Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 4. Technology Previews
Technology Preview features are currently not supported under Red Hat Enterprise Linux subscription services, may not be functionally complete, and are generally not suitable for production use. However, these features are included as a customer convenience and to provide the feature with wider exposure.
Customers may find these features useful in a non-production environment. Customers are also free to provide feedback and functionality suggestions for a Technology Preview feature before it becomes fully supported. Erratas will be provided for high-severity security issues.
During the development of a Technology Preview feature, additional components may become available to the public for testing. It is the intention of Red Hat to fully support Technology Preview features in a future release.
- DFS
- Starting with Red Hat Enterprise Linux 5.3, CIFS supports Distributed File System (DFS) as a Technology Preview.
- CDTB
- CTDB is a clustered database based on Samba's Trivial Database (TDB). The ctdb package is a cluster implementation used to store temporary data. If an application is already using TBD for temporary data storage, it can be very easily converted to be cluster-aware and use CTDB.
- Brocade BFA Fibre-Channel/FCoE driver
- the
bfa
driver for Brocade Fibre Channel Host Bus adapters is considered a Technology Preview in Red Hat Enterprise Linux 5.6 BZ#475695 - FreeIPMI
- FreeIPMI is now included in this update as a Technology Preview. FreeIPMI is a collection of Intelligent Platform Management IPMI system software. It provides in-band and out-of-band software, along with a development library conforming to the Intelligent Platform Management Interface (IPMI v1.5 and v2.0) standards.For more information about FreeIPMI, refer to http://www.gnu.org/software/freeipmi/
- TrouSerS and tpm-tools
- TrouSerS and
tpm-tools
are included in this release to enable use of Trusted Platform Module (TPM) hardware.TPM hardware features include (among others):- Creation, storage, and use of RSA keys securely (without being exposed in memory)
- Verification of a platform's software state using cryptographic hashes
TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of TPM hardware.tpm-tools
is a suite of tools used to manage and utilize TPM hardware.For more information about TrouSerS, refer to http://trousers.sourceforge.net/. - eCryptfs
- eCryptfs is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs.With this release, eCryptfs has been re-based to upstream version 56, which provides several bug fixes and enhancements. In addition, this update provides a graphical program to help configure eCryptfs (
ecryptfs-mount-helper-gui
).This update also changes the syntax of certain eCryptfs mount options. If you choose to update to this version of eCryptfs, you should update any affected mount scripts and/etc/fstab
entries. For information about these changes, refer toman ecryptfs
.The following caveats apply to this release of eCryptfs:- Note that the eCryptfs file system will only work properly if the encrypted file system is mounted once over the underlying directory of the same name. For example:
mount -t ecryptfs /mnt/secret /mnt/secret
The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. - eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly.
- This version of the eCryptfs kernel driver requires updated userspace, which is provided by
ecryptfs-utils-56-4.el5
or newer.
For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information. - Stateless Linux
- Stateless Linux, included as a Technology Preview, is a new way of thinking about how a system should be run and managed, designed to simplify provisioning and management of large numbers of systems by making them easily replaceable. This is accomplished primarily by establishing prepared system images which get replicated and managed across a large number of stateless systems, running the operating system in a read-only manner (refer to
/etc/sysconfig/readonly-root
for more details).In its current state of development, the Stateless features are subsets of the intended goals. As such, the capability remains as Technology Preview.Red Hat recommends that those interested in testing stateless code join the stateless-list@redhat.com mailing list.The enabling infrastructure pieces for Stateless Linux were originally introduced in Red Hat Enterprise Linux 5. - AIGLX
- AIGLX is a Technology Preview feature of the otherwise fully supported X server. It aims to enable GL-accelerated effects on a standard desktop. The project consists of the following:
- A lightly modified X server.
- An updated Mesa package that adds new protocol support.
By installing these components, you can have GL-accelerated effects on your desktop with very few changes, as well as the ability to enable and disable them at will without replacing your X server. AIGLX also enables remote GLX applications to take advantage of hardware GLX acceleration. - FireWire
- The
firewire-sbp2
module is still included in this update as a Technology Preview. This module enables connectivity with FireWire storage devices and scanners.At present, FireWire does not support the following:- IPv4
- pcilynx host controllers
- multi-LUN storage devices
- non-exclusive access to storage devices
In addition, the following issues still exist in FireWire:- a memory leak in the
SBP2
driver may cause the machine to become unresponsive. - a code in this version does not work properly in big-endian machines. This could lead to unexpected behavior in PowerPC.
