosk-session

rhel8-AppStream

RHEL 8.5

gnome-shell-extension-classification-banner

rhel8-AppStream

RHEL 8.6

gnome-shell-extension-custom-menu

rhel8-AppStream

RHEL 8.9

gnome-shell-extension-dash-to-panel

rhel8-AppStream

RHEL 8.6

gnome-shell-extension-gesture-inhibitor

rhel8-AppStream

RHEL 8.5

gnome-shell-extension-heads-up-display

rhel8-AppStream

RHEL 8.6

gnome-software-devel

rhel8-CRB

RHEL 8.5

google-gson

rhel8-AppStream

RHEL 8.4

grafana-pcp

rhel8-AppStream

RHEL 8.2

grafana-selinux

rhel8-AppStream

RHEL 8.10

graphviz-python3

rhel8-CRB

RHEL 8.2

graphviz-ruby

rhel8-AppStream

RHEL 8.10

greenboot

rhel8-AppStream

RHEL 8.3

greenboot-default-health-checks

rhel8-AppStream

RHEL 8.6

greenboot-grub2

rhel8-AppStream

RHEL 8.3

greenboot-reboot

rhel8-AppStream

RHEL 8.3

greenboot-rpm-ostree-grub2

rhel8-AppStream

RHEL 8.3

greenboot-status

rhel8-AppStream

RHEL 8.3

gtk-vnc2-devel

rhel8-CRB

RHEL 8.9

gtk3-devel-docs

rhel8-CRB

RHEL 8.7

guava

rhel8-AppStream

RHEL 8.2

gvnc-devel

rhel8-CRB

RHEL 8.9

HdrHistogram

rhel8-AppStream

RHEL 8.3

HdrHistogram_c

rhel8-AppStream

RHEL 8.3

HdrHistogram-javadoc

rhel8-AppStream

RHEL 8.3

hostapd

rhel8-AppStream

RHEL 8.6

http-parser-devel

rhel8-CRB

RHEL 8.2

ibus-table-devel

rhel8-CRB

RHEL 8.4

ibus-table-tests

rhel8-CRB

RHEL 8.4

ibus-typing-booster-tests

rhel8-CRB

RHEL 8.4

icu4j

rhel8-AppStream

RHEL 8.4

idm-jss

rhel8-AppStream

RHEL 8.10

idm-jss-javadoc

rhel8-AppStream

RHEL 8.10

idm-ldapjdk

rhel8-AppStream

RHEL 8.10

idm-ldapjdk-javadoc

rhel8-AppStream

RHEL 8.10

idm-pki-acme

rhel8-AppStream

RHEL 8.7

idm-pki-base

rhel8-AppStream

RHEL 8.7

idm-pki-base-java

rhel8-AppStream

RHEL 8.7

idm-pki-ca

rhel8-AppStream

RHEL 8.7

idm-pki-kra

rhel8-AppStream

RHEL 8.7

idm-pki-server

rhel8-AppStream

RHEL 8.7

idm-pki-symkey

rhel8-AppStream

RHEL 8.7

idm-pki-tools

rhel8-AppStream

RHEL 8.7

idm-tomcatjss

rhel8-AppStream

RHEL 8.10

idn2

rhel8-AppStream

RHEL 8.1

ima-evm-utils0

rhel8-BaseOS

RHEL 8.4

inkscape1

rhel8-AppStream

RHEL 8.8

inkscape1-docs

rhel8-AppStream

RHEL 8.8

inkscape1-view

rhel8-AppStream

RHEL 8.8

intel-cmt-cat-devel

rhel8-CRB

RHEL 8.4

ipa-client-epn

rhel8-AppStream

RHEL 8.3

ipa-client-samba

rhel8-AppStream

RHEL 8.1

ipa-healthcheck

rhel8-AppStream

RHEL 8.1

ipa-healthcheck-core

rhel8-AppStream

RHEL 8.2

ipa-selinux

rhel8-AppStream

RHEL 8.3

ipxe-bootimgs-aarch64

rhel8-AppStream

RHEL 8.6

ipxe-bootimgs-x86

rhel8-AppStream

RHEL 8.6

iscsi-initiator-utils-devel

rhel8-CRB

RHEL 8.3

jackson-bom

rhel8-AppStream

RHEL 8.10

jackson-modules-base

rhel8-AppStream

RHEL 8.10

jackson-parent

rhel8-AppStream

RHEL 8.10

jaf-javadoc

rhel8-AppStream

RHEL 8.2

jaf

rhel8-AppStream

RHEL 8.2

jakarta-activation2

rhel8-AppStream

RHEL 8.8

jakarta-annotations

rhel8-AppStream

RHEL 8.7

java-1.8.0-openjdk-accessibility-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-accessibility-slowdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-demo-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-demo-slowdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-devel-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-devel-slowdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-headless-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-headless-slowdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-slowdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-src-fastdebug

