Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 65. Other Deprecated Functionality
Python 2 has been deprecated
Python 2 will be replaced with Python 3 in the next Red Hat Enterprise Linux (RHEL) major release.
See the Conservative Python 3 Porting Guide for information on how to migrate large code bases to
Python 3is available to RHEL customers, and supported on RHEL, as a part of Red Hat Software Collections.
LVM libraries and LVM Python bindings have been deprecated
lvm2applibrary and LVM Python bindings, which are provided by the lvm2-python-libs package, have been deprecated.
Red Hat recommends the following solutions instead:
- The LVM D-Bus API in combination with the
lvm2-dbusdservice. This requires using Python version 3.
- The LVM command-line utilities with JSON formatting. This formatting has been available since the lvm2 package version 2.02.158.
libblockdevlibrary for C and C++.
Mirrored mirror log has been deprecated in LVM
The mirrored mirror log feature of mirrored LVM volumes has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support creating or activating LVM volumes with a mirrored mirror log.
The recommended replacements are:
- RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure. For information on converting mirrored volumes to RAID1, see the Converting a Mirrored LVM Device to a RAID1 Device section in the LVM Administration guide.
- Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command:
lvconvert --mirrorlog disk my_vg/my_lv.
clvmd daemon has been deprecated
clvmddaemon for managing shared storage devices has been deprecated. A future major release of Red Hat Enterprise linux will instead use the
lvmetad daemon has been deprecated
lvmetaddaemon for caching metadata has been deprecated. In a future major release of Red Hat Enterprise Linux, LVM will always read metadata from disk.
Previously, autoactivation of logical volumes was indirectly tied to the
use_lvmetadsetting in the
lvm.confconfiguration file. The correct way to disable autoactivation continues to be setting
auto_activation_volume_list=(an empty list) in the
Deprecated packages related to Identity Management and security
The following packages have been deprecated and will not be included in a future major release of Red Hat Enterprise Linux:
|Deprecated packages||Proposed replacement package or product|
|openldap-servers||Depending on the use case, migrate to Identity Management included in Red Hat Enterprise Linux or to Red Hat Directory Server. [c]|
|hesiod||No replacement available.|
|mod_revocator||No replacement available.|
[a] System Security Services Daemon (SSSD) contains enhanced smart card functionality.
[b] For details on migrating from pam_krb5 to sssd, see Migrating from pam_krb5 to sssd in the upstream SSSD documentation.
[c] Red Hat Directory Server requires a valid Directory Server subscription. For details, see also What is the support status of the LDAP-server shipped with Red Hat Enterprise Linux? in Red Hat Knowledgebase.
In Red Hat Enterprise Linux 7.5, the following packages were added to the table above:
- python-kerberos, python-krbV
The Clevis HTTP pin has been deprecated
The Clevis HTTP pin has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux and will remain out of the distribution until a further notice.
crypto-utils has been deprecated
The crypto-utils packages have been deprecated, and they will not be available in a future major version of Red Hat Enterprise Linux. You can use tools provided by the openssl, gnutls-utils, and nss-tools packages instead.
3DES is removed from the Python SSL default cipher list
The Triple Data Encryption Standard (
3DES) algorithm has been removed from the Python SSL default cipher list. This enables Python applications using SSL to be PCI DSS-compliant.
sssd-secrets has been deprecated
sssd-secretscomponent of the
System Security Services Daemon(SSSD) has been deprecated in Red Hat Enterprise Linux 7.6. This is because Custodia, a secrets service provider, available as a Technology Preview, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Vaults.
Support for earlier IdM servers and for IdM replicas at domain level 0 will be limited
Red Hat does not plan to support using Identity Management (IdM) servers running Red Hat Enterprise Linux (RHEL) 7.3 and earlier with IdM clients of the next major release of RHEL. If you plan to introduce client systems running on the next major version of RHEL into a deployment that is currently managed by IdM servers running on RHEL 7.3 or earlier, be aware that you will need to upgrade the servers, moving them to RHEL 7.4 or later.
In the next major release of RHEL, only domain level 1 replicas will be supported. Before introducing IdM replicas running on the next major version of RHEL into an existing deployment, be aware that you will need to upgrade all IdM servers to RHEL 7.4 or later, and change the domain level to 1.
Consider planning the upgrade in advance if your deployment will be affected.