- SGPIO Support for dmraid
- Serial General Purpose Input Output (SGPIO) is an industry standard communication method used between a main board and a variety of internal and external hard disk drive bay enclosures. This method can be used to control LED lights on an enclosure through the AHCI driver interface.In this release, SGPIO support in dmraid is included as a technology preview. This will allow dmraid to work properly with disk enclosures.
- Kernel Tracepoint Facility
- In this update, a new kernel marker/tracepoint facility has been implemented as a Technology Preview. This interface adds static probe points into the kernel, for use with tools such as SystemTap.
- kerbors security for CIFS
- NEED CONTENT
- Kernel Tracepoint Facility
- In this update, a new kernel marker/tracepoint facility has been implemented as a Technology Preview. This interface adds static probe points into the kernel, for use with tools such as SystemTap.
- Software based Fibre Channel over Ethernet (FCoE)
- The Fibre Channel over Ethernet (FCoE) driver (fcoe.ko), along with libfc, provides the ability to run FCoE over a standard Ethernet card. This capability is provided as a Technology Preview in Red Hat Enterprise Linux 5.6.To enable this feature, you must login by writing the network interface name to the
/sys/module/fcoe/parameters/create
file, for example:echo eth6 > /sys/module/fcoe/parameters/create
To logout, write the network interface name to the/sys/module/fcoe/parameters/destroy
file, for example:echo eth6 > /sys/module/fcoe/parameters/destroy
For further information on software based FCoE refer to: http://www.open-fcoe.org/openfc/wiki/index.php/FCoE_Initiator_Quickstart.Red Hat Enterprise Linux 5.6 provides full support for FCoE on three specialized hardware implementations. These are: Ciscofnic
driver, the Emulexlpfc
driver, and the Qlogicqla2xx
driver. - iSER Support
- iSER support, allowing for block storage transfer across a network, has been added to the
scsi-target-utils
package as a Technology Preview. In this release, single portal and multiple portals on different subnets are supported. There are known bugs when using multiple portals on the same subnet.To set up the iSER target component install the scsi-target-utils and libibverbs-devel RPM. The library package for the InfiniBand hardware that is being used is also required. For example: host channel adapters that use thecxgb3
driver thelibcxgb3
package is needed, and for host channel adapters using themthca
driver thelibmthca
package is needed.There is also a known issue relating to connection timeouts in some situations. Refer to Red Hat Bugzilla #470627 for more information on this issue. - cman fence_virsh fence agent
- The fence_virsh fence agent is provided in this release of Red Hat Enterprise Linux as a Technology Preview. fence_virsh provides the ability for one guest (running as a domU) to fence another using the libvirt protocol. However, as fence_virsh is not integrated with cluster-suite it is not supported as a fence agent in that environment.
- glibc new MALLOC behaviour
- The upstream glibc has been changed recently to enable higher scalability across many sockets and cores. This is done by assigning threads their own memory pools and by avoiding locking in some situations. The amount of additional memory used for the memory pools (if any) can be controlled using the environment variables MALLOC_ARENA_TEST and MALLOC_ARENA_MAX.MALLOC_ARENA_TEST specifies that a test for the number of cores is performed once the number of memory pools reaches this value. MALLOC_ARENA_MAX sets the maximum number of memory pools used, regardless of the number of cores.The glibc in the Red Hat Enterprise Linux 5.6 release has this functionality integrated as a Technology Preview of the upstream malloc. To enable the per-thread memory pools the environment variable MALLOC_PER_THREAD needs to be set in the environment. This environment variable will become obsolete when this new malloc behaviour becomes default in future releases. Users experiencing contention for the malloc resources could try enabling this option.
- Intel Patsburg device controllers
- The enablement of Intel Patsburg device controllers is considered a Technology Preview in Red Hat Enterprise Linux 5.6
- ipa-client
- The ipa-client package provides a tool to enroll a machine to an IPA server version 2, and is not backward compatible with version 1 of the server. ipa-client is considered a Technology Preview in Red Hat Enterprise Linux 5.6Note, however that SSSD needs to be manually configured for use with IPA.
- Configuring NSS to fetch user and group information
- SSSD provides the nss_sss NSS module. To use this module, configure NSS to use the sss name database in addition to the UNIX file database. Edit /etc/nsswitch.conf, adding the following lines:
passwd: files sss group: files sss
- Configuring PAM for authentication
Warning
Errors when editing the PAM configuration file can lock you out of the system. Always back up the configuration file and keep another session open to revert changes if an error is made.Change the PAM config file to:auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so