Translator agent skill for Red Hat Enterprise Linux

Updated -

Status: Developer Preview

Note: The RHEL translator skill is currently available as a Developer Preview. For details on the scope of support, please review the Red Hat Developer Preview - Scope of Support.

Overview

The translator skill for RHEL empowers AI tools to translate general Linux concepts, commands, and terminology from other Linux distributions into Red Hat Enterprise Linux (RHEL) native equivalents.

This skill helps ensure AI-generated advice aligns with RHEL standards. When combined with the MCP server for RHEL, AI tools can read the system's state to provide version-accurate translations (e.g., adjusting for differences between RHEL 8, 9, and 10) rather than generic advice.

Key capabilities:

  • Package Management: Translating apt, dpkg to dnf, rpm, and RHEL Application Streams.
  • Containers: Mapping docker, docker-compose, and Dockerfiles to RHEL's daemonless podman, Quadlet, and Containerfiles.
  • Networking & Firewalls: Converting ifconfig, netplan, ufw, and iptables to nmcli, nmstatectl, and firewalld.
  • Security & Compliance: Guiding users from AppArmor and Tripwire to SELinux, AIDE, and OpenSCAP.
  • Service & Log Management: Redirecting legacy init scripts or /var/log/syslog queries to systemd, journalctl, and /var/log/messages.
  • Upgrades & Migrations: Translating dist-upgrade or cross-distribution migration requests to native tools like Leapp and Convert2RHEL.

What is an agent skill (SKILL.md)?

This integration is built using the Agent Skills open standard (SKILL.md). Originally created by Anthropic and released as an open standard, the Agent Skills standard provides a method to equip AI tools with specific workflows, best practices, and domain knowledge.

Because Agent Skills is an open standard, you can use the translator skill for RHEL across many modern AI client or agent tools that support the SKILL.md format.

For more details on the standard, see agentskills.io.

Example use cases

  • "Where is the Apache configuration directory on RHEL?"
  • "How do I install NVIDIA AI accelerator drivers on RHEL?"
  • "What tool can I use to manage VMs on RHEL?"
  • "How do I set up ntpd for time sync?"
  • "I want to migrate from CentOS to RHEL"

Prerequisites

To get the most out of the RHEL translator skill, we recommend the following:
1. An AI client or agent that supports SKILL.md integration (goose, Cursor, Claude Code, etc.).
2. (Optional) The MCP server for RHEL: While the skill provides knowledge, the Model Context Protocol (MCP) server for RHEL enables the AI tool to gather real-time information, such as the OS version, from RHEL hosts to help ensure translations are accurate.

How to install the skill

Because skills are designed to be client-agnostic, the installation process depends on the AI client or agent tool you are using.

General Installation Steps:
1. Download or copy the RHEL translator SKILL.md file.
2. Consult your specific AI client's documentation for instructions on how to import, load, or reference a SKILL.md file.
3. (Optional) If your client supports MCP servers, it is recommended to configure the MCP server for RHEL within your client's settings to enable live system diagnostics.

For exact step-by-step installation instructions, see the official documentation of your chosen AI agent tool.

How to use the skill

How you interact with the skill depends on the specific AI client or agent tool you are using:

  • Automatic invocation: Many tools automatically load and apply the skill if they determine that the skill can help with your query.
  • Manual invocation: Many tools also support explicitly or manually invoking a skill, such as by using an @ mention, a slash command, or selecting it from a menu.

Please refer to your specific client/tool documentation for more details on how it handles skill invocation.

How to get the SKILL.md file

You can get the skill using either of the following methods:

Option 1: Download the file
Download the attached .zip file at the bottom of this page.

Option 2: Copy and paste
Copy the raw text of the skill, then paste it into a file named SKILL.md within a directory named rhel-translator.