rhel8-CRB

RHEL 8.4

java-1.8.0-openjdk-src-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-demo-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-demo-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-devel-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-devel-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-headless-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-headless-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-jmods-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-jmods-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-src-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-src-slowdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-static-libs

rhel8-AppStream

RHEL 8.3

java-11-openjdk-static-libs-fastdebug

rhel8-CRB

RHEL 8.4

java-11-openjdk-static-libs-slowdebug

rhel8-CRB

RHEL 8.4

java-17-openjdk

rhel8-AppStream

RHEL 8.5

java-17-openjdk-demo

rhel8-AppStream

RHEL 8.5

java-17-openjdk-demo-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-demo-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-devel

rhel8-AppStream

RHEL 8.5

java-17-openjdk-devel-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-devel-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-headless

rhel8-AppStream

RHEL 8.5

java-17-openjdk-headless-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-headless-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-javadoc

rhel8-AppStream

RHEL 8.5

java-17-openjdk-javadoc-zip

rhel8-AppStream

RHEL 8.5

java-17-openjdk-jmods

rhel8-AppStream

RHEL 8.5

java-17-openjdk-jmods-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-jmods-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-src

rhel8-AppStream

RHEL 8.5

java-17-openjdk-src-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-src-slowdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-static-libs

rhel8-AppStream

RHEL 8.5

java-17-openjdk-static-libs-fastdebug

rhel8-CRB

RHEL 8.5

java-17-openjdk-static-libs-slowdebug

rhel8-CRB

RHEL 8.5

java-21-openjdk

rhel8-AppStream

RHEL 8.9

java-21-openjdk-demo

rhel8-AppStream

RHEL 8.9

java-21-openjdk-demo-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-demo-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-devel

rhel8-AppStream

RHEL 8.9

java-21-openjdk-devel-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-devel-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-headless

rhel8-AppStream

RHEL 8.9

java-21-openjdk-headless-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-headless-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-javadoc

rhel8-AppStream

RHEL 8.9

java-21-openjdk-javadoc-zip

rhel8-AppStream

RHEL 8.9

java-21-openjdk-jmods

rhel8-AppStream

RHEL 8.9

java-21-openjdk-jmods-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-jmods-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-src

rhel8-AppStream

RHEL 8.9

java-21-openjdk-src-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-src-slowdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-static-libs

