Chapter 16. Servers and Services

chrony rebased to version 3.1

The chrony package has been upgraded to upstream version 3.1, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
  • Added support for software and hardware timestamping for improved accuracy (sub-microsecond accuracy may be possible).
  • Improved accuracy with asymmetric network jitter.
  • Added support for interleaved mode.
  • Added support for configuration and monitoring over Unix domain socket to replace authentication with command key (remote configuration is no longer possible).
  • Improved automatic replacement of servers.
  • Added orphan mode compatible with the ntpd daemon.
  • Added response rate limiting for NTP servers.
  • Added detailed manual pages, which replace the documentation in the info format. (BZ#1387223)

linuxptp rebased to version 1.8

The linuxptp packages have been upgraded to upstream version 1.8, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
  • Added support for hybrid end-to-end (E2E) delay measurements using unicast messages to reduce network traffic in large networks.
  • Added support for running a boundary clock (BC) using independent Precision Time Protocol (PTP) hardware clocks.
  • Added options to configure Time to Live (TTL) and Differentiated Services Code Point (DSCP) of PTP messages. (BZ#1359311)

tuned rebased to version 2.8.0

The tuned packages have been upgraded to upstream version 2.8.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following:
  • CPU partitioning profile has been added.
  • Support for cores isolation has been added.
  • Support for initrd overlays has been added.
  • Inheritance has been improved.
  • RegExp device matching based on the udev device manager has been implemented. (BZ#1388454, BZ#1395855, BZ#1395899, BZ#1408308, BZ#1394965)

logrotate now uses /var/lib/logrotate/logrotate.status as the default state file

Previously, the logrotate cron job used a modified path to the logrotate state file. Consequently, the path used by the cron job did not match the default state file path used by logrotate itself. To prevent confusion, the default state file path used by logrotate has been changed to match the state file path used by logrotate cron job. As a result, logrotate now uses /var/lib/logrotate/logrotate.status as the default state file path in both scenarios. (BZ#1381719)

rsyslog rebased to version 8.24.0

The rsyslog utility has been rebased to upstream version 8.24.0, which includes numerous enhancements, new features and bug fixes. Notable improvements include:
  • A new core engine has been implemented, offering faster message processing.
  • Speed and stability when handling data in the JSON format have been improved.
  • The RainerScript configuration format has been selected as default and improved with more options.
  • A new mmexternal module for manipulation of messages inside rsyslog using external applications has been added.
  • The omprog module has received improvements for better communication with external binaries.
  • Modules imrelp and omrelp now support encrypted transmission using the TLS protocol.
  • The imuxsock module now supports rule sets for individual sockets, which override the global rule set.
  • When the imuxsock module is used, rate limiting messages now include PID of the process that causes the rate limiting.
  • The TCP server error messages now include the IP address of the remote host.
  • The imjournal module no longer stops receiving logs after switching to the persistent journald configuration.
  • Logging to the runtime journal no longer completely stops after a reboot when the machine's clock was set to an earlier time.
  • Previously, when the logrotate utility with copytruncate option was rotating a log file, the imfile module might not have read all of the log messages from the file being rotated. As a consequence, these log messages were lost. The imfile module has been extended to handle this situation. As a consquence, messages are no longer lost when logrotate copytruncate is used on log files.
Customers using custom modules are advised to update their modules for the current rsyslog version.
See also the Deprecated Functionality chapter for information about deprecated rsyslog options. (BZ#1313490, BZ#1174345, BZ#1053641, BZ#1196230, BZ#1326216, BZ#1088021, BZ#1419228, BZ#1133687)

New cache configuration options for mod_nss

This update adds new options to control cahing of OCSP responses to the mod_nss module. The new options allow the user to control:
  • Time to wait for OCSP responses
  • Size of the OCSP cache
  • Minimum and maximum duration for an item's presence in cache, including not caching at all (BZ#1392582)

Database and prefix options have been removed from nss_pcache

The nss_pcache pin-caching service no longer shares the Network Security Services (NSS) database of the mod_nss Apache module because nss_pcache does not need access to the tokens. The options for the NSS database and the prefix have been removed and are now handled automatically by mod_nss. (BZ#1382102)

New package: libfastjson

This update introduces the libfastjson library as a replacement of the json-c library for rsyslog. The limited feature set of libfastjson allows for greatly improved performance compared to json-c. (BZ#1395145)

tuned now supports initrd overlays

tuned now supports initrd overlays, which can extend default (Dracut) initrd images. It is supported by the bootloader plugin. The example shows typical usage in the Tuned profile:
[bootloader]
initrd_add_dir=${i:PROFILE_DIR}/overlay.img
This adds the content of the overlay.img directory to the current initrd when the profile is activated. (BZ#1414098)

openwsman now supports disabling of particular SSL protocols

Previously, there was no way to disable particular SSL protocols with the openwsman utility. A new configuration file option for a list of disabled protocols has been added. As a result, it is now possible to disable particular SSL protocols through the openwsman configuration file. (BZ#1190689)

rear rebased to version 2.0

Updated rear packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. Notable changes include:
  • The Cyclic Redundancy Check (CRC) feature is now enabled by default on the XFS file systems. Previously, rear ignored this change in behavior, and formatted the /boot partition with an incompatible UUID flag. This caused the recovery process to fail. With this rebase, rear checks for the CRC feature, and properly preserves UUID during recovery.
  • Support for the GRUB and GRUB2 boot loaders for IBM Power Systems architecture has been added.
  • Linux capabilities are now preserved if the directive NETFS_RESTORE_CAPABILITIES is set to the y option in the /usr/share/rear/conf/default.conf configuration file.
  • CIFS credentials are now preserved in rescue image.
  • GRUB_SUPERUSER and GRUB_RESCUE_PASSWORD directives have been dropped to avoid possible unexpected behaviour change of the GRUB2 bootloader in the currently running system.
  • Documentation has been improved.
  • Creation of multiple backups have been enabled. (BZ#1355667)

python-tornado rebased to version 4.2.1

The python-tornado package has been upgraded to upstream version 4.2.1, which provides a number of bug fixes and new features over the previous version. Notable changes include:
  • A new tornado.netutil.Resolver class, which provides an asynchronous interface to DNS resolution
  • A new tornado.tcpclient module, which creates TCP connections with non-blocking DNS, SSL handshaking, and support for IPv6
  • The IOLoop.instance() function is now thread-safe
  • Logging has been improved; low-level logs are less frequent; Tornado uses its own logger instead of the root logger, which enables more detailed configuration
  • Multiple reference cycles have been separated within python-tornado, enabling more efficient garbage collection on CPython
  • Coroutines are now faster and are used extensively within Tornado. (BZ#1158617)