Show Table of Contents
Adding AD-based Trusted Domains to
Additional Password Checks for
New Modes of Operation for
Optimization of, and Support for, the
6.4 Release Notes
Red Hat Enterprise Linux 6
Release Notes for Red Hat Enterprise Linux 6.4
The Release Notes provide high-level coverage of the improvements and additions that have been implemented in Red Hat Enterprise Linux 6.4. For detailed documentation on all changes to Red Hat Enterprise Linux for the 6.4 update, refer to the Technical Notes.
Red Hat Enterprise Linux minor releases are an aggregation of individual enhancement, security and bug fix errata. The Red Hat Enterprise Linux 6.4 Release Notes documents the major changes made to the Red Hat Enterprise Linux 6 operating system and its accompanying applications for this minor release. Detailed notes on changes (that is, bugs fixed, enhancements added, and known issues found) in this minor release are available in the Technical Notes. The Technical Notes document also contains a complete list of all currently available Technology Previews along with packages that provide them.
The online Red Hat Enterprise Linux 6.4 Release Notes, which are located online here, are to be considered the definitive, up-to-date version. Customers with questions about the release are advised to consult the online Release and Technical Notes for their version of Red Hat Enterprise Linux.
Should you require information regarding the Red Hat Enterprise Linux life cycle, refer to https://access.redhat.com/support/policy/updates/errata/.
Chapter 1. Installation
FCoE Support in the Kickstart File
When using a kickstart file to install Red Hat Enterprise Linux 6.4, with the new
fcoekickstart option you can specify which Fibre Channel over Ethernet (FCoE) devices should be activated automatically in addition to those discovered by Enhanced Disk Drive (EDD) services. For more information, refer to the Kickstart Options section in the Red Hat Enterprise Linux 6 Installation Guide.
Installation over VLAN
In Red Hat Enterprise Linux 6.4, the
vlanid=boot option and the
--vlanid=kickstart option allow you to set a virtual LAN ID (802.1q tag) for a specified network device. By specifying either one of these options, installation of the system can be done over a VLAN.
bondboot option and the
--bondoptskickstart options can now be used to configure bonding as a part of the installation process. For more information on how to configure bonding, refer to the following parts of the Red Hat Enterprise Linux 6 Installation Guide: section Kickstart Options and chapter Boot Options.
Chapter 2. Kernel
The kernel shipped in Red Hat Enterprise Linux 6.4 includes several hundred bug fixes for, and enhancements to, the Linux kernel. For details concerning important bugs fixed and enhancements added to the kernel for this release, refer to the kernel section of the Red Hat Enterprise Linux 6.4 Technical Notes.
Fibre Channel Protocol: End-To-End Data Consistency Checking
Data integrity between a host adapter and a storage server has been improved in Red Hat Enterprise Linux 6.4 by implementing the zFCP-specific part of the enhanced T10 DIF SCSI standard for End-To-End (E2E) data consistency checking.
Flash Express Support for IBM System z
Storage-Class Memory (SCM) for IBM System z is a class of data storage devices that combine properties of both storage and memory. SCM for System z now supports Flash Express memory. SCM increments can be accessed through Extended Asynchronous Data Mover (EADM) subchannels. Each increment is represented by a block device. This feature improves the paging rate and access performance for temporary storage, for example for data warehousing.
Open vSwitch Kernel Module
Red Hat Enterprise Linux 6.4 includes the Open vSwitch kernel module as an enabler for Red Hat's layered product offerings. Open vSwitch is supported only in conjunction with those products containing the accompanying user space utilities. Please note that without these required user space utilities, Open vSwitch will not function and can not be enabled for use. For more information, please refer to the following Knowledge Base article: https://access.redhat.com/knowledge/articles/270223.
Oracle ASMLib Availability and Support
Oracle ASM (Automated Storage Management) is a data volume manager for Oracle databases. ASMLib is an optional utility that can be used on Linux systems to manage Oracle ASM devices. ASMLib consists of the following components:
- kmod-oracleasm (open-source (GPL) kernel module package)
- oracleasm-support (open-source (GPL) utilities package)
- oracleasmlib (proprietary library package)
ASM features and functionality are available without ASMLib. The use of ASMLib does not affect database performance. The ASMLib kernel module package is now available in the Red Hat Enterprise Linux 6 Supplementary RHN channel. Red Hat Enterprise Linux 6 customers who use ASMLib can obtain the other two components using the instructions in the following KnowledgeBase article:
The ASMLib kernel module package is provided for the convenience of our customers via the "Supplementary” Red Hat Network (RHN) channel. Red Hat's support team will field ASMLib related calls and use commercially reasonable efforts to support the ASMLib kernel module until such efforts require knowledge of or modifications to Oracle's proprietary dependent component(s). That said, the ASMLib kernel module package ABIs are not guaranteed per Red Hat's Supplementary software package support terms available at:
Please note that Red Hat is continuing to develop fully open-source alternatives to ASMLib. Red Hat has provided a reference architecture for Oracle RAC clusters using upstream-accepted technologies such as dm-multipath and udev. This reference architecture is available at:
Comparison of Booted System and Dumped System
This feature allows you to compare a booted system with a dumped system to efficiently analyze changes that might be introduced by image migration. To identify a guest,
stfledata is used. A new function,
lgr_info_log()compares the current data (
lgr_info_cur) with the last recorded one (
Perf Tool Updated
The perf tool has been updated to upstream version 3.6-rc7, which provides a large number of bug fixes and enhancements. The following is a list of notable enhancements:
- Kprobe events support was added.