---
name: rhel-translator
description: Translates general Linux concepts, commands, and terminology to Red Hat Enterprise Linux (RHEL) equivalents. Use when users mention non-RHEL terms like apt, dpkg, yum, snap, PPA, Docker, Dockerfile, docker-compose, Docker Hub, ufw, iptables, nftables, AppArmor, Tripwire, OSSEC, syslog, /var/log/auth.log, /etc/init.d/, chkconfig, update-rc.d, ifconfig, netstat, netplan, /etc/network/interfaces, route, Webmin, apache2, a2ensite, a2dissite, Xorg, X11, VNC, vncserver, tigervnc, VirtualBox, VMware, Vagrant, ZFS, btrfs, mdadm, LDAP, Active Directory, NIS, ntpd, ntpdate, timesyncd, Packer, preseed, cloud-init, do-release-upgrade, dist-upgrade, system-upgrade, convert2rhel, migrate, sysctl, performance tuning, sysstat, sar, iostat, Nagios, Prometheus, shell scripts for system configuration, nvidia-driver, ubuntu-drivers, FIPS, lsb_release, sources.list, CentOS, or Ubuntu/Debian-specific commands and file paths, even if they don't explicitly ask about RHEL.
license: Apache-2.0
metadata:
  author: Red Hat
  version: "0.1.0"
---

# RHEL Translator

Translate a user's Linux question into concepts specific to Red Hat Enterprise Linux (RHEL), then answer using RHEL-native tools, paths, and terminology — grounded in the user's actual system when the MCP server for RHEL is available. Use the lookup tables in this skill as the authoritative source for RHEL equivalents — they contain domain knowledge the agent does not already have (e.g., Red Hat's preference for "web console" over "Cockpit", `authselect` replacing `authconfig`, RHEL file path differences).

## Workflow

### Step 1: Translate and answer

Check the user's message against the translation tables below. For each non-RHEL term, explain the RHEL equivalent and why it differs.

Frame translations as "on RHEL, the equivalent is..." with a technical rationale. Do not silently substitute. Do not forbid the non-RHEL term. Do not position RHEL tools as superior. If the user has explicitly stated they are using a non-RHEL tool intentionally (e.g., "I installed Packer because our pipeline requires it"), help them with that tool — do not redirect to the RHEL equivalent. Only translate when the user appears unaware of the RHEL-specific option.

**Example:**

> **User:** "How do I check /var/log/syslog for recent errors?"
>
> On RHEL, the system log is at **/var/log/messages** rather than `/var/log/syslog`. You can also use **journalctl** for richer filtering:
>
> ```
> journalctl -p err --since "1 hour ago"
> ```

**Adapt to the user.** Read expertise and urgency from their language. An experienced sysadmin asking a specific question wants a concise answer, not a tutorial. A user exploring RHEL for the first time benefits from more context. When someone is troubleshooting an outage, lead with the fix.

### Using the MCP server for RHEL

If the **MCP server for RHEL** is connected, use it when it would make the answer more specific — not for every question.

Detection: Identify the MCP server for RHEL by its tools — `get_system_information`, `get_journal_logs`, `list_services`, `get_disk_usage`, and similar RHEL system diagnostic tools. The server name in the client config is user-chosen and may vary.

**Use MCP when:**
- The answer depends on the RHEL version and the version is unknown (call `get_system_information`)
- Knowing actual system state would change the answer — a package is already installed, a service is already running, disk is full
- The user is asking about their specific system, not a general concept

**Skip MCP when:**
- The translation is the same across all supported RHEL versions
- The user is asking a conceptual question ("what's the RHEL equivalent of AppArmor?")

When MCP data is relevant, weave it in naturally: "I can see the httpd service has failed — let me check the logs..."

| User is asking about... | MCP tool |
|------------------------|----------|
| OS version or release | `get_system_information` |
| Services failing or not running | `list_services` or `get_service_status` |
| Errors or logs | `get_journal_logs`, `get_service_logs`, or `read_log_file` |
| Disk space | `get_disk_usage` |
| Slow system or runaway processes | `list_processes` or `get_process_info` |
| Network issues or connectivity | `get_network_interfaces`, `get_listening_ports`, `get_network_connections` |
| CPU or memory pressure | `get_cpu_information`, `get_memory_information` |
| Hardware details | `get_hardware_information` |
| Disk layout or partitions | `list_block_devices` |
| File or directory contents | `list_files` or `list_directories` |

**If MCP is not available** and the answer is version-sensitive, resolve the RHEL version:

1. **Contextual clues:** `yum`, `authconfig`, `ntpd`, or Python 2 references suggest RHEL 7. `dnf module` or standalone `vdo` management suggests RHEL 8. `bootc` or `pasta` suggest RHEL 10.
2. **Ask only when it matters:** If the version is still unknown AND the answer materially differs between versions, ask the user once.
3. **Default + qualify:** If still unknown, assume RHEL 9 and note where the answer would differ for RHEL 8 or 10.

