Chapter 15. Dynamic programming languages, web servers, database servers
15.1. Dynamic programming languages
15.1.1. Notable changes in Python
15.1.1.1. Python 3
is the default Python
implementation in RHEL 8
Red Hat Enterprise Linux 8 is distributed with several versions of Python 3
. Python 3.6
is going to be supported for the whole life cycle of RHEL 8. The respective package might not be installed by default.
Python 2.7
is available in the python2
package. However, Python 2
will have a shorter life cycle and its aim is to facilitate a smoother transition to Python 3
for customers.
For details, see Python versions.
Neither the default python
package nor the unversioned /usr/bin/python
executable is distributed with RHEL 8. Customers are advised to use python3
or python2
directly. Alternatively, administrators can configure the unversioned python
command using the alternatives
command. See Configuring the unversioned Python.
Additional resources
15.1.1.2. Migrating from Python 2 to Python 3
As a developer, you may want to migrate your former code that is written in Python 2 to Python 3.
For more information about how to migrate large code bases to Python 3, see The Conservative Python 3 Porting Guide.
Note that after this migration, the original Python 2 code becomes interpretable by the Python 3 interpreter and stays interpretable for the Python 2 interpreter as well.
15.1.1.3. Configuring the unversioned Python
System administrators can configure the unversioned python
command, located at /usr/bin/python
, using the alternatives
command. Note that the required package, python3
, python38
, python39
, python3.11
, python3.12
, or python2
, must be installed before configuring the unversioned command to the respective version.
The /usr/bin/python
executable is controlled by the alternatives
system. Any manual changes may be overwritten upon an update.
Additional Python-related commands, such as pip3
, do not have configurable unversioned variants.
15.1.1.3.1. Configuring the unversioned python command directly
You can configure the unversioned python
command directly to a selected version of Python.
Prerequisites
- Ensure that the required version of Python is installed.
Procedure
To configure the unversioned
python
command to Python 3.6, use:# alternatives --set python /usr/bin/python3
To configure the unversioned
python
command to Python 3.8, use:# alternatives --set python /usr/bin/python3.8
To configure the unversioned
python
command to Python 3.9, use:# alternatives --set python /usr/bin/python3.9
To configure the unversioned
python
command to Python 3.11, use:# alternatives --set python /usr/bin/python3.11
To configure the unversioned
python
command to Python 3.12, use:# alternatives --set python /usr/bin/python3.12
To configure the unversioned
python
command to Python 2, use:# alternatives --set python /usr/bin/python2
15.1.1.3.2. Configuring the unversioned python command to the required Python version interactively
You can configure the unversioned python
command to the required Python version interactively.
Prerequisites
- Ensure that the required version of Python is installed.
Procedure
To configure the unversioned
python
command interactively, use:# alternatives --config python
- Select the required version from the provided list.
To reset this configuration and remove the unversioned
python
command, use:# alternatives --auto python
15.1.1.3.3. Additional resources
-
alternatives(8)
andunversioned-python(1)
man pages on your system
15.1.1.4. Handling interpreter directives in Python scripts
In Red Hat Enterprise Linux 8, executable Python scripts are expected to use interpreter directives (also known as hashbangs or shebangs) that explicitly specify at a minimum the major Python version. For example:
#!/usr/bin/python3 #!/usr/bin/python3.6 #!/usr/bin/python3.8 #!/usr/bin/python3.9 #!/usr/bin/python3.11 #!/usr/bin/python3.12 #!/usr/bin/python2
The /usr/lib/rpm/redhat/brp-mangle-shebangs
buildroot policy (BRP) script is run automatically when building any RPM package, and attempts to correct interpreter directives in all executable files.
The BRP script generates errors when encountering a Python script with an ambiguous interpreter directive, such as:
#!/usr/bin/python
or
#!/usr/bin/env python
15.1.1.4.1. Modifying interpreter directives in Python scripts
Modify interpreter directives in the Python scripts that cause the build errors at RPM build time.
Prerequisites
- Some of the interpreter directives in your Python scripts cause a build error.
Procedure
To modify interpreter directives, complete one of the following tasks:
Apply the
pathfix.py
script from theplatform-python-devel
package:# pathfix.py -pn -i %{__python3} PATH …
Note that multiple
PATHs
can be specified. If aPATH
is a directory,pathfix.py
recursively scans for any Python scripts matching the pattern^[a-zA-Z0-9_]+\.py$
, not only those with an ambiguous interpreter directive. Add this command to the%prep
section or at the end of the%install
section.-
Modify the packaged Python scripts so that they conform to the expected format. For this purpose,
pathfix.py
can be used outside the RPM build process, too. When runningpathfix.py
outside an RPM build, replace%{__python3}
from the example above with a path for the interpreter directive, such as/usr/bin/python3
.