rhel8-AppStream

RHEL 8.9

java-21-openjdk-static-libs-fastdebug

rhel8-CRB

RHEL 8.9

java-21-openjdk-static-libs-slowdebug

rhel8-CRB

RHEL 8.9

jaxb-api4

rhel8-AppStream

RHEL 8.8

jaxb-codemodel

rhel8-AppStream

RHEL 8.8

jaxb-core

rhel8-AppStream

RHEL 8.8

jaxb-dtd-parser

rhel8-AppStream

RHEL 8.8

jaxb-istack-commons-runtime

rhel8-AppStream

RHEL 8.8

jaxb-istack-commons-tools

rhel8-AppStream

RHEL 8.8

jaxb-relaxng-datatype

rhel8-AppStream

RHEL 8.8

jaxb-rngom

rhel8-AppStream

RHEL 8.8

jaxb-runtime

rhel8-AppStream

RHEL 8.8

jaxb-txw2

rhel8-AppStream

RHEL 8.8

jaxb-xjc

rhel8-AppStream

RHEL 8.8

jaxb-xsom

rhel8-AppStream

RHEL 8.8

jctools

rhel8-AppStream

RHEL 8.6

jetty-continuation

rhel8-AppStream

RHEL 8.4

jetty-http

rhel8-AppStream

RHEL 8.4

jetty-io

rhel8-AppStream

RHEL 8.4

jetty-security

rhel8-AppStream

RHEL 8.4

jetty-server

rhel8-AppStream

RHEL 8.4

jetty-servlet

rhel8-AppStream

RHEL 8.4

jetty-util

rhel8-AppStream

RHEL 8.4

jigawatts

rhel8-AppStream

RHEL 8.5

jigawatts-javadoc

rhel8-AppStream

RHEL 8.5

jigawatts-javadoc

rhel8-AppStream

RHEL 8.8

jmc-core-javadoc

rhel8-AppStream

RHEL 8.2

jmc-core

rhel8-AppStream

RHEL 8.2

jmc

rhel8-AppStream

RHEL 8.2

jolokia-jvm-agent

rhel8-AppStream

RHEL 8.2

jq-devel

rhel8-CRB

RHEL 8.5

js-d3-flame-graph

rhel8-AppStream

RHEL 8.3

Judy-devel

rhel8-BaseOS

RHEL 8.1

Judy-devel

rhel8-CRB

RHEL 8.3

junit5

rhel8-AppStream

RHEL 8.4

kernel-abi-stablelists

rhel8-BaseOS

RHEL 8.4

kmod-redhat-oracleasm

rhel8-BaseOS

RHEL 8.4

kpatch-dnf

rhel8-BaseOS

RHEL 8.4

lasso-devel

rhel8-CRB

RHEL 8.5

ldns-doc

rhel8-CRB

RHEL 8.10

ldns-utils

rhel8-CRB

RHEL 8.10

leapp

rhel8-AppStream

RHEL 8.7

leapp-deps

rhel8-AppStream

RHEL 8.7

leapp-upgrade-el8toel9

rhel8-AppStream

RHEL 8.7

leapp-upgrade-el8toel9-deps

rhel8-AppStream

RHEL 8.7

libadwaita-qt5

rhel8-AppStream

RHEL 8.5

libasan6

rhel8-AppStream

RHEL 8.4

libasan8

rhel8-AppStream

RHEL 8.7

libbabeltrace-devel

rhel8-CRB

RHEL 8.3

libblockdev-crypto-devel

rhel8-CRB

RHEL 8.3

libblockdev-devel

rhel8-CRB

RHEL 8.3

libblockdev-fs-devel

rhel8-CRB

RHEL 8.3

libblockdev-loop-devel

rhel8-CRB

RHEL 8.3

libblockdev-lvm-devel

rhel8-CRB

RHEL 8.3

libblockdev-mdraid-devel

rhel8-CRB

RHEL 8.3

libblockdev-part-devel

rhel8-CRB

RHEL 8.3

libblockdev-swap-devel

rhel8-CRB

RHEL 8.3

libblockdev-utils-devel

rhel8-CRB

RHEL 8.3

libblockdev-vdo-devel

rhel8-CRB

RHEL 8.3