- A new perf event command line syntax engine has been included, which allows curly brackets (
}) to be used for definition of event groups, for example:
- The perf annotate browser has been enhanced to allow navigation through ASM calls and jumps.
- The perf tool has been updated to provide a per-user view with the new
--uidcommand line option. When used, perf shows tasks for a specified user only.
- The perf tool now provides a wider variety of automated tests.
Uncore PMU Support
The kernel shipped with Red Hat Enterprise Linux 6.4 adds "uncore" Performance Monitoring Unit (PMU) support to the perf event subsystem for Intel Xeon Processor X55xx and Intel Xeon Processor X56xx family of processors. The "uncore" refers to subsystems in the physical processor package that are shared by multiple processor cores, for example the L3 cache. With uncore PMU support, performance data can be easily collected on a package level.
PMU events parsing has also been enabled to allow debugging via perf.
memcg Memory Overhead
Memory control groups maintain their own Least Recently Used (LRU) list to, for example, reclaim memory. This list was on top of the global per-zone LRU list. In Red Hat Enterprise Linux 6.4, the memory overhead for
memcgwas reduced by disabling the global per-zone LRU list and converting its users to operate on the per-memory cgroup lists instead.
Memory Reclaim and Compaction
The kernel shipped with Red Hat Enterprise Linux 6.4 uses reclaim and compaction for high-order allocation requests or under memory pressure.
Support of the Transactional Execution Facility and Runtime Instrumentation Facility
Support of the Transactional-Execution Facility (available with IBM zEnterprise EC12) in the Linux kernel helps eliminate software locking overhead that can impact performance and offer increased scalability and parallelism to drive higher transaction throughput. Support of the Runtime Instrumentation Facility (available with IBM zEnterprise EC12) provides an advanced mechanism to profile program code for improved analysis and optimization of the code generated by the new IBM JVM.
Red Hat Enterprise Linux 6.4 adds support for a new fail-open mode when using netfilter's NFQUEUE target. This mode allows users to temporarily disable packet inspection and maintain connectivity under heavy network traffic.
kdump and kexec Kernel Dumping Mechanism for IBM System z Fully Supported
In Red Hat Enterprise Linux 6.4, the kdump/kexec kernel dumping mechanism is enabled for IBM System z systems as a fully supported feature, in addition to the IBM System z stand-alone and hypervisor dumping mechanism. The auto-reserve threshold is set at 4 GB; therefore, any IBM System z system with more than 4 GB of memory has the kdump/kexec mechanism enabled.
Sufficient memory must be available because kdump reserves approximately 128 MB by default. This is especially important when performing an upgrade to Red Hat Enterprise Linux 6.4. Sufficient disk space must also be available for storing the dump in case of a system crash.
You can configure or disable kdump through
/etc/kdump.conf, system-config-kdump, or firstboot.
TSC Deadline Support for KVM
TSC deadline timer is a new mode in the Local APIC (LAPIC) timer, which generates one-shot timer interrupts based on the TSC deadline, in place of the current APIC clock count interval. It provides more precise timer interrupts (less than 1 tick) to benefit the OS scheduler. KVM now exposes this feature to guests.
Persistent Device Naming
This feature stores the mapping of device names (for example,
sdb, and others) and persistent device names (provided by udev in
/dev/disk/by-*/) to kernel messages. This allows users to identify a device from kernel messages. The kernel
/dev/kmsglog, which can be displayed with the
dmesgcommand, now shows the messages for the symbolic links, which udev has created for kernel devices. These messages are displayed in the following format:
udev-alias: <device_name> (<symbolic_link> <symbolic link> …)
Any log analyzer can display these messages, which are also saved in
New linuxptp Package
The linuxptp package, included in Red Hat Enterprise Linux 6.4 as a Technology Preview, is an implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal.
