Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 16. Servers and Services
chrony rebased to version 3.1
The chrony package has been upgraded to upstream version 3.1, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
- Added support for software and hardware timestamping for improved accuracy (sub-microsecond accuracy may be possible).
- Improved accuracy with asymmetric network jitter.
- Added support for interleaved mode.
- Added support for configuration and monitoring over Unix domain socket to replace authentication with command key (remote configuration is no longer possible).
- Improved automatic replacement of servers.
- Added orphan mode compatible with the
ntpd
daemon. - Added response rate limiting for NTP servers.
- Added detailed manual pages, which replace the documentation in the info format. (BZ#1387223)
linuxptp rebased to version 1.8
The linuxptp packages have been upgraded to upstream version 1.8, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
- Added support for hybrid end-to-end (E2E) delay measurements using unicast messages to reduce network traffic in large networks.
- Added support for running a boundary clock (BC) using independent Precision Time Protocol (PTP) hardware clocks.
- Added options to configure Time to Live (TTL) and Differentiated Services Code Point (DSCP) of PTP messages. (BZ#1359311)
tuned rebased to version 2.8.0
The tuned packages have been upgraded to upstream version 2.8.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following:
- CPU partitioning profile has been added.
- Support for cores isolation has been added.
- Support for
initrd
overlays has been added. - Inheritance has been improved.
logrotate
now uses /var/lib/logrotate/logrotate.status
as the default state file
Previously, the
logrotate cron job
used a modified path to the logrotate
state file. Consequently, the path used by the cron job did not match the default state file path used by logrotate
itself. To prevent confusion, the default state file path used by logrotate
has been changed to match the state file path used by logrotate cron job
. As a result, logrotate
now uses /var/lib/logrotate/logrotate.status
as the default state file path in both scenarios. (BZ#1381719)
rsyslog
rebased to version 8.24.0
The
rsyslog
utility has been rebased to upstream version 8.24.0, which includes numerous enhancements, new features and bug fixes. Notable improvements include:
- A new core engine has been implemented, offering faster message processing.
- Speed and stability when handling data in the JSON format have been improved.
- The RainerScript configuration format has been selected as default and improved with more options.
- A new
mmexternal
module for manipulation of messages insidersyslog
using external applications has been added. - The
omprog
module has received improvements for better communication with external binaries. - Modules
imrelp
andomrelp
now support encrypted transmission using the TLS protocol. - The
imuxsock
module now supports rule sets for individual sockets, which override the global rule set. - When the
imuxsock
module is used, rate limiting messages now include PID of the process that causes the rate limiting. - The TCP server error messages now include the IP address of the remote host.
- The
imjournal
module no longer stops receiving logs after switching to the persistentjournald
configuration. - Logging to the runtime journal no longer completely stops after a reboot when the machine's clock was set to an earlier time.
- Previously, when the
logrotate
utility withcopytruncate
option was rotating a log file, theimfile
module might not have read all of the log messages from the file being rotated. As a consequence, these log messages were lost. Theimfile
module has been extended to handle this situation. As a consquence, messages are no longer lost whenlogrotate
copytruncate
is used on log files.
Customers using custom modules are advised to update their modules for the current rsyslog version.
See also the Deprecated Functionality chapter for information about deprecated
rsyslog
options. (BZ#1313490, BZ#1174345, BZ#1053641, BZ#1196230, BZ#1326216, BZ#1088021, BZ#1419228, BZ#1133687)
New cache configuration options for mod_nss
This update adds new options to control cahing of OCSP responses to the
mod_nss
module. The new options allow the user to control:
- Time to wait for OCSP responses
- Size of the OCSP cache
- Minimum and maximum duration for an item's presence in cache, including not caching at all (BZ#1392582)
Database and prefix options have been removed from nss_pcache
The
nss_pcache
pin-caching service no longer shares the Network Security Services (NSS) database of the mod_nss
Apache module because nss_pcache
does not need access to the tokens. The options for the NSS database and the prefix have been removed and are now handled automatically by mod_nss
. (BZ#1382102)
New package: libfastjson
This update introduces the
libfastjson
library as a replacement of the json-c
library for rsyslog
. The limited feature set of libfastjson
allows for greatly improved performance compared to json-c
. (BZ#1395145)
tuned
now supports initrd overlays
tuned
now supports initrd overlays, which can extend default (Dracut) initrd images. It is supported by the bootloader plugin. The example shows typical usage in the Tuned profile:
[bootloader] initrd_add_dir=${i:PROFILE_DIR}/overlay.img
This adds the content of the overlay.img directory to the current initrd when the profile is activated. (BZ#1414098)
openwsman
now supports disabling of particular SSL protocols
Previously, there was no way to disable particular SSL protocols with the
openwsman
utility. A new configuration file option for a list of disabled protocols has been added. As a result, it is now possible to disable particular SSL protocols through the openwsman
configuration file. (BZ#1190689)
rear rebased to version 2.0
Updated rear packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. Notable changes include:
- The
Cyclic Redundancy Check
(CRC) feature is now enabled by default on the XFS file systems. Previously,rear
ignored this change in behavior, and formatted the/boot
partition with an incompatible UUID flag. This caused the recovery process to fail. With this rebase,rear
checks for the CRC feature, and properly preserves UUID during recovery. - Support for the
GRUB
andGRUB2
boot loaders for IBM Power Systems architecture has been added. - Linux capabilities are now preserved if the directive
NETFS_RESTORE_CAPABILITIES
is set to they
option in the/usr/share/rear/conf/default.conf
configuration file. - CIFS credentials are now preserved in rescue image.
GRUB_SUPERUSER
andGRUB_RESCUE_PASSWORD
directives have been dropped to avoid possible unexpected behaviour change of theGRUB2
bootloader in the currently running system.- Documentation has been improved.
- Creation of multiple backups have been enabled. (BZ#1355667)
python-tornado rebased to version 4.2.1
The python-tornado package has been upgraded to upstream version 4.2.1, which provides a number of bug fixes and new features over the previous version. Notable changes include:
- A new
tornado.netutil.Resolver
class, which provides an asynchronous interface to DNS resolution - A new
tornado.tcpclient
module, which creates TCP connections with non-blocking DNS, SSL handshaking, and support for IPv6 - The
IOLoop.instance()
function is now thread-safe - Logging has been improved; low-level logs are less frequent;
Tornado
uses its own logger instead of the root logger, which enables more detailed configuration - Multiple reference cycles have been separated within python-tornado, enabling more efficient garbage collection on
CPython
- Coroutines are now faster and are used extensively within
Tornado
. (BZ#1158617)