## Response Guidelines

Before returning the response:
- Note RHEL version-specific differences where relevant (RHEL 7 vs 8 vs 9 vs 10).
- Red Hat conscious language guidelines are followed: "allowlist/blocklist" (not whitelist/blacklist), "main" (not master for default branches), "promoted/unpromoted" (not master/slave), gender-neutral "they", "validation" (not "sanity check").
- Product names follow Red Hat conventions (see Terminology Notes at the end).

---

## Translation Tables

### Package Management

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| apt, apt-get, dpkg | **dnf** | `dnf install`, `dnf search`, `dnf update` |
| yum | **dnf** | yum symlinks to dnf on RHEL 8+; always prefer dnf |
| PPA, third-party repo | **RHEL Extensions repo** or **dnf config-manager --add-repo** | `subscription-manager repos --enable` for Red Hat content; `dnf config-manager` for repos outside `redhat.repo` |
| dpkg -l | **rpm -qa** or **dnf list installed** | |
| apt-cache search | **dnf search** | |
| "security patch" or "update" | **errata** (RHSA/RHBA/RHEA) | RHSA = security advisory, RHBA = bugfix, RHEA = enhancement |
| Flatpak / snap (desktop apps) | **Flatpak** or **RPM** | Flatpak is available on RHEL; snap is not |

Key commands: `dnf install`, `dnf search`, `dnf info`, `dnf update`, `dnf remove`, `rpm -qa`, `rpm -qi`, `subscription-manager repos --list`, `dnf updateinfo list --updates --security`

Package manager by version: RHEL 7 uses **yum**. RHEL 8–10 use **dnf** (yum symlinks to dnf on RHEL 8+). Even when yum directories appear in the filesystem, standardize to dnf.

**Application Streams:** RHEL delivers multiple versions of user-space software (Python, PHP, Node.js, Ruby, PostgreSQL, etc.) through Application Streams. On RHEL 8–9, additional versions are available as **modules** — use `dnf module list` to see available streams, `dnf module enable <name>:<stream>` to activate a version, and `dnf module reset <name>` to return to the default. Only one stream per module can be active at a time. To switch to a later stream: `dnf module switch-to <name>:<stream>`. On RHEL 10, modularity is deprecated and no modular content is shipped; all Application Stream versions are delivered as standard RPMs installable via `dnf install`. When a user asks "how do I install PHP 8.2?" or "how do I get a newer version of Node.js?", Application Streams are the answer on RHEL — not PPAs or third-party repos.

### Containers

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Docker, docker run | **Podman** | Daemonless, rootless by default, CLI-compatible |
| Dockerfile | **Containerfile** | Podman reads both; Containerfile is the preferred name |
| docker build | **podman build** or **Buildah** | Buildah for advanced image building |
| docker push/pull | **podman push/pull** or **Skopeo** | Skopeo for inspection and copying without a full pull |
| Docker Hub | **registry.redhat.io** | Red Hat container catalog for certified images |
| Docker Desktop | **Podman Desktop** | Available on macOS, Windows, Linux |

Explain to users: "On RHEL, Podman is the standard container engine. It's command-compatible with Docker — you can generally replace `docker` with `podman` in your commands. It runs without a daemon and supports rootless containers out of the box."

RHEL 7 included Docker via extras; RHEL 8+ does not ship Docker — Podman, Buildah, and Skopeo are the standard tools.

**No docker-compose equivalent on RHEL.** `podman-compose` is not shipped or supported by Red Hat. For multi-container workloads, RHEL offers `podman play kube` (Kubernetes YAML) and Quadlet (systemd `.container` files), but neither uses docker-compose syntax.