libbpf-devel

rhel8-CRB

RHEL 8.2

libbpf-static

rhel8-CRB

RHEL 8.2

libbpf

rhel8-BaseOS

RHEL 8.2

libbytesize-devel

rhel8-CRB

RHEL 8.3

libcap-ng-python3

rhel8-BaseOS

RHEL 8.5

libdazzle-devel

rhel8-CRB

RHEL 8.4

libdhash-devel

rhel8-CRB

RHEL 8.7

libdnf-devel

rhel8-CRB

RHEL 8.4

libdwarves1

rhel8-CRB

RHEL 8.2

libecpg

rhel8-AppStream

RHEL 8.4

libecpg-devel

rhel8-CRB

RHEL 8.4

libepubgen-devel

rhel8-CRB

RHEL 8.4

libestr-devel

rhel8-CRB

RHEL 8.7

libgcab1-devel

rhel8-CRB

RHEL 8.6

libguestfs-appliance

rhel8-AppStream

RHEL 8.6

libnbd

rhel8-AppStream

RHEL 8.3

libnbd-bash-completion

rhel8-AppStream

RHEL 8.6

libnbd-devel

rhel8-AppStream

RHEL 8.3

libnetapi

rhel8-BaseOS

RHEL 8.8

libnetapi-devel

rhel8-CRB

RHEL 8.8

libnftnl-devel

rhel8-CRB

RHEL 8.2

libnumbertext

rhel8-AppStream

RHEL 8.4

libpgtypes

rhel8-AppStream

RHEL 8.4

libpinyin-devel

rhel8-CRB

RHEL 8.6

libpsl-devel

rhel8-CRB

RHEL 8.3

librabbitmq-tools

rhel8-AppStream

RHEL 8.10

libreoffice

rhel8-AppStream

RHEL 8.8

librepo-devel

rhel8-CRB

RHEL 8.4

librhsm-devel

rhel8-CRB

RHEL 8.4

libselinux-static

rhel8-CRB

RHEL 8.6

libsemanage-devel

rhel8-CRB

RHEL 8.3

libserf-devel

rhel8-CRB

RHEL 8.7

libslirp

rhel8-AppStream

RHEL 8.3

libslirp-devel

rhel8-AppStream

RHEL 8.3

libsmi-devel

rhel8-CRB

RHEL 8.4

libsndfile-utils

rhel8-AppStream

RHEL 8.8

libsolv-devel

rhel8-CRB

RHEL 8.4

libsolv-tools

rhel8-CRB

RHEL 8.4

libss-devel

rhel8-CRB

RHEL 8.6

libssh-config

rhel8-BaseOS

RHEL 8.1

libstoragemgmt-devel

rhel8-BaseOS

RHEL 8.3

libstoragemgmt-devel

rhel8-CRB

RHEL 8.3

libstoragemgmt-nfs-plugin

rhel8-AppStream

RHEL 8.7

libtimezonemap-devel

rhel8-CRB

RHEL 8.10

libtpms

rhel8-AppStream

RHEL 8.6

libtpms-devel

rhel8-AppStream

RHEL 8.6

libtraceevent

rhel8-BaseOS

RHEL 8.8

libtraceevent-devel

rhel8-CRB

RHEL 8.8

libtracefs

rhel8-BaseOS

RHEL 8.8

libtracefs-devel

rhel8-CRB

RHEL 8.8

libtsan2

rhel8-AppStream

RHEL 8.7

libudisks2-devel

rhel8-CRB

RHEL 8.3

liburing-devel

rhel8-CRB

RHEL 8.3

liburing

rhel8-AppStream

RHEL 8.2

libuser-devel

rhel8-CRB

RHEL 8.6

libuv-devel

rhel8-CRB

RHEL 8.4

libverto-libev

rhel8-AppStream

RHEL 8.7

libvirt-daemon-driver-storage-iscsi-direct

rhel8-AppStream

RHEL 8.3

libvirt-wireshark

rhel8-AppStream

RHEL 8.6

libvma-utils

rhel8-AppStream

RHEL 8.9

libvoikko-devel

rhel8-CRB

RHEL 8.5

libwpe

rhel8-AppStream

RHEL 8.8

libwpe-devel

rhel8-CRB