Transparent Hugepages Documentation
Documentation for transparent hugepages has been added to the following file:
State of Support for Dump Targets
In Red Hat Enterprise Linux 6.4, the
/usr/share/doc/kexec-tools-2.0.0/kexec-kdump-howto.txtfile provides a comprehensive list of supported, unsupported, and unknown dump targets under section “Dump Target support status”.
Chapter 3. Device Drivers
The Device Drivers chapter has been moved to the Red Hat Enterprise Linux Technical Notes, located at:
Chapter 4. Networking
HAProxy is a stand-alone, Layer 7, high-performance network load balancer for TCP and HTTP-based applications which can perform various types of scheduling based on the content of the HTTP requests. Red Hat Enterprise Linux 6.4 introduces the haproxy package as a Technology Preview.
Mellanox SR-IOV Support
Single Root I/O Virtualization (SR-IOV) is now supported as a Technology Preview in the Mellanox
libmlx4library and the following drivers:
Chapter 5. Authentication and Interoperability
SSSD Fully Supported Features
A number of features introduced in Red Hat Enterprise Linux 6.3 are now fully supported in Red Hat Enterprise Linux 6.4. Specifically:
- support for central management of SSH keys,
- SELinux user mapping,
- and support for automount map caching.
New SSSD Cache Storage Type
Kerberos version 1.10 added a new cache storage type,
DIR:, which allows Kerberos to maintain Ticket Granting Tickets (TGTs) for multiple Key Distribution Centers (KDCs) simultaneously and auto-select between them when negotiating with Kerberos-aware resources. In Red Hat Enterprise Linux 6.4, SSSD has been enhanced to allow you to select the
DIR:cache for users that are logging in via SSSD. This feature is introduced as a Technology Preview.
Adding AD-based Trusted Domains to
In Red Hat Enterprise Linux 6.4, the
ipa group-add-membercommand allows you to add members of Active Directory-based trusted domains to groups marked as
externalin Identity Management. These members may be specified by their name using domain- or UPN-based syntax, for example
User@AD.Domain. When specified in this form, members are resolved against Active Directory-based trusted domain's Global Catalog to obtain their Security Identifier (SID) value.
Alternatively, an SID value could be specified directly. In this case, the
ipa group-add-membercommand will only verify that the domain part of the SID value is one of the trusted Active Directory domains. No attempt will be done to verify validity of the SID within the domain.
It is recommended to use user or group name syntax to specify external members rather than providing their SID values directly.
Auto-renew Identity Management Subsystem Certificates
The default validity period for a new Certificate Authority is 10 years. The CA issues a number of certificates for its subsystems (OCSP, audit log, and others). Subsystem certificates are normally valid for 2 years. If the certificates expire, the CA does not start up or does not function properly. Therefore, in Red Hat Enterprise Linux 6.4, Identity Management servers are capable of automatically renewing their subsystem certificates. The subsystem certificates are tracked by certmonger, which automatically attempts to renew the certificates before they expire.
Automatic Configuration of OpenLDAP Client Tools on Clients Enrolled in Identity Management
In Red Hat Enterprise Linux 6.4, OpenLDAP is automatically configured with the default LDAP URI, a Base DN, and a TLS certificate during Identity Management client installation. This improves user experience when performing LDAP searches to Identity Management Directory Server.
PKCS#12 Support for python-nss
The python-nss package, which provides Python bindings for Network Security Services (NSS) and the Netscape Portable Runtime (NSPR), has been updated to add PKCS #12 support.
Full Persistent Search for DNS
LDAP in Red Hat Enterprise Linux 6.4 includes support for persistent search for both zones and their resource records. Persistent search allows the bind-dyndb-ldap plug-in to be immediately informed about all changes in an LDAP database. It also decreases network bandwidth usage required by repeated polling.
New CLEANALLRUV Operation
Obsolete elements in the Database Replica Update Vector (RUV) can be removed with the
CLEANRUVoperation, which removes them on a single supplier or master. Red Hat Enterprise Linux 6.4 adds a new
CLEANALLRUVoperation which can remove obsolete RUV data from all replicas and needs to be run on a single supplier/master only.
samba4 Libraries Updated
The samba4 libraries (provided by the samba4-libs package) have been upgraded to the latest upstream version to improve interoperability with Active Directory (AD) domains. SSSD now uses the
libndr-krb5paclibrary to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC). Additionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. For information on the introduction of Cross Realm Kerberos Trust functionality, which depends on samba4 packages, refer to the section called “Cross Realm Kerberos Trust Functionality in Identity Management”.
If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, make sure to uninstall the samba4 package to avoid conflicts during the upgrade.
Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, “Samba4 Package Support ”.