Container runtime changes across versions: On RHEL 9 (GA), `crun` became the default runtime and `cgroups v2` became the default cgroup version. On RHEL 9.5 (Podman 5.0), `runc`, `cgroups v1` (rootless), and `slirp4netns` were formally deprecated. On RHEL 10, `runc` removed (use `crun`); CNI network stack removed (use `netavark`); `cgroups v1` removed (`cgroups v2` only); `slirp4netns` deprecated (use `pasta`, which is the default for rootless networking).

| Feature | Docker | Podman |
|---------|--------|--------|
| Daemon | Requires dockerd | Daemonless |
| Root | Runs as root by default | Rootless by default |
| Socket | /var/run/docker.sock | `/var/run/podman/podman.sock` (root) or `/run/user/$ID/podman/podman.sock` (rootless) via `podman.socket` |
| Pods | Not native (Swarm/K8s) | Native pod support (Kubernetes-style) |
| Systemd integration | Requires config | Quadlet |
| Auto-update | Not built-in | `podman auto-update` with systemd |

RHEL-specific workflow — running containers as systemd services:

- Use **Quadlet** — place a `.container` file in `/etc/containers/systemd/` (root) or `~/.config/containers/systemd/` (rootless), then `systemctl --user daemon-reload && systemctl --user start <name>`. (`podman generate systemd` is deprecated and should not be used.)

### Firewall

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| iptables (direct rules) | **firewalld** / **firewall-cmd** | Default since RHEL 7 |
| ufw | **firewall-cmd** | |
| nftables (direct) | **firewalld** | Uses nftables backend on RHEL 9+ |

Key commands: `firewall-cmd --list-all`, `firewall-cmd --add-service=http --permanent`, `firewall-cmd --add-port=8080/tcp --permanent`, `firewall-cmd --reload`

Backend: iptables on RHEL 7–8, nftables on RHEL 9+. Users interact with `firewall-cmd` regardless; the backend is transparent. `iptables` is deprecated in RHEL 9; on RHEL 10, the iptables kernel modules moved to `kernel-modules-extra` (not loaded by default).

### Security

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| AppArmor | **SELinux** | RHEL's mandatory access control system |
| aa-status | **sestatus** or **getenforce** | |
| Security scanning / CIS benchmarks / STIG / compliance / hardening | **OpenSCAP** (`oscap`) | SCAP is the standard; OpenSCAP is the tool |
| Tripwire, OSSEC | **AIDE** | File integrity monitoring; `aide --check` |
| Application allowlisting | **fapolicyd** | Controls which binaries can execute |
| System auditing | **auditd** | `ausearch`, `aureport`; audit rules in `/etc/audit/` |
| Automated disk unlock | **Clevis/Tang (NBDE)** | Network-Bound Disk Encryption for LUKS volumes |
| Attestation | **Keylime** | TPM-based system integrity verification (RHEL 9+) |

Key commands: `getenforce`, `sestatus`, `semanage`, `restorecon`, `audit2why`, `audit2allow`, `oscap xccdf eval`, `aide --check`, `fapolicyd-cli`

SELinux modes: enforcing, permissive, disabled (lowercase in general text). Note: `policycoreutils-python` (RHEL 7) was renamed to `policycoreutils-python-utils` on RHEL 8+ — a common source of "package not found" errors during migration.

### Init System & Services

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| service start/stop | **systemctl start/stop** | RHEL uses systemd exclusively |
| /etc/init.d/ scripts | **systemctl** / **systemd unit files** | |
| chkconfig, update-rc.d | **systemctl enable/disable** | |

Key commands: `systemctl status <svc>`, `systemctl start/stop/restart <svc>`, `systemctl enable --now <svc>`, `systemctl list-units --type=service`, `journalctl -u <svc>`

Terminology: lowercase "systemd" in general text. `systemd-journald` is the service name, journald is the common usage name, the journal is the log store.

### Logging

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| /var/log/syslog | **/var/log/messages** or **journalctl** | RHEL uses `/var/log/messages`, not syslog |
| /var/log/auth.log | **/var/log/secure** | Authentication log |
| tail -f /var/log/... | **journalctl -f** | For systemd-managed services |
| dmesg | **dmesg** or **journalctl -k** | Both work |

Key commands: `journalctl -xe`, `journalctl -u <service> --since "1 hour ago"`, `journalctl -p err`, `journalctl -b`

### Networking

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| ifconfig | **ip addr** or **nmcli** | ifconfig is deprecated |
| /etc/network/interfaces | **nmcli** / **nmstatectl** / keyfiles in `/etc/NetworkManager/system-connections/` | |
| netplan | **nmstatectl** (declarative YAML, closest match) or **nmcli** (imperative) | |
| netstat | **ss** | `ss -tulnp` replaces `netstat -tulnp` |
| route | **ip route** | |

Key commands: `nmcli device status`, `nmcli connection show`, `nmcli connection modify`, `nmstatectl show`, `nmstatectl apply`, `ip addr show`, `ss -tulnp`

`ifconfig`, `netstat`, `route`, `arp` are in the `net-tools` package — not installed by default on RHEL 8+.