If the packaged Python scripts require a version other than Python 3.6, adjust the preceding commands to include the required version.
15.1.1.4.2. Changing /usr/bin/python3 interpreter directives in your custom packages
By default, interpreter directives in the form of /usr/bin/python3
are replaced with interpreter directives pointing to Python from the platform-python
package, which is used for system tools with Red Hat Enterprise Linux. You can change the /usr/bin/python3
interpreter directives in your custom packages to point to a specific version of Python that you have installed from the AppStream repository.
Procedure
To build your package for a specific version of Python, add the
python*-rpm-macros
subpackage of the respectivepython
package to the BuildRequires section of thespec
file. For example, for Python 3.6, include the following line:BuildRequires: python36-rpm-macros
As a result, the
/usr/bin/python3
interpreter directives in your custom package are automatically converted to/usr/bin/python3.6
.
To prevent the BRP script from checking and modifying interpreter directives, use the following RPM directive:
%undefine __brp_mangle_shebangs
15.1.1.5. Python
binding of the net-snmp
package is unavailable
The Net-SNMP
suite of tools does not provide binding for Python 3
, which is the default Python
implementation in RHEL 8. Consequently, python-net-snmp
, python2-net-snmp
, or python3-net-snmp
packages are unavailable in RHEL 8.
15.1.2. Notable changes in PHP
Red Hat Enterprise Linux 8 is distributed with PHP 7.2
. This version introduces the following major changes over PHP 5.4
, which is available in RHEL 7:
-
PHP
uses FastCGI Process Manager (FPM) by default (safe for use with a threadedhttpd
) -
The
php_value
andphp-flag
variables should no longer be used in thehttpd
configuration files; they should be set in pool configuration instead:/etc/php-fpm.d/*.conf
-
PHP
script errors and warnings are logged to the/var/log/php-fpm/www-error.log
file instead of/var/log/httpd/error.log
-
When changing the PHP
max_execution_time
configuration variable, thehttpd
ProxyTimeout
setting should be increased to match -
The user running
PHP
scripts is now configured in the FPM pool configuration (the/etc/php-fpm.d/www.conf
file; theapache
user is the default) -
The
php-fpm
service needs to be restarted after a configuration change or after a new extension is installed -
The
zip
extension has been moved from thephp-common
package to a separate package,php-pecl-zip
The following extensions have been removed:
-
aspell
-
mysql
(note that themysqli
andpdo_mysql
extensions are still available, provided byphp-mysqlnd
package) -
memcache
15.1.3. Notable changes in Perl
Perl 5.26
, distributed with RHEL 8, introduces the following changes over the version available in RHEL 7:
-
Unicode 9.0
is now supported. -
New
op-entry
,loading-file
, andloaded-file
SystemTap
probes are provided. - Copy-on-write mechanism is used when assigning scalars for improved performance.
-
The
IO::Socket::IP
module for handling IPv4 and IPv6 sockets transparently has been added. -
The
Config::Perl::V
module to accessperl -V
data in a structured way has been added. -
A new
perl-App-cpanminus
package has been added, which contains thecpanm
utility for getting, extracting, building, and installing modules from the Comprehensive Perl Archive Network (CPAN) repository. -
The current directory
.
has been removed from the@INC
module search path for security reasons. -
The
do
statement now returns a deprecation warning when it fails to load a file because of the behavioral change described above. -
The
do subroutine(LIST)
call is no longer supported and results in a syntax error. -
Hashes are randomized by default now. The order in which keys and values are returned from a hash changes on each
perl
run. To disable the randomization, set thePERL_PERTURB_KEYS
environment variable to0
. -
Unescaped literal
{
characters in regular expression patterns are no longer permissible. -
Lexical scope support for the
$_
variable has been removed. -
Using the
defined
operator on an array or a hash results in a fatal error. -
Importing functions from the
UNIVERSAL
module results in a fatal error. -
The
find2perl
,s2p
,a2p
,c2ph
, andpstruct
tools have been removed. -
The
${^ENCODING}
facility has been removed. Theencoding
pragma’s default mode is no longer supported. To write source code in other encoding thanUTF-8
, use the encoding’sFilter
option. -
The
perl
packaging is now aligned with upstream. Theperl
package installs also core modules and is suitable for development. On production systems, use theperl-interpreter
package, which contains the main/usr/bin/perl
interpreter. In previous releases, theperl
package included just a minimal interpreter, whereas theperl-core
package included both the interpreter and the core modules. -
The
IO::Socket::SSL
Perl module no longer loads a certificate authority certificate from the./certs/my-ca.pem
file or the./ca
directory, a server private key from the./certs/server-key.pem
file, a server certificate from the./certs/server-cert.pem
file, a client private key from the./certs/client-key.pem
file, and a client certificate from the./certs/client-cert.pem
file. Specify the paths to the files explicitly instead.