Table 5.1. Samba4 Package Support
|Package Name||New Package in 6.4?||Support Status|
|samba4-libs||No||Technology Preview, except functionality required by OpenChange|
|samba4-pidl||No||Technology Preview, except functionality required by OpenChange|
Cross Realm Kerberos Trust Functionality in Identity Management
The Cross Realm Kerberos Trust functionality provided by Identity Management is included as a Technology Preview. This feature allows to create a trust relationship between an Identity Management and an Active Directory domain. This means that users from the AD domain can access resources and services from the Identity Management domain with their AD credentials. No data needs to be synchronized between the Identity Management and AD domain controllers; AD user are always authenticated against the AD domain controller and information about users is looked up without the need for synchronization.
This feature is provided by the optional ipa-server-trust-ad package. This package depends on features which are only available in samba4. Because samba4-* packages conflicts with the corresponding samba-* packages, all samba-* packages must be removed before ipa-server-trust-ad can be installed.
When the ipa-server-trust-ad package is installed, the
ipa-adtrust-installcommand must be run on all Identity Management servers and replicas to enable Identity Management to handle trusts. When this is done a trust can be established on the command line using the
ipa trust-addor the WebUI. For more information, refer to section Integrating with Active Directory Through Cross-Realm Kerberos Trusts in the Identity Management Guide on https://access.redhat.com/site/documentation/Red_Hat_Enterprise_Linux/.
Posix Schema Support for 389 Directory Server
Windows Active Directory (AD) supports the POSIX schema (RFC 2307 and 2307bis) for user and group entries. In many cases, AD is used as the authoritative source of user and group data, including POSIX attributes. With Red Hat Enterprise Linux 6.4, Directory Server Windows Sync no longer ignores these attributes. Users are now able to synchronize POSIX attributes with Windows Sync between AD and 389 Directory Server.
When adding new user and group entries to the Directory Server, the POSIX attributes are not synced to AD. Adding new user and group entries to AD will synchronize to the Directory Server, and modifying attributes will synchronize them both ways.
Chapter 6. Security
Treating Matches Authoritatively in Look Ups of sudoers Entries
The sudo utility is able to consult the
/etc/nsswitch.conffile for sudoers entries and look them up in files or using LDAP. Previously, when a match was found in the first database of sudoers entries, the look up operation still continued in other databases (including files). In Red Hat Enterprise Linux 6.4, an option was added to the
/etc/nsswitch.conffile that allows users to specify a database after which a match of a sudoers entry is sufficient. This eliminates the need to query any other databases; thus, improving the performance of sudoers entry look ups in large environments. This behavior is not enabled by default and must be configured by adding the
[SUCCESS=return]string after a selected database. When a match is found in a database that directly precedes this string, no other databases are queried.
Additional Password Checks for
pam_cracklibmodule has been updated to add multiple new password strength checks:
- Certain authentication policies do not allow passwords which contain long continuous sequences such as "abcd" or "98765". This update introduces the possibility to limit the maximum length of these sequences by using the new
pam_cracklibmodule now allows to check whether a new password contains the words from the GECOS field from entries in the
/etc/passwdfile. The GECOS field is used to store additional information about the user, such as the user's full name or a phone number, which could be used by an attacker for an attempt to crack the password.
pam_cracklibmodule now allows to specify the maximum allowed number of consecutive characters of the same class (lowercase, uppercase, number and special characters) in a password via the
pam_cracklibmodule now supports the
enforce_for_rootoption, which enforces complexity restrictions on new passwords for the root account.
Size Option for tmpfs Polyinstantiation
On a system with multiple tmpfs mounts, it is necessary to limit their size to prevent them from occupying all of the system memory. PAM has been updated to allow users to specify the maximum size of the tmpfs file system mount when using tmpfs polyinstantiation by using the
mntopts=size=<size>option in the
Locking Inactive Accounts
Certain authentication policies require support for locking of an account that is not used for certain period of time. Red Hat Enterprise Linux 6.4 introduces an additional function to the
pam_lastlogmodule, which allows users to lock accounts after a configurable number of days.
New Modes of Operation for
libicalibrary, which contains a set of functions and utilities for accessing the IBM eServer Cryptographic Accelerator (ICA) hardware on IBM System z, has been modified to allow usage of new algorithms that support the Message Security Assist Extension 4 instructions in the Central Processor Assist for Cryptographic Function (CPACF). For the DES and 3DES block ciphers, the following modes of operation are now supported:
- Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
- Cipher-based Message Authentication Code (CMAC)
For the AES block cipher, the following modes of operation are now supported:
- Cipher Block Chaining with Ciphertext Stealing (CBC-CS)
- Counter with Cipher Block Chaining Message Authentication Code (CCM)
- Galois/Counter (GCM)
This acceleration of complex cryptographic algorithms significantly improves the performance of IBM System z machines.