Networking changes across versions: On RHEL 9, `teamd`/`libteam` (network teaming) were deprecated and keyfile became the default NetworkManager connection format (ifcfg deprecated but still functional). On RHEL 10, these deprecations became removals: `teamd`/`libteam` removed (use bonding instead); ifcfg format removed (keyfile only, in `/etc/NetworkManager/system-connections/`); `dhclient` removed (NetworkManager internal DHCP is the default).

### Web & System Management

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Webmin | **the RHEL web console** | Based on Cockpit; prefer "web console" in user-facing text |
| apache2 | **httpd** | Package and service name is `httpd`; proper name is "Apache HTTP Server" |
| /etc/apache2/ | **/etc/httpd/** | |

Web console setup:
```bash
sudo dnf install cockpit
sudo systemctl enable --now cockpit.socket
sudo firewall-cmd --add-service=cockpit --permanent
sudo firewall-cmd --reload
```
Access at `https://<hostname>:9090`. "Cockpit" appears in package/service names, but use "the web console" when describing the feature to users.

### Display Server

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Xorg / X11 (as default) | **Wayland** (RHEL 9+) | Wayland is the default GNOME session on RHEL 9 |
| "X11 forwarding over SSH" | **X11 forwarding, XWayland, or waypipe** | All versions; RHEL 10 also adds `waypipe` for Wayland-native apps |
| VNC / vncserver / tigervnc | **GNOME Remote Desktop (RDP)** | RHEL 10 removes TigerVNC; use `gnome-remote-desktop` (RDP) |

RHEL 8 uses X11 as the default GNOME session. RHEL 9 switched to **Wayland** as the default; X11 is still available as "GNOME on Xorg" on the GDM login screen. RHEL 10 removes the Xorg server entirely — X11 applications still work through **XWayland** (an X server running on top of Wayland), and X11 forwarding over SSH still works (the Xorg server is not required for forwarding). Users can check the active session with `echo $XDG_SESSION_TYPE`. To force X11 system-wide on RHEL 9, set `WaylandEnable=false` in `/etc/gdm/custom.conf`.

**Remote desktop:** RHEL 9 and earlier used `tigervnc-server` for remote graphical access. RHEL 10 removes all TigerVNC packages and replaces VNC with **RDP** via the `gnome-remote-desktop` package. Desktop sharing is configured through GNOME Settings (System > Remote Desktop). Headless sessions require TLS certificate setup and use the `grdctl` CLI — see "Remotely Accessing the Desktop" in the RHEL 10 "Administering RHEL by using the GNOME desktop environment" guide. The RHEL installer also switched from `inst.vnc` to `inst.rdp`. `gnome-connections` remains available as a VNC client for connecting to older systems.

### GPU and AI Accelerator Drivers

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| `ubuntu-drivers`, `apt install nvidia-driver` | **rhel-drivers** (RHEL 10.1+), **RHEL repos** (RHEL 9.8+), or manual vendor repo setup (RHEL 9.0–9.7) | RHEL has its own driver delivery mechanism |

**RHEL 10.1+:** The `rhel-drivers` command provides single-command installation for NVIDIA and AMD data center AI accelerator drivers, built and signed by Red Hat from the Extensions and Supplementary repositories:
```bash
sudo dnf install rhel-drivers
sudo rhel-drivers install nvidia    # NVIDIA kernel + user mode drivers
sudo rhel-drivers install amdgpu    # AMD kernel mode driver
sudo reboot
```
For AMD user-mode drivers (ROCm), install separately: `sudo dnf install rocm rocm-devel`. Intel NPU device drivers are included in the BaseOS kernel; install the firmware package from BaseOS repos.

**RHEL 9.8+:** No `rhel-drivers` command. GPU drivers are available from RHEL repositories.

**RHEL 9.0–9.7:** No `rhel-drivers` command. GPU driver installation requires manual configuration of vendor repositories.

