Chapter 1. Overview
1.1. Major changes in RHEL 8.4
Security
IPsec VPN provided by Libreswan now supports TCP encapsulation and security labels for IKEv2.
The scap-security-guide
packages have been rebased to version 0.1.54, and OpenSCAP has been rebased to version 1.3.4. These updates provide substantial improvements, including:
- Improved memory management
- Added RHEL8 ANSSI-BP-028 Minimal, Intermediary and Enhanced profiles
- Updated RHEL8 STIG profile to DISA STIG v1r1
The fapolicyd
framework now provides integrity checking, and the RPM plugin now registers any system update that is handled by either the YUM package manager or the RPM Package Manager.
The rhel8-tang
container image provides Tang-server decryption capabilities for Clevis clients that run either in OpenShift Container Platform (OCP) clusters or in separate virtual machines.
See Section 4.6, “Security” for more information.
Networking
Nmstate is a network API for hosts and fully supported in RHEL 8.4. The nmstate
packages provide a library and the nmstatectl
command-line utility to manage host network settings in a declarative manner.
The Multi-protocol Label Switching (MPLS) is an in-kernel data-forwarding mechanism to route traffic flow across enterprise networks. For example, you can add tc filters
for managing packets received from specific ports or carrying specific types of traffic, in a consistent way. The MPLS support is available in this release as a Technology Preview.
The iproute2
utility introduces three new traffic control (tc
) actions; mac_push
, push_eth
, and pop_eth
to add MPLS labels, build an Ethernet header at the beginning of the packet, and drop the outer Ethernet header respectively.
The support for bareudp
devices is now available with the ip link
command as a Technology Preview.
For more information about the features introduced in this release and changes in the existing functionality, see Section 4.7, “Networking”.
Kernel
The kpatch-dnf
package provides a DNF plugin for subscribing a RHEL system to kernel live patch updates. The plugin enables automatic subscription for any kernel the system currently uses, and also for kernels to-be-installed in the future.
Proactive compaction regularly initiates memory compaction work before a request for allocation is made. Therefore, latency for specific memory allocation requests is lowered.
A new implementation of slab memory controller for the control groups technology is now available in RHEL 8. The slab memory controller brings improvement in slab utilization, and enables to shift the memory accounting from the page level to the object level. As a result, you can observe a significant drop in the total kernel memory footprint and positive effects on memory fragmentation.
The time namespace feature is available in RHEL 8.4. This feature is suited for changing the date and time inside Linux containers. The in-container clock adjustments after restoration from a checkpoint are also now possible.
RHEL 8 supports the Error Detection and Correction (EDAC) kernel module set in 8th and 9th generation Intel Core Processors.
For more information about the features introduced in this release and changes in the existing functionality, see Section 4.8, “Kernel”.
High availability and clusters
A persistent Pacemaker resource agent that maintains state data can detect failures asynchronously and inject a failure into Pacemaker immediately without waiting for the next monitor interval. A persistent resource agent can also speed up cluster response time for services with a high state overhead, since maintaining state data can reduce the state overhead for cluster actions such as start, stop, and monitor by not invoking the state separately for each action.
For information on creating a persistent Pacemaker resource agent, you can now consult the article Creating a Persistent (Daemonized) Pacemaker Resource Agent.
Dynamic programming languages, web and database servers
Later versions of the following components are now available as new module streams:
- Python 3.9
- SWIG 4.0
- Subversion 1.14
- Redis 6
- PostgreSQL 13
- MariaDB 10.5
See Section 4.11, “Dynamic programming languages, web and database servers” for more information.
Compilers and development tools
The following compiler toolsets have been updated:
- GCC Toolset 10
- LLVM Toolset 11.0.0
- Rust Toolset 1.49.0
- Go Toolset 1.15.7
See Section 4.12, “Compilers and development tools” for more information.
OpenJDK 11 is now available
A new version of Open Java Development Kit (OpenJDK) is now available. For more information about the features introduced in this release and changes in the existing functionality, see OpenJDK documentation.
Identity Management
RHEL 8.4 provides Ansible modules for automated management of role-based access control (RBAC) in Identity Management (IdM), an Ansible role for backing up and restoring IdM servers, and an Ansible module for location management.
See Section 4.13, “Identity Management” for more information.
1.2. In-place upgrade and OS conversion
In-place upgrade from RHEL 7 to RHEL 8
The supported in-place upgrade paths currently are:
- From RHEL 7.9 to RHEL 8.4 on the 64-bit Intel, IBM POWER 8 (little endian), and IBM Z architectures
- From RHEL 7.6 to RHEL 8.4 on architectures that require kernel version 4.14: IBM POWER 9 (little endian) and IBM Z (Structure A)
- From RHEL 7.7 to RHEL 8.2 on systems with SAP HANA. To ensure your system with SAP HANA remains supported after upgrading to RHEL 8.2, enable the RHEL 8.2 Update Services for SAP Solutions (E4S) repositories.
For more information, see Supported in-place upgrade paths for Red Hat Enterprise Linux. For instructions on performing an in-place upgrade, see Upgrading from RHEL 7 to RHEL 8.
With the release of RHEL 8.4, additional required data files are now downloaded automatically from cloud.redhat.com if you are using Red Hat Subscription Manager (RHSM) and have not previously downloaded older required data files without performing the upgrade.
In-place upgrade from RHEL 6 to RHEL 8
To upgrade from RHEL 6.10 to RHEL 8.4, follow instructions in Upgrading from RHEL 6 to RHEL 8.
Conversion from a different Linux distribution to RHEL
If you are using CentOS Linux 8 or Oracle Linux 8, you can convert your operating system to RHEL 8 using the Red Hat-supported Convert2RHEL
utility. For more information, see Converting from an RPM-based Linux distribution to RHEL.
If you are using an earlier version of CentOS Linux or Oracle Linux, namely versions 6 or 7, you can convert your operating system to RHEL and then perform an in-place upgrade to RHEL 8. Note that CentOS Linux 6 and Oracle Linux 6 conversions use the unsupported Convert2RHEL
utility. For more information on unsupported conversions, see How to convert from CentOS Linux 6 or Oracle Linux 6 to RHEL 6.
For information regarding how Red Hat supports conversions from other Linux distributions to RHEL, see the Convert2RHEL Support Policy document.
1.3. Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
- Registration Assistant
- Product Life Cycle Checker
- Kickstart Generator
- Kickstart Converter
- Red Hat Enterprise Linux Upgrade Helper
- Red Hat Satellite Upgrade Helper
- Red Hat Code Browser
- JVM Options Configuration Tool
- Red Hat CVE Checker
- Red Hat Product Certificates
- Load Balancer Configuration Tool
- Yum Repository Configuration Helper
- Red Hat Memory Analyzer
- Kernel Oops Analyzer
- Red Hat Product Errata Advisory Checker
1.4. Additional resources
- Capabilities and limits of Red Hat Enterprise Linux 8 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
- Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
- The Package manifest document provides a package listing for RHEL 8.
- Major differences between RHEL 7 and RHEL 8 are documented in Considerations in adopting RHEL 8.
- Instructions on how to perform an in-place upgrade from RHEL 7 to RHEL 8 are provided by the document Upgrading from RHEL 7 to RHEL 8.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.