Optimization of, and Support for, the
zlib Compression Library for System z
The zlib library, a general-purpose lossless data compression library, has been updated to improve compression performance on IBM System z.
Fallback Firewall Configuration
ip6tablesservices now provide the ability to assign a fallback firewall configuration if the default configurations cannot be applied. If applying of the firewall rules from
/etc/sysconfig/iptablesfails, the fallback file is applied if it exists. The fallback file is named
/etc/sysconfig/iptables.fallbackand uses the
iptables-savefile format (same as
/etc/sysconfig/iptables). If application of the fallback file also fails, there is no further fallback. To create a fallback file, use the standard firewall configuration tools and rename or copy the file to the fallback file. Use the same process for the
ip6tablesservice, only replace all occurrences of “iptables” with “ip6tables”.
Chapter 7. Subscription Management
7.1. Subscription Manager
In Red Hat Enterprise Linux 6.4, several strings have been renamed in Subscription Manager:
- subscribe was renamed to attach
- auto-subscribe was renamed to auto-attach
- unsubscribe was renamed to remove
- consumer was renamed to system or unit
Testing Proxy Connection
The Proxy Configuration dialog now allows users to test a connection to a proxy after entering a value.
Subscribe or Unsubscribe Multiple Entitlements
Subscription Manager is now able to subscribe (attach) or unsubscribe (remove) multiple entitlements using their serial numbers at once.
Activation Keys Support in the GUI
The Subscription Manager graphical user interface now allows you to register a system using an activation key. Activation keys allow users to preconfigure subscriptions for a system before it is registered.
Registering Against External Servers
Support for the selection of a remote server during the registration of a system is now supported in Subscription Manager. The Subscription Manager user interface provides an option to choose a URL of a server to register against, together with a port and a prefix, during the registration process. Additionally, when registering on the command line, the
--serverurloption can be used to specify the server to register against. For more information about this feature, refer to the section Registering, Unregistering, and Reregistering a System in the Subscription Management Guide.
Usability Changes in the GUI
The Subscription Manager GUI has been enhanced with various changes based on customer feedback.
7.2. Subscription Asset Manager
Installation on Offline Systems
Subscription Asset Manager is now available as an ISO image and can be obtained from Content Delivery Network and Red Hat Network. It is therefore possible to install Subscription Asset Manager on offline systems.
Reduced System Registration Workload
It is now possible to configure a kickstart file with instructions to connect to Subscription Asset Manager and to automatically register and subscribe the system. This significantly reduces workloads of registering a large number of systems.
Red Hat Enterprise Linux 6.4 provides subscription-manager which includes the rhn-migrate-classic-to-rhsm script. The script has the
--serverurlparameter that allows the user to point the system to an existing or on-premise installation of Subscription Asset Manager, and automatically migrates the system to use Subscription Asset Manager for its content.
For more information about the 1.2 release of Subscription Asset Manager, refer to the Red Hat Subscription Asset Manager 1.2 Release Notes located at:
Chapter 8. Virtualization
KVM Virtualization's storage stack has been improved with the addition of virtio-SCSI (a storage architecture for KVM based on SCSI) capabilities. Virtio-SCSI provides the ability to connect directly to SCSI LUNs and significantly improves scalability compared to virtio-blk. The advantage of virtio-SCSI is that it is capable of handling hundreds of devices compared to virtio-blk which can only handle approximately 25 devices and exhausts PCI slots.
Virtio-SCSI is now capable of inheriting the feature set of the target device with the ability to:
- attach a virtual hard drive or CD through the virtio-scsi controller,
- pass-through a physical SCSI device from the host to the guest via the QEMU scsi-block device,
- and allow the usage of hundreds of devices per guest; an improvement from the ~25-device limit of virtio-blk.
virtio-scsi was introduced in Red Hat Enterprise Linux 6.3 as Technology Preview and is being promoted to fully supported in Red Hat Enterprise Linux 6.4. Windows guests (excluding Windows XP) are also supported with the latest virtio-win drivers.
Support for Intel's Next-generation Core Processor
Red Hat Enterprise Linux 6.4 adds support for Intel's next-generation Core processor to qemu-kvm so that KVM guests can utilize new features this processor provides, most important of which are: Advanced Vector Extensions 2 (AVX2), Bit-Manipulation Instructions 1 (BMI1), Bit-Manipulation Instructions 2 (BMI2), Hardware Lock Elision (HLE), Restricted Transactional Memory (RTM), Process-Context Identifier (PCID), Invalidate Process-Context Identifier (INVPCID), Fused Multiply-Add (FMA), Big-Endian Move instruction (MOVBE), F Segment and G Segment BASE instruction (FSGSBASE), Supervisor Mode Execution Prevention (SMEP), Enhanced REP MOVSB/STOSB (ERMS).