### Virtualization

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| VirtualBox | **KVM + libvirt** | RHEL's native hypervisor stack |
| VMware (as default hypervisor) | **KVM + QEMU + libvirt** | Managed via `virsh`, `virt-install`, or the web console |
| virt-manager (GUI) | **web console** or **virsh** | RHEL 9+ deprecates virt-manager; use the web console |
| Vagrant | **virt-install** or **Image Builder** | For VM provisioning |

Key commands: `virsh list --all`, `virsh start <vm>`, `virt-install`, `virsh console <vm>`

RHEL ships `qemu-kvm` (a subset of upstream QEMU) plus libvirt. The web console provides graphical VM management.

### Storage

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| ZFS | **XFS** + (**LVM** or **Stratis**) | ZFS is not available on RHEL; XFS is the default filesystem, with LVM or Stratis for volume management |
| btrfs | **XFS** + (**LVM** or **Stratis**) | btrfs is not supported on RHEL; XFS is the default filesystem, with LVM or Stratis for volume management |
| mdadm (software RAID) | **LVM** or **mdadm** | LVM supports mirroring/striping natively |
| Simple volume management | **Stratis** | Modern, simplified storage management on RHEL |
| Deduplication/compression | **VDO** (via LVM) | LVM-integrated dedup and compression |
| Disk encryption | **LUKS** | `cryptsetup` for setup; Clevis/Tang (NBDE) for automated network-bound decryption |

Key commands: `lsblk`, `df -h`, `vgdisplay`, `lvdisplay`, `stratis pool list`, `stratis filesystem list`

XFS is the default filesystem. Stratis provides pool-based management (similar in concept to ZFS/btrfs). VDO provides dedup/compression via LVM (`lvcreate --type vdo`). LVM-VDO is available on RHEL 8+; on RHEL 9, the standalone Python-based VDO management tools were removed — LVM-VDO is the only supported interface.

### Identity & Authentication

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| LDAP server setup | **IdM** (Identity Management) | Based on FreeIPA; bundles LDAP, Kerberos, DNS, CA |
| Active Directory integration | **SSSD** + **realm join** | `realm join` for AD enrollment; SSSD handles auth |
| PAM configuration | **authselect** | Replaces authconfig on RHEL 8+ |
| NIS/NIS+ | **IdM** or **SSSD** | NIS is deprecated; migrate to IdM/SSSD |

Key commands: `realm join <domain>`, `realm list`, `authselect current`, `authselect select sssd`, `ipa user-find`

### Time Synchronization

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| ntp, ntpd, ntp.conf | **chrony** / **chronyd** / **chrony.conf** | Default NTP implementation on RHEL 7+ |
| ntpdate | **chronyd -q** / **chronyd -Q** | ntpdate is missing on RHEL 8+ |
| timesyncd | **chronyd** | systemd-timesyncd is not available on RHEL |

Key commands: `chronyc sources`, `chronyc tracking`, `chronyd -q`, `timedatectl`

Config: `/etc/chrony.conf` (not `/etc/ntp.conf`)

### Image Building & Provisioning

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Packer | **Image Builder** | Build custom RHEL images for cloud, VM, edge, ISO |
| preseed (Debian) | **Kickstart** | RHEL's automated installation system |
| Custom ISO | **Anaconda** + **Kickstart** | Anaconda is RHEL's installer |
| cloud-init (for install) | **Kickstart** (install) + **cloud-init** (post-boot) | cloud-init works on RHEL for post-boot config |
| Immutable OS / image-based | **Image Mode (bootc)** | RHEL 9.4 (Technology Preview), RHEL 10 (GA): container-native OS updates |

Image Builder is available on the Hybrid Cloud Console and as a local CLI (`composer-cli` on RHEL 8–9, or the `image-builder` tool on RHEL 10).

### Performance Tuning

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| sysctl tuning, performance tuning | **TuneD** | Predefined profiles for throughput, latency, virtual-host, etc. Plugins tune CPU, disk, network, sysfs, sysctl, kernel boot command line, kernel module parameters, video, audio, and more |

Key commands: `tuned-adm active`, `tuned-adm list`, `tuned-adm profile <profile>`, `tuned-adm recommend`

### Automation & Configuration Management

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Shell scripts for system config | **RHEL System Roles** (Ansible) | Supported roles for networking, storage, timesync, etc. |

Install with `dnf install rhel-system-roles`. Roles are installed to `/usr/share/ansible/roles/`. Common roles: `rhel-system-roles.network`, `.storage`, `.timesync`, `.selinux`, `.firewall`, `.logging`, `.certificate`, `.sshd`, `.nbde_client`, `.postfix`.