15.1.4. Notable changes in Ruby
RHEL 8 provides Ruby 2.5
, which introduces numerous new features and enhancements over Ruby 2.0.0
available in RHEL 7. Notable changes include:
- Incremental garbage collector has been added.
-
The
Refinements
syntax has been added. - Symbols are now garbage collected.
-
The
$SAFE=2
and$SAFE=3
safe levels are now obsolete. -
The
Fixnum
andBignum
classes have been unified into theInteger
class. -
Performance has been improved by optimizing the
Hash
class, improved access to instance variables, and theMutex
class being smaller and faster. - Certain old APIs have been deprecated.
-
Bundled libraries, such as
RubyGems
,Rake
,RDoc
,Psych
,Minitest
, andtest-unit
, have been updated. -
Other libraries, such as
mathn
,DL
,ext/tk
, andXMLRPC
, which were previously distributed withRuby
, are deprecated or no longer included. -
The
SemVer
versioning scheme is now used forRuby
versioning.
15.1.5. Notable changes in SWIG
RHEL 8 includes the Simplified Wrapper and Interface Generator (SWIG) version 3.0, which provides numerous new features, enhancements, and bug fixes over the version 2.0 distributed in RHEL 7. Most notably, support for the C++11 standard has been implemented. SWIG
now supports also Go 1.6
, PHP 7
, Octave 4.2
, and Python 3.5
.
15.1.6. Node.js
new in RHEL
Node.js
, a software development platform for building fast and scalable network applications in the JavaScript programming language, is provided for the first time in RHEL. It was previously available only as a Software Collection. RHEL 8 provides Node.js 10
.
15.2. Tcl
Tool command language (Tcl) is a dynamic programming language. The interpreter for this language, together with the C library, is provided by the tcl
package.
Using Tcl paired with Tk (Tcl/Tk) enables creating cross-platform GUI applications. Tk is provided by the tk
package.
Note that Tk can refer to any of the following:
- A programming toolkit for multiple languages
- A Tk C library bindings available for multiple languages, such as C, Ruby, Perl and Python
- A wish interpreter that instantiates a Tk console
- A Tk extension that adds a number of new commands to a particular Tcl interpreter
15.2.1. Notable changes in Tcl/Tk 8.6
RHEL 8 is distributed with Tcl/Tk version 8.6, which provides multiple notable changes over Tcl/Tk version 8.5:
- Object-oriented programming support
- Stackless evaluation implementation
- Enhanced exceptions handling
- Collection of third-party packages built and installed with Tcl
- Multi-thread operations enabled
- SQL database-powered scripts support
- IPv6 networking support
- Built-in Zlib compression
List processing
Two new commands,
lmap
anddict map
are available, which allow the expression of transformations over Tcl containers.Stacked channels by script
Two new commands,
chan push
andchan pop
are available, which allow to add or remove transformations to or from I/O channels.
For more detailed information about Tcl/Tk version 8.6 changes and new feaures, see the following resources:
If you need to migrate to Tcl/Tk 8.6, see Migration path for users scripting their tasks with Tcl/Tk.
15.3. Web servers
15.3.1. Notable changes in the Apache HTTP Server
The Apache HTTP Server has been updated from version 2.4.6 in RHEL 7 to version 2.4.37 in RHEL 8. This updated version includes several new features, but maintains backwards compatibility with the RHEL 7 version at the level of configuration and Application Binary Interface (ABI) of external modules.
New features include:
-
HTTP/2
support is now provided by themod_http2
package, which is a part of thehttpd
module. -
systemd socket activation is supported. See
httpd.socket(8)
man page for more details.
Multiple new modules have been added:
-
mod_proxy_hcheck
- a proxy health-check module -
mod_proxy_uwsgi
- a Web Server Gateway Interface (WSGI) proxy -
mod_proxy_fdpass
- provides support for the passing the socket of the client to another process -
mod_cache_socache
- an HTTP cache using, for example, memcache backend -
mod_md
- an ACME protocol SSL/TLS certificate service
-
The following modules now load by default:
-
mod_request
-
mod_macro
-
mod_watchdog
-
-
A new subpackage,
httpd-filesystem
, has been added, which contains the basic directory layout for the Apache HTTP Server including the correct permissions for the directories. -
Instantiated service support,
httpd@.service
has been introduced. See thehttpd.service
man page for more information.