Support for AMD Opteron 4xxx Series CPU
The AMD Opteron 4xxx series processor is now supported by qemu-kvm. This allows new features of this processor series to be exposed to KVM guests, such as: the F16C instruction set, Trailing Bit Manipulation, Bit-Manipulation Instructions 1 (BMI1) decimate functions, and the Fused Multiply-Add (FMA) instruction set.
Guest Live Migration Using USB Forwarding via SPICE
In Red Hat Enterprise Linux 6.4, KVM supports live migration of guests using USB forwarding via SPICE, while maintaining existing USB device redirection for all configured devices.
Live Migration of Guests Using USB Devices
In Red Hat Enterprise Linux 6.4, KVM supports live migration of guests with USB devices. The following devices are supported: Enhanced Host Controller Interface (EHCI) and Universal Host Controller Interface (UHCI) local passthrough and emulated devices such as storage devices, mice, keyboards, hubs, and others.
QEMU Guest Agent Updated
The QEMU guest agent (provided by the qemu-guest-agent package) is now fully supported in Red Hat Enterprise Linux 6.4. It has been updated to upstream version 1.1, and includes the following notable enhancements and bug fixes:
guest-suspend-ramcommands can now be used to suspend to RAM or to disk on a Windows system.
guest-network-get-interfacescommand can now be used to acquire network interface information in Linux.
- This update provides file system freeze support improvements and fixes.
- This update includes various documentation fixes and small improvements.
Paravirtualized End-of-Interrupt Indication (PV-EOI)
Hosts and guests running Red Hat Enterprise Linux 6.3 and older require two VM exits (context switches from a VM to a Hypervisor) for each interrupt: one to inject the interrupt, and another to signal the end of the interrupt. When both host and guest systems are updated to Red Hat Enterprise Linux 6.4 or newer, they can negotiate a paravirtualized end-of-interrupt feature and only require one switch per interrupt. Consequently, using Red Hat Enterprise Linux 6.4 or newer as both a host and a guest, number of exits is reduced by half for interrupt-intensive workloads, such as incoming network traffic with a virtio network device. This leads to significant reduction in host CPU utilization for such workloads. Note that only edge interrupts are enhanced: for example e1000 networking uses level interrupts and was not improved.
Configurable Sound Pass-through
A sound device can now be detected as a
speakerin the guest system (in addition to being detected as
line-out). Sound devices can now function properly in guest applications that accept only certain types of input for voice recording and audio.
Inclusion of, and Guest Installation Support for, Microsoft Hyper-V Drivers
Integrated Red Hat Enterprise Linux guest installation, and Hyper-V para-virtualized device support in Red Hat Enterprise Linux 6.4 on Microsoft Hyper-V allows users to run Red Hat Enterprise Linux 6.4 as a guest on top of Microsoft Hyper-V hypervisors. The following Hyper-V drivers and a clock source have been added to the kernel shipped with Red Hat Enterprise Linux 6.4:
- a network driver (
- a storage driver (
- an HID-compliant mouse driver (
- a VMbus driver (
- a util driver (
- an IDE disk driver (
- a balloon driver (
- a clock source (i386, AMD64/Intel 64:
Red Hat Enterprise Linux 6.4 also includes support for Hyper-V as a clock source and a guest Hyper-V Key-Value Pair (KVP) daemon (
hypervkvpd) that passes basic information, such as the guest IP, the FQDN, OS name, and OS release number, to the host through VMbus. An IP injection functionality is also provided which allows you to change the IP address of a guest from the host via the
On Red Hat Enterprise Linux 6.4 guests, the
balloondriver, a basic driver for the dynamic memory management functionality supported on Hyper-V hosts, was added. The
balloondriver is used to dynamically remove memory from a virtual machine. In the current implementation of the balloon driver for Linux, only the ballooning functionality is implemented, not the hot-add functionality.
8.3. VMware ESX
VMware PV Drivers
The VMware para-virtualized drivers have been updated to provide a seamless out-of-the-box experience when running Red Hat Enterprise Linux 6.4 in VMware ESX. The Anaconda installer has also been updated to list the drivers during the installation process. The following drivers have been updated:
- a network driver (
- a storage driver (
- a memory ballooning driver (
- a mouse driver (
- a video driver (
Chapter 9. Clustering
Support for IBM iPDU Fence Device
Red Hat Enterprise Linux 6.4 adds support for the IBM iPDU fence device. For more information on the parameters of this fence device, refer to the Fence Device Parameters appendix in the Red Hat Enterprise Linux 6 Cluster Administration guide.