### System Identity & Updates

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| "How do I get updates?" | **subscription-manager** + **dnf update** | RHEL requires subscription registration |
| "Add a repository" | **subscription-manager repos --enable** or **dnf config-manager --add-repo** | Depends on repo type; see task table below |
| "What version am I running?" | **cat /etc/redhat-release** | Or `hostnamectl` |
| lsb_release | **cat /etc/redhat-release** | lsb_release not installed by default |
| console.redhat.com | **Hybrid Cloud Console** | Correct name: "Red Hat Hybrid Cloud Console" |
| CentOS | **CentOS Linux** or **CentOS Stream** | Use "CentOS Linux" (not "CentOS" alone) |

| Task | Other distros | RHEL |
|------|--------------|------|
| Register system | N/A | `subscription-manager register` |
| List available repos | `apt-cache policy` | `subscription-manager repos --list` |
| Enable a Red Hat repo | Edit sources.list | `subscription-manager repos --enable <repo-id>` (manages `redhat.repo`, generated from entitlement certs) |
| Add third-party repo | Add PPA / edit sources | `dnf config-manager --add-repo <url>` (for repos outside `redhat.repo`; do not edit `redhat.repo` directly — it is regenerated by subscription-manager) |
| Check registration | N/A | `subscription-manager status` |

### Crypto Policies & FIPS

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| Manual cipher/TLS config | **crypto-policies** | System-wide: `update-crypto-policies --set <POLICY>` |
| FIPS compliance mode | **FIPS mode** | RHEL 8–9: `fips-mode-setup --enable`; RHEL 10: must enable at install via `fips=1` kernel param |

Policies: **DEFAULT**, **LEGACY** (weaker, for compat), **FUTURE** (stricter), **FIPS**. Sub-policies can be appended, e.g. `DEFAULT:AD-SUPPORT`, `FUTURE:ECDHE-ONLY`.

Key commands: `update-crypto-policies --show`, `update-crypto-policies --set FUTURE`, `cat /proc/sys/crypto/fips_enabled`

RHEL 10: `fips-mode-setup` is removed. FIPS must be enabled at install time. DEFAULT policy now rejects RSA key exchange in TLS; LEGACY no longer allows SHA-1 HMAC in TLS.

### Upgrades & Migration

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| dnf system-upgrade, do-release-upgrade, dist-upgrade | **Leapp** | In-place upgrade: RHEL 7→8, 8→9, 9→10 |
| Migrate from CentOS/Oracle Linux/Rocky Linux/Alma Linux/Amazon Linux 2 | **Convert2RHEL** | `convert2rhel` converts to RHEL in place |

RHEL 6→7 upgrades use the **Red Hat Upgrade Tool** (`redhat-upgrade-tool`), not Leapp.

Key commands: `leapp preupgrade` (assessment), `leapp upgrade` (execute), `convert2rhel`

Always run `leapp preupgrade` first and resolve all inhibitors before upgrading. Back up the system (ReaR, LVM snapshot, or VM snapshot) before any upgrade.

### Monitoring & Observability

| User says | RHEL equivalent | Notes |
|-----------|----------------|-------|
| sysstat, sar, iostat | **PCP** (Performance Co-Pilot) | RHEL's standard performance analysis toolkit |
| Nagios, Prometheus node-exporter | **PCP + Grafana** | PCP collectors feed Grafana dashboards |
| top (persistent monitoring) | **PCP** (`pmstat`, `pminfo`, `pmrep`) | For historical/persistent data collection |

Key commands: `dnf install pcp-zeroconf`, `systemctl enable --now pmcd`, `pmstat`, `pminfo`, `pmrep`

`pcp-zeroconf` installs PCP with a sensible default configuration including log archiving.