RHEL 8.8

libxdp

rhel8-AppStream

RHEL 8.3

libxdp-devel

rhel8-CRB

RHEL 8.8

libxdp-static

rhel8-CRB

RHEL 8.8

libxkbfile-1.1.0-1.el8

rhel8-AppStream

RHEL 8.3

libxmlb

rhel8-BaseOS

RHEL 8.3

libxmlb-devel

rhel8-CRB

RHEL 8.6

libXvMC-devel

rhel8-CRB

RHEL 8.3

libzstd-devel

rhel8-BaseOS

RHEL 8.2

libzstd

rhel8-BaseOS

RHEL 8.2

lld-test

rhel8-AppStream

RHEL 8.2

llvm-cmake-utils

rhel8-AppStream

RHEL 8.10

lmdb

rhel8-CRB

RHEL 8.8

lmdb-devel

rhel8-CRB

RHEL 8.6

lmdb-libs

rhel8-AppStream

RHEL 8.1

log4j

rhel8-AppStream

RHEL 8.6

log4j-jcl

rhel8-AppStream

RHEL 8.6

log4j-slf4j

rhel8-AppStream

RHEL 8.6

log4j-web

rhel8-AppStream

RHEL 8.8

lpsolve-devel

rhel8-CRB

RHEL 8.5

lucene

rhel8-AppStream

RHEL 8.4

lucene-analysis

rhel8-AppStream

RHEL 8.4

lucene-analyzers-smartcn

rhel8-AppStream

RHEL 8.4

lucene-queries

rhel8-AppStream

RHEL 8.4

lucene-queryparser

rhel8-AppStream

RHEL 8.4

lucene-sandbox

rhel8-AppStream

RHEL 8.4

lz4-java

rhel8-AppStream

RHEL 8.4

lz4-java-javadoc

rhel8-AppStream

RHEL 8.4

make43

rhel8-AppStream

RHEL 8.7

make43-devel

rhel8-AppStream

RHEL 8.7

mariadb-pam

rhel8-AppStream

RHEL 8.4

marisa-devel

rhel8-CRB

RHEL 8.9

maven-openjdk11

rhel8-AppStream

RHEL 8.2

maven-openjdk8

rhel8-AppStream

RHEL 8.2

maven-openjdk17

rhel8-AppStream

RHEL 8.6

maven-openjdk21

rhel8-AppStream

RHEL 8.10

mdevctl

rhel8-AppStream

RHEL 8.3

memstrack

rhel8-BaseOS

RHEL 8.3

mercurial-chg

rhel8-AppStream

RHEL 8.7

micropipenv

rhel8-AppStream

RHEL 8.4

mingw32-spice-vdagent

rhel8-CRB

RHEL 8.2

mingw64-spice-vdagent

rhel8-CRB

RHEL 8.2

mobile-broadband-provider-info-devel

rhel8-CRB

RHEL 8.5

mod_auth_mellon-diagnostics

rhel8-AppStream

RHEL 8.1

modulemd-tools

rhel8-AppStream

RHEL 8.5c

mpdecimal

rhel8-AppStream

RHEL 8.8

mpdecimal++

rhel8-CRB

RHEL 8.8

mpdecimal-devel

rhel8-CRB

RHEL 8.8

mpdecimal-doc

rhel8-CRB

RHEL 8.8

mpich-doc

rhel8-AppStream

RHEL 8.4

mvapich2-devel

rhel8-AppStream

RHEL 8.4

mvapich2-doc

rhel8-AppStream

RHEL 8.4

mvapich2-psm2-devel

rhel8-AppStream

RHEL 8.4

mysql-selinux

rhel8-AppStream

RHEL 8.4

nbdfuse

rhel8-AppStream

RHEL 8.3

nbdkit-basic-filters

rhel8-AppStream

RHEL 8.3

nbdkit-curl-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-gzip-filter

rhel8-AppStream

RHEL 8.6

nbdkit-gzip-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-linuxdisk-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-nbd-plugin