Support for Eaton Network Power Controller Fence Device
Red Hat Enterprise Linux 6.4 adds support for
fence_eaton_snmp, the fence agent for the Eaton over SNMP network power switch. For more information on the parameters of this fence agent, refer to the Fence Device Parameters appendix in the Red Hat Enterprise Linux 6 Cluster Administration guide.
New keepalived Package
Red Hat Enterprise Linux 6.4 includes the keepalived package as a Technology Preview. The keepalived package provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on the well-known and widely used Linux Virtual Server kernel module providing Layer 4 network load-balancing. The
keepaliveddaemon implements a set of health checkers for load-balanced server pools according to their state. The keepalived daemon also implements the Virtual Router Redundancy Protocol (VRRP), allowing router or director failover to achieve high availability.
checkquorum.wdmdfence agents, included in Red Hat Enterprise Linux 6.4 as a Technology Preview, provide new mechanisms to trigger the recovery of a node via a watchdog device. Tutorials on how to enable this Technology Preview will be available at https://fedorahosted.org/cluster/wiki/HomePage.
Support for VMDK-based Storage
Red Hat Enterprise Linux 6.4 adds support for clusters utilizing VMware's VMDK (Virtual Machine Disk) disk image technology with the multi-writer option. This allows you, for example, to use VMDK-based storage with the multi-writer option for clustered file systems such as GFS2.
Chapter 10. Storage
Support of Parallel NFS
Parallel NFS (pNFS) is a part of the NFS v4.1 standard that allows clients to access storage devices directly and in parallel. The pNFS architecture can improve the scalability and performance of NFS servers for several common workloads.
pNFS defines 3 different storage protocols or layouts: files, objects and blocks. The Red Hat Enterprise Linux 6.4 NFS client supports the files layout protocol.
To enable the pNFS file-layout client in Red Hat Enterprise Linux, use the
-o v4.1option when mounting a file system on a pNFS-capable server.
When the server is pNFS-enabled, the
nfs_layout_nfsv41_fileskernel module is automatically loaded on the first mount. Use the following command to verify that this module was loaded:
lsmod | grep nfs_layout_nfsv41_files
For more information on pNFS, refer to http://www.pnfs.com/.
XFS Online Discard Support
An online discard operation performed on a mounted file system discards blocks which are not in use by the file system. Online discard operations are now supported on XFS file systems. For more information, refer to the section Discard Unused Blocks in the Red Hat Enterprise Linux 6 Storage Administration Guide.
LVM Support for Micron PCIe SSD
In Red Hat Enterprise Linux 6.4, LVM adds support for Micron PCIe Solid State Drives (SSDs) as devices that may form a part of a Volume Group.
LVM Support for 2-way Mirror RAID10
LVM is now capable of creating, removing, and resizing RAID10 logical volumes. To create a RAID10 logical volume, like the other RAID types, specify the segment type as follows:
lvcreate --type raid10 -m 1 -i 2 -L 1G -n lv vg
Note that the
-iarguments behave in the same way they would for other segment types. That is,
-iis the total number of stripes while
-mis the number of (additional) copies (that is,
-m 1 -i 2gives 2 stripes on top of 2-way mirrors).
Set Up and Manage SCSI Persistent Reservations Through Device Mapper Devices
Previously, to set up persistent reservations on multipath devices, it was necessary to set it up on all of the path devices. If a path device was later added, it was necessary to manually add reservations to that path. Red Hat Enterprise Linux 6.4 adds the ability to set up and manage SCSI persistent reservations through device mapper devices with the
mpathpersistcommand. When path devices are added, persistent reservations are set up on those devices as well.
Chapter 11. Compiler and Tools
SystemTap Updated to Version 1.8
SystemTap is a tracing and probing tool that allows users to study and monitor the activities of the operating system (particularly, the kernel) in fine detail. It provides information similar to the output of tools like netstat, ps, top, and iostat; however, SystemTap is designed to provide more filtering and analysis options for collected information.
The systemtap package in Red Hat Enterprise Linux 6.4 has been upgraded to upstream version 1.8, which provides a number of bug fixes and enhancements:
@varsyntax is now an alternative language syntax for accessing DWARF variables in
kprobehandlers (process, kernel, module).
- SystemTap now mangles local variables to avoid collisions with C headers included by tapsets.
- The SystemTap compile-server and client now support IPv6 networks, for hosts listed in DNS or mDNS.
- The SystemTap runtime (staprun) now accepts a
-Ttimeout option to allow less frequent wake-ups to poll for low-throughput output from scripts.