---

## File Path Translations

| Non-RHEL path | RHEL path | Purpose |
|--------------|-----------|---------|
| /etc/apache2/ | /etc/httpd/ | Apache HTTP Server configuration |
| /etc/apache2/sites-available/ | /etc/httpd/conf.d/ | Virtual host configs |
| /var/log/syslog | /var/log/messages | System log |
| /var/log/auth.log | /var/log/secure | Authentication log |
| /etc/network/interfaces | /etc/NetworkManager/system-connections/*.nmconnection | Per-connection network configuration (keyfile format) |
| /etc/apt/sources.list | /etc/yum.repos.d/ | Repository configuration |
| /etc/default/ | /etc/sysconfig/ | Service defaults/environment |
| /etc/apparmor.d/ | /etc/selinux/ | MAC policy configuration |
| /etc/ntp.conf | /etc/chrony.conf | Time synchronization |
| a2ensite / a2dissite | Add .conf to /etc/httpd/conf.d/ | Enable/disable Apache sites |
| /etc/sysconfig/network-scripts/ | /etc/NetworkManager/system-connections/ | RHEL 10: ifcfg removed; keyfile format only |
| /etc/pki/tls/certs/ca-bundle.crt | /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem | RHEL 10: consumers should use the ca-trust path; the old tls/certs location is no longer recommended |
| /etc/containers/storage.conf | /usr/share/containers/storage.conf | RHEL 10: container storage config moved |

---

## Terminology Notes

These are terms the agent is unlikely to get right without this reference:

- **MCP server for RHEL** — the marketing-approved product name. The upstream package and binary are `linux-mcp-server`.
- **web console** — preferred over "Cockpit" in user-facing text. "Cockpit" is the upstream project name and appears in package names (`cockpit`, `cockpit.socket`), but Red Hat docs use "the web console."
- **Apache HTTP Server** — the proper branded name. Package/service is `httpd`.
- **Kickstart** — always uppercase (proper name).
- **TuneD** — capitalized as shown; a TuneD profile is a directory containing `tuned.conf` and optional support files (e.g., helper scripts).
- **NetworkManager** — CamelCase, no spaces.
- **CentOS Linux** — not "CentOS" alone. Distinguish from CentOS Stream.
- **Hybrid Cloud Console** — correct name for console.redhat.com.
- **SCAP / OpenSCAP** — SCAP is the standard; OpenSCAP is the tool.
- **cgroups** — lowercase; standard abbreviation for control groups.
- **huge pages** — two words, lowercase.
- `sudo` — use code font for the command.
- **systemd** — lowercase in general text. `systemd-journald` = service; journald = common name; journal = log store.
- **SELinux modes** — enforcing, permissive, disabled (lowercase in running text).
- **Python** — use `python3` explicitly on RHEL. `python` is not in PATH by default on RHEL 8.
- **Java** — RHEL uses the naming pattern `java-VERSION-openjdk-devel` (e.g., `java-17-openjdk-devel`, `java-21-openjdk-devel`), not `openjdk-VERSION-jdk` or `default-jdk`. Multiple versions may be available via Application Streams.
- **nano** — not installed by default; `dnf install nano`.
- **Scheduled tasks** — `cron` works but systemd timers are the modern RHEL approach.
- **Ansible Playbook / Role** — capitalize when preceded by "Ansible" (e.g., "Ansible Playbook"); lowercase otherwise ("a playbook").
- **errata** — Red Hat term for update advisories. RHSA = security, RHBA = bugfix, RHEA = enhancement. Preferred over "patch" or "update" when referring to a specific advisory.
- **PCP** — Performance Co-Pilot. Preferred over generic "monitoring tools" on RHEL.
- **Network-Bound Disk Encryption (NBDE)** — hyphenate "Network-Bound"; uppercase.
- **Relax-and-Recover (ReaR)** — disaster recovery tool; `rear mkrescue`, `rear mkbackup`, `rear recover`.
- **Red Hat Lightspeed** — the current name for the proactive monitoring and AI service platform, formerly known as Red Hat Insights. The client package is still `insights-client`.
- **EEVDF scheduler** — replaces CFS in RHEL 10 kernel. Docs refer to the class as "fair scheduler" but the implementation as CFS (RHEL 9) or EEVDF (RHEL 10).
- **XCCDF** — eXtensible Configuration Checklist Description Format. The format used by OpenSCAP profiles.
- **data stream file** — the `-ds.xml` file containing SCAP content (e.g., `ssg-rhel9-ds.xml`). SCAP Security Guide ships these in `/usr/share/xml/scap/ssg/content/`.

Attachments

Comments