-
A new
httpd-init.service
replaces the%post script
to create a self-signedmod_ssl
key pair.
-
Automated TLS certificate provisioning and renewal using the Automatic Certificate Management Environment (ACME) protocol is now supported with the
mod_md
package (for use with certificate providers such asLet’s Encrypt
). -
The Apache HTTP Server now supports loading TLS certificates and private keys from hardware security tokens directly from
PKCS#11
modules. As a result, amod_ssl
configuration can now usePKCS#11
URLs to identify the TLS private key, and, optionally, the TLS certificate in theSSLCertificateKeyFile
andSSLCertificateFile
directives. A new
ListenFree
directive in the/etc/httpd/conf/httpd.conf
file is now supported.Similarly to the
Listen
directive,ListenFree
provides information about IP addresses, ports, or IP address-and-port combinations that the server listens to. However, withListenFree
, theIP_FREEBIND
socket option is enabled by default. Hence,httpd
is allowed to bind to a nonlocal IP address or to an IP address that does not exist yet. This allowshttpd
to listen on a socket without requiring the underlying network interface or the specified dynamic IP address to be up at the time whenhttpd
is trying to bind to it.Note that the
ListenFree
directive is currently available only in RHEL 8.For more details on
ListenFree
, see the following table:Table 15.1. ListenFree directive’s syntax, status, and modules Syntax Status Modules ListenFree [IP-address:]portnumber [protocol]
MPM
event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2
Other notable changes include:
The following modules have been removed:
-
mod_file_cache
mod_nss
Use
mod_ssl
as a replacement. For details about migrating frommod_nss
, see the Exporting a private key and certificates from an NSS database to use them in an Apache web server configuration section in theDeploying different types of servers
documentation.-
mod_perl
-
-
The default type of the DBM authentication database used by the Apache HTTP Server in RHEL 8 has been changed from
SDBM
todb5
. -
The
mod_wsgi
module for the Apache HTTP Server has been updated to Python 3. WSGI applications are now supported only with Python 3, and must be migrated from Python 2. The multi-processing module (MPM) configured by default with the Apache HTTP Server has changed from a multi-process, forked model (known as
prefork
) to a high-performance multi-threaded model,event
.Any third-party modules that are not thread-safe need to be replaced or removed. To change the configured MPM, edit the
/etc/httpd/conf.modules.d/00-mpm.conf
file. See thehttpd.service(8)
man page for more information.- The minimum UID and GID allowed for users by suEXEC are now 1000 and 500, respectively (previously 100 and 100).
-
The
/etc/sysconfig/httpd
file is no longer a supported interface for setting environment variables for thehttpd
service. Thehttpd.service(8)
man page has been added for the systemd service. -
Stopping the
httpd
service now uses a “graceful stop” by default. -
The
mod_auth_kerb
module has been replaced by themod_auth_gssapi
module.
For instructions on deploying, see Setting up the Apache HTTP web server.
15.3.2. The nginx
web server new in RHEL
RHEL 8 introduces nginx 1.14
, a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. nginx
was previously available only as a Software Collection.
The nginx
web server now supports loading TLS private keys from hardware security tokens directly from PKCS#11
modules. As a result, an nginx
configuration can use PKCS#11
URLs to identify the TLS private key in the ssl_certificate_key
directive.
15.3.3. Apache Tomcat removed in RHEL 8.0, reintroduced in RHEL 8.8
The Apache Tomcat server was removed from Red Hat Enterprise Linux 8.0 and reintroduced in RHEL 8.8. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0.
Users of earlier minor versions than RHEL 8.8 who require a servlet container can use the JBoss Web Server.
15.4. Proxy caching servers
15.4.1. Varnish Cache
new in RHEL
Varnish Cache
, a high-performance HTTP reverse proxy, is provided for the first time in RHEL. It was previously available only as a Software Collection. Varnish Cache
stores files or fragments of files in memory that are used to reduce the response time and network bandwidth consumption on future equivalent requests. RHEL 8.0 is distributed with Varnish Cache 6.0
.
15.4.2. Notable changes in Squid
RHEL 8.0 is distributed with Squid 4.4
, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. This release provides numerous new features, enhancements, and bug fixes over the version 3.5 available in RHEL 7.