- The SystemTap script translator driver (
stap) now provides the following resource limit options:
--rlimit-as=NUM --rlimit-cpu=NUM --rlimit-nproc=NUM --rlimit-stack=NUM --rlimit-fsize=NUM
- SystemTap modules are now smaller and compile faster. The modules' debuginfo is now suppressed by default.
- Bug CVE-2012-0875 (kernel panic when processing malformed DWARF unwind data) is now fixed.
The lscpu and chcpu Utilities
The lscpu utility, which displays detailed information about the available CPUs has been updated to include numerous new features. Also, a new utility, chcpu, has been added, which allows you to change the CPU state (online/offline, standby/active, and other states), disable and enable CPUs, and configure specified CPUs.
For more information about these utilities, refer to the lscpu(1) and chcpu(8) man pages.
Chapter 12. General Updates
Updated samba Packages
Red Hat Enterprise Linux 6.4 includes rebased samba packages that introduce several bug fixes and enhancements, the most important of which is added support for the SMB2 protocol. SMB2 support can be enabled with the following parameter in the
[global]section of the
max protocol = SMB2
Additionally, Samba now has support for AES Kerberos encryption. AES support has been available in Microsoft Windows operating systems since Windows Vista and Windows Server 2008. It is reported to be the new default Kerberos encryption type since Windows 7. Samba now adds AES Kerberos keys to the keytab it controls. This means that other kerberized services that use the samba keytab and run on the same machine can benefit from AES encryption. In order to use AES session keys (and not only use AES encrypted ticket granting tickets), the samba machine account in Active Directory's LDAP server needs to be manually modified. For more information, refer to the Microsoft Open Specifications Support Team Blog.
With Samba 3.6, it is suggested that if you use the
security = sharemode you should migrate to use
security = userfor a standalone file server or Domain Controller (DC). The
security = sharemode will not be supported in future releases. Refer to the
smb.conf(5)manpage for more details on
security = userand read the ACL documentation for permission control on files and directories.
The updated samba packages also change the way ID mapping is configured. Users are advised to modify their existing Samba configuration files.
Note that several Trivial Database (TDB) files have been updated and the printing support has been rewritten to use the actual registry implementation. This means that all TDB files are upgraded as soon as you start the new version of
smbd. You cannot downgrade to an older Samba 3.x version unless you have backups of the TDB files.
For more information about these changes, refer to the Release Notes for Samba 3.6.0.
New SciPy Package
Red Hat Enterprise Linux 6.4 includes a new scipy package. The SciPy package provides software for mathematics, science, and engineering. The NumPy package, which is designed to manipulate large multi-dimensional arrays of arbitrary records, is the core library for SciPy. The SciPy library is built to work with NumPy arrays and provides various efficient numerical routines, for example routines for numerical integration and optimization.
TLS v1.1 Support in NSS
The nss and nss-util packages have been upgraded to upstream version 3.14 to provide, among other features, support for TLS version 1.1. As well, the nspr package has been rebased to version 4.9.2. For more information, refer to the NSS 3.14 Release Notes.
The valgrind package has been upgraded to upstream version 3.8.1. This updated version contains, among other enhancements and bug fixes, an embedded
gdbserver. For more information, refer to the Valgrind chapter and the Changes in Valgrind 3.8.1 appendix in the Red Hat Developer Toolset 1.1 User Guide.
New libjpeg-turbo Packages
Red Hat Enterprise Linux 6.4 includes a new set of packages: libjpeg-turbo. These packages replace the traditional libjpeg packages, and provide the same functionality and API as libjpeg but better performance.
New redhat-lsb-core Package
When installing the redhat-lsb package, a large number of dependencies are pulled into the system to meet the LSB standard. Red Hat Enterprise Linux 6.4 provides a new redhat-lsb-core subpackage which allows you to easily fetch only the minimal set of required packages by installing the redhat-lsb-core package.
createrepo Utility Updated
The createrepo utility has been updated to the latest upstream version, which significantly reduces memory usage and adds multitasking support via the
Appendix A. Component Versions
This appendix is a list of components and their versions in the Red Hat Enterprise Linux 6.4 release.
Table A.1. Component Versions
QLogic ql2xxx firmware
iSCSI initiator utils
Appendix B. Revision History
|Revision 1.3-7||Fri Mar 7 2014|
|Revision 1.3-4||Tue Feb 18 2014|
|Revision 1.3-3||Wed Jan 15 2014|
|Revision 1.3-2||Mon Feb 25 2013|
|Revision 1.2-1||Thu Feb 21 2013|
|Revision 1.1-14||Wed Dec 4 2012|
Copyright © 2012 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.