rhel8-AppStream

RHEL 8.6

nbdkit-python-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-server

rhel8-AppStream

RHEL 8.3

nbdkit-ssh-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-tar-filter

rhel8-AppStream

RHEL 8.6

nbdkit-tar-plugin

rhel8-AppStream

RHEL 8.6

nbdkit-tmpdisk-plugin

rhel8-AppStream

RHEL 8.6

nbdkit-vddk-plugin

rhel8-AppStream

RHEL 8.3

nbdkit-xz-filter

rhel8-AppStream

RHEL 8.3

netavark

rhel8-AppStream

RHEL 8.6

net-snmp-perl

rhel8-AppStream

RHEL 8.3

NetworkManager-cloud-setup

rhel8-AppStream

RHEL 8.2

NetworkManager-initscripts-updown

rhel8-BaseOS

RHEL 8.6

nftables-devel

rhel8-CRB

RHEL 8.6

nispor

rhel8-AppStream

RHEL 8.4

nispor-devel

rhel8-AppStream

RHEL 8.4

nginx-mod-devel

rhel8-AppStream

RHEL 8.6

nmstate-devel

rhel8-CRB

RHEL 8.6

nmstate-libs

rhel8-AppStream

RHEL 8.6

nmstate-plugin-ovsdb

rhel8-AppStream

RHEL 8.3

nodejs-full-i18n

rhel8-AppStream

RHEL 8.3

nodejs-packaging-bundler

rhel8-AppStream

RHEL 8.7

nss_wrapper-libs

rhel8-AppStream

RHEL 8.8

numatop

rhel8-BaseOS

RHEL 8.2

ocaml-libnbd

rhel8-CRB

RHEL 8.3

ocaml-libnbd-devel

rhel8-CRB

RHEL 8.3

oci-seccomp-bpf-hook

rhel8-AppStream

RHEL 8.3

oci-seccomp-bpf-hook

rhel8-BaseOS

RHEL 8.3

opae

rhel8-BaseOS

RHEL 8.3

openldap-servers

rhel8-CRB

RHEL 8.6

open-vm-tools-salt-minion

rhel8-AppStream

RHEL 8.7

open-vm-tools-sdmp

rhel8-AppStream

RHEL 8.3

opencv

rhel8-CRB

RHEL 8.5

openslp-devel

rhel8-CRB

RHEL 8.7

opentest4j

rhel8-AppStream

RHEL 8.4

osbuild

rhel8-AppStream

RHEL 8.3

osbuild-composer

rhel8-AppStream

RHEL 8.3

osbuild-composer-core

rhel8-AppStream

RHEL 8.4

osbuild-composer-dnf-json

rhel8-AppStream

RHEL 8.6

osbuild-composer-worker

rhel8-AppStream

RHEL 8.3

osbuild-depsolve-dnf

rhel8-AppStream

RHEL 8.10

osbuild-luks2

rhel8-AppStream

RHEL 8.6

osbuild-lvm2

rhel8-AppStream

RHEL 8.6

osbuild-ostree

rhel8-AppStream

RHEL 8.3

osbuild-selinux

rhel8-AppStream

RHEL 8.3

owasp-java-encoder-javadoc

rhel8-AppStream

RHEL 8.2

owasp-java-encoder

rhel8-AppStream

RHEL 8.2

pam_wrapper

rhel8-CRB

RHEL 8.7

pcm

rhel8-AppStream

RHEL 8.5

pcp-export-pcp2elasticsearch

rhel8-AppStream

RHEL 8.2

pcp-export-pcp2spark

rhel8-AppStream

RHEL 8.2

pcp-pmda-bpftrace

rhel8-AppStream

RHEL 8.2

pcp-pmda-denki

rhel8-AppStream

RHEL 8.6

pcp-pmda-hacluster

rhel8-AppStream

RHEL 8.4

pcp-pmda-mongodb

rhel8-AppStream

RHEL 8.6

pcp-pmda-mssql

rhel8-AppStream

RHEL 8.2

pcp-pmda-netcheck

rhel8-AppStream

RHEL 8.2

pcp-pmda-openmetrics

rhel8-AppStream

RHEL 8.2

pcp-pmda-openvswitch

rhel8-AppStream

RHEL 8.3

pcp-pmda-rabbitmq

rhel8-AppStream

RHEL 8.3

pcp-pmda-sockets

rhel8-AppStream

RHEL 8.4

pcp-pmda-statsd

rhel8-AppStream

RHEL 8.3

pcre2-tools

rhel8-CRB

RHEL 8.3

perl-AutoLoader

rhel8-AppStream

RHEL 8.6

perl-AutoSplit

rhel8-AppStream

RHEL 8.6

perl-autouse

rhel8-AppStream

RHEL 8.6

perl-B

rhel8-AppStream

RHEL 8.6

perl-base

rhel8-AppStream

RHEL 8.6

perl-Benchmark

rhel8-AppStream

RHEL 8.6

perl-blib

rhel8-AppStream

RHEL 8.6

perl-Class-Struct

rhel8-AppStream

RHEL 8.6

perl-Compress-Raw-Lzma

rhel8-AppStream

RHEL 8.6

perl-Config-Extensions

rhel8-AppStream

RHEL 8.6

perl-Convert-ASN1

rhel8-AppStream

RHEL 8.2

perl-DBM_Filter

rhel8-AppStream

RHEL 8.6

perl-debugger

rhel8-AppStream

RHEL 8.6

perl-deprecate

rhel8-AppStream