Notable changes include:
- Configurable helper queue size
- Changes to helper concurrency channels
- Changes to the helper binary
- Secure Internet Content Adaptation Protocol (ICAP)
- Improved support for Symmetric Multi Processing (SMP)
- Improved process management
- Removed support for SSL
- Removed Edge Side Includes (ESI) custom parser
- Multiple configuration changes
15.5. Database servers
RHEL 8 provides the following database servers:
-
MySQL 8.0
, a multi-user, multi-threaded SQL database server. It consists of theMySQL
server daemon,mysqld
, and many client programs. -
MariaDB 10.3
, a multi-user, multi-threaded SQL database server. For all practical purposes,MariaDB
is binary-compatible withMySQL
. -
PostgreSQL 10
andPostgreSQL 9.6
, an advanced object-relational database management system (DBMS). -
Redis 5
, an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, and sorted sets.Redis
is provided for the first time in RHEL.
Note that the NoSQL MongoDB
database server is not included in RHEL 8.0 because it uses the Server Side Public License (SSPL).
Database servers are not installable in parallel
The mariadb
and mysql
modules cannot be installed in parallel in RHEL 8.0 due to conflicting RPM packages.
By design, it is impossible to install more than one version (stream) of the same module in parallel. For example, you need to choose only one of the available streams from the postgresql
module, either 10
(default) or 9.6
. Parallel installation of components is possible in Red Hat Software Collections for RHEL 6 and RHEL 7. In RHEL 8, different versions of database servers can be used in containers.
15.5.1. Notable changes in MariaDB 10.3
MariaDB 10.3
provides numerous new features over the version 5.5 distributed in RHEL 7, such as:
- Common table expressions
- System-versioned tables
-
FOR
loops - Invisible columns
- Sequences
-
Instant
ADD COLUMN
forInnoDB
- Storage-engine independent column compression
- Parallel replication
- Multi-source replication
In addition, the new mariadb-connector-c
packages provide a common client library for MySQL
and MariaDB
. This library is usable with any version of the MySQL
and MariaDB
database servers. As a result, the user is able to connect one build of an application to any of the MySQL
and MariaDB
servers distributed with RHEL 8.
Other notable changes include:
-
MariaDB Galera Cluster
, a synchronous multi-source cluster, is now a standard part ofMariaDB
. -
InnoDB
is used as the default storage engine instead ofXtraDB
. - The mariadb-bench subpackage has been removed.
- The default allowed level of the plug-in maturity has been changed to one level less than the server maturity. As a result, plug-ins with a lower maturity level that were previously working, will no longer load.
15.5.2. Notable changes in MySQL 8.0
RHEL 8 is distributed with MySQL 8.0
, which provides, for example, the following enhancements:
-
MySQL
now incorporates a transactional data dictionary, which stores information about database objects. -
MySQL
now supports roles, which are collections of privileges. -
The default character set has been changed from
latin1
toutf8mb4
. - Support for common table expressions, both nonrecursive and recursive, has been added.
-
MySQL
now supports window functions, which perform a calculation for each row from a query, using related rows. -
InnoDB
now supports theNOWAIT
andSKIP LOCKED
options with locking read statements. - GIS-related functions have been improved.
- JSON functionality has been enhanced.
-
The new
mariadb-connector-c
packages provide a common client library forMySQL
andMariaDB
. This library is usable with any version of theMySQL
andMariaDB
database servers. As a result, the user is able to connect one build of an application to any of theMySQL
andMariaDB
servers distributed with RHEL 8.
In addition, the MySQL 8.0
server distributed with RHEL 8 is configured to use mysql_native_password
as the default authentication plug-in because client tools and libraries in RHEL 8 are incompatible with the caching_sha2_password
method, which is used by default in the upstream MySQL 8.0
version.
To change the default authentication plug-in to caching_sha2_password
, edit the /etc/my.cnf.d/mysql-default-authentication-plugin.cnf
file as follows:
[mysqld] default_authentication_plugin=caching_sha2_password
15.5.3. Notable changes in PostgreSQL
RHEL 8.0 provides two versions of the PostgreSQL
database server, distributed in two streams of the postgresql
module: PostgreSQL 10
(the default stream) and PostgreSQL 9.6
. RHEL 7 includes PostgreSQL
version 9.2.
Notable changes in PostgreSQL 9.6
are, for example:
-
Parallel execution of the sequential operations:
scan
,join
, andaggregate
- Enhancements to synchronous replication
- Improved full-text search enabling users to search for phrases
-
The
postgres_fdw
data federation driver now supports remotejoin
,sort
,UPDATE
, andDELETE
operations - Substantial performance improvements, especially regarding scalability on multi-CPU-socket servers
Major enhancements in PostgreSQL 10
include:
-
Logical replication using the
publish
andsubscribe
keywords -
Stronger password authentication based on the
SCRAM-SHA-256
mechanism - Declarative table partitioning
- Improved query parallelism
- Significant general performance improvements
- Improved monitoring and control