Chapter 16. Servers and Services
chrony rebased to version 3.1
The chrony package has been upgraded to upstream version 3.1, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
- Added support for software and hardware timestamping for improved accuracy (sub-microsecond accuracy may be possible).
- Improved accuracy with asymmetric network jitter.
- Added support for interleaved mode.
- Added support for configuration and monitoring over Unix domain socket to replace authentication with command key (remote configuration is no longer possible).
- Improved automatic replacement of servers.
- Added orphan mode compatible with the
- Added response rate limiting for NTP servers.
- Added detailed manual pages, which replace the documentation in the info format. (BZ#1387223)
linuxptp rebased to version 1.8
The linuxptp packages have been upgraded to upstream version 1.8, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
- Added support for hybrid end-to-end (E2E) delay measurements using unicast messages to reduce network traffic in large networks.
- Added support for running a boundary clock (BC) using independent Precision Time Protocol (PTP) hardware clocks.
- Added options to configure Time to Live (TTL) and Differentiated Services Code Point (DSCP) of PTP messages. (BZ#1359311)
tuned rebased to version 2.8.0
The tuned packages have been upgraded to upstream version 2.8.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following:
- CPU partitioning profile has been added.
- Support for cores isolation has been added.
- Support for
initrdoverlays has been added.
- Inheritance has been improved.
logrotate now uses
/var/lib/logrotate/logrotate.status as the default state file
logrotate cron jobused a modified path to the
logrotatestate file. Consequently, the path used by the cron job did not match the default state file path used by
logrotateitself. To prevent confusion, the default state file path used by
logrotatehas been changed to match the state file path used by
logrotate cron job. As a result,
/var/lib/logrotate/logrotate.statusas the default state file path in both scenarios. (BZ#1381719)
rsyslog rebased to version 8.24.0
rsyslogutility has been rebased to upstream version 8.24.0, which includes numerous enhancements, new features and bug fixes. Notable improvements include:
- A new core engine has been implemented, offering faster message processing.
- Speed and stability when handling data in the JSON format have been improved.
- The RainerScript configuration format has been selected as default and improved with more options.
- A new
mmexternalmodule for manipulation of messages inside
rsyslogusing external applications has been added.
omprogmodule has received improvements for better communication with external binaries.
omrelpnow support encrypted transmission using the TLS protocol.
imuxsockmodule now supports rule sets for individual sockets, which override the global rule set.
- When the
imuxsockmodule is used, rate limiting messages now include PID of the process that causes the rate limiting.
- The TCP server error messages now include the IP address of the remote host.
imjournalmodule no longer stops receiving logs after switching to the persistent
- Logging to the runtime journal no longer completely stops after a reboot when the machine's clock was set to an earlier time.
- Previously, when the
copytruncateoption was rotating a log file, the
imfilemodule might not have read all of the log messages from the file being rotated. As a consequence, these log messages were lost. The
imfilemodule has been extended to handle this situation. As a consquence, messages are no longer lost when
copytruncateis used on log files.
Customers using custom modules are advised to update their modules for the current rsyslog version.
See also the Deprecated Functionality chapter for information about deprecated
rsyslogoptions. (BZ#1313490, BZ#1174345, BZ#1053641, BZ#1196230, BZ#1326216, BZ#1088021, BZ#1419228, BZ#1133687)
New cache configuration options for
This update adds new options to control cahing of OCSP responses to the
mod_nssmodule. The new options allow the user to control:
- Time to wait for OCSP responses
- Size of the OCSP cache
- Minimum and maximum duration for an item's presence in cache, including not caching at all (BZ#1392582)
Database and prefix options have been removed from
nss_pcachepin-caching service no longer shares the Network Security Services (NSS) database of the
mod_nssApache module because
nss_pcachedoes not need access to the tokens. The options for the NSS database and the prefix have been removed and are now handled automatically by
New package: libfastjson
This update introduces the
libfastjsonlibrary as a replacement of the
rsyslog. The limited feature set of
libfastjsonallows for greatly improved performance compared to
tuned now supports initrd overlays
tunednow supports initrd overlays, which can extend default (Dracut) initrd images. It is supported by the bootloader plugin. The example shows typical usage in the Tuned profile:
This adds the content of the overlay.img directory to the current initrd when the profile is activated. (BZ#1414098)
openwsman now supports disabling of particular SSL protocols
Previously, there was no way to disable particular SSL protocols with the
openwsmanutility. A new configuration file option for a list of disabled protocols has been added. As a result, it is now possible to disable particular SSL protocols through the
openwsmanconfiguration file. (BZ#1190689)
rear rebased to version 2.0
Updated rear packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. Notable changes include:
Cyclic Redundancy Check(CRC) feature is now enabled by default on the XFS file systems. Previously,
rearignored this change in behavior, and formatted the
/bootpartition with an incompatible UUID flag. This caused the recovery process to fail. With this rebase,
rearchecks for the CRC feature, and properly preserves UUID during recovery.
- Support for the
GRUB2boot loaders for IBM Power Systems architecture has been added.
- Linux capabilities are now preserved if the directive
NETFS_RESTORE_CAPABILITIESis set to the
yoption in the
- CIFS credentials are now preserved in rescue image.
GRUB_RESCUE_PASSWORDdirectives have been dropped to avoid possible unexpected behaviour change of the
GRUB2bootloader in the currently running system.
- Documentation has been improved.
- Creation of multiple backups have been enabled. (BZ#1355667)
python-tornado rebased to version 4.2.1
The python-tornado package has been upgraded to upstream version 4.2.1, which provides a number of bug fixes and new features over the previous version. Notable changes include:
- A new
tornado.netutil.Resolverclass, which provides an asynchronous interface to DNS resolution
- A new
tornado.tcpclientmodule, which creates TCP connections with non-blocking DNS, SSL handshaking, and support for IPv6
IOLoop.instance()function is now thread-safe
- Logging has been improved; low-level logs are less frequent;
Tornadouses its own logger instead of the root logger, which enables more detailed configuration
- Multiple reference cycles have been separated within python-tornado, enabling more efficient garbage collection on
- Coroutines are now faster and are used extensively within