Bug-fix only support for the nss-pam-ldapd and NIS packages in the next major release of Red Hat Enterprise Linux
The nss-pam-ldapd packages and packages related to the NIS server will be released in the future major release of Red Hat Enterprise Linux but will receive a limited scope of support. Red Hat will accept bug reports but no new requests for enhancements. Customers are advised to migrate to the following replacement solutions:
|Affected packages||Proposed replacement package or product|
|Identity Management in Red Hat Enterprise Linux|
Use the Go Toolset instead of golang
The golang package, previously available in the Optional channel, will no longer receive updates in Red Hat Enterprise Linux 7. Developers are encouraged to use the Go Toolset instead, which is available through the Red Hat Developer program.
mesa-private-llvm will be replaced with llvm-private
The mesa-private-llvm package, which contains the LLVM-based runtime support for Mesa, will be replaced in a future minor release of Red Hat Enterprise Linux 7 with the llvm-private package.
libdbi and libdbi-drivers have been deprecated
The libdbi and libdbi-drivers packages will not be included in the next Red Hat Enterprise Linux (RHEL) major release.
Ansible deprecated in the Extras channel
Ansibleand its dependencies will no longer be updated through the Extras channel. Instead, the Red Hat Ansible Engine product has been made available to Red Hat Enterprise Linux subscriptions and will provide access to the official Ansible Engine channel. Customers who have previously installed
Ansibleand its dependencies from the Extras channel are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras channel.
Ansiblewas previously provided in Extras (for AMD64 and Intel 64 architectures, and IBM POWER, little endian) as a runtime dependency of, and limited in support to, the Red Hat Enterprise Linux (RHEL) System Roles. Ansible Engine is available today for AMD64 and Intel 64 architectures, with IBM POWER, little endian availability coming soon.
Ansiblein the Extras channel was not a part of the Red Hat Enterprise Linux FIPS validation process.
The following packages have been deprecated from the Extras channel:
For more information and guidance, see the Knowledgebase article at https://access.redhat.com/articles/3359651.
Note that Red Hat Enterprise Linux System Roles continue to be distributed though the Extras channel. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks which use Red Hat Enterprise Linux System Roles.
signtool has been deprecated and moved to
signtooltool from the nss packages, which uses insecure signature algorithms, has been deprecated. The
signtoolexecutable has been moved to the
/usr/lib/nss/unsupported-tools/directory, depending on the platform.
TLS compression support has been removed from nss
To prevent security risks, such as the CRIME attack, support for TLS compression in the
NSSlibrary has been removed for all TLS versions. This change preserves the API compatibility.
Public web CAs are no longer trusted for code signing by default
The Mozilla CA certificate trust list distributed with Red Hat Enterprise Linux 7.5 no longer trusts any public web CAs for code signing. As a consequence, any software that uses the related flags, such as
OpenSSL, no longer trusts these CAs for code signing by default. The software continues to fully support code signing trust. Additionally, it is still possible to configure CA certificates as trusted for code signing using system configuration.
All-numeric user and group names in shadow-utils are now deprecated
Creating user and group names consisting purely of numeric characters using the
groupaddcommands is now deprecated and will be removed from the system with the next major release. Such names can potentially confuse many tools that work with user and group names and user and group ids (which are numbers).
Sendmail has been deprecated
Sendmailhas been deprecated in Red Hat Enterprise Linux 7. Customers are advised to use
Postfix, which is configured as the default Mail Transfer Agent (MTA).
dmraid has been deprecated
Since Red Hat Enterprise Linux 7.5, the dmraid packages have been deprecated. It will stay available in Red Hat Enterprise Linux 7 releases but a future major release will no longer support legacy hybrid combined hardware and software RAID host bus adapter (HBA).
Automatic loading of
DCCP modules through socket layer is now disabled by default
For security reasons, automatic loading of the
Datagram Congestion Control Protocol (DCCP)kernel modules through socket layer is now disabled by default. This ensures that userspace applications can not maliciously load any modules. All
DCCPrelated modules can still be loaded manually through the
/etc/modprobe.d/dccp-blacklist.confconfiguration file for blacklisting the
DCCPmodules is included in the kernel package. Entries included there can be cleared by editing or removing this file to restore the previous behavior.
Note that any re-installation of the same kernel package or of a different version does not override manual changes. If the file is manually edited or removed, these changes persist across package installations.
rsyslog-libdbi has been deprecated
The rsyslog-libdbi sub-package, which contains one of the less used
rsyslogmodule, has been deprecated and will not be included in a future major release of Red Hat Enterprise Linux. Removing unused or rarely used modules helps users to conveniently find a database output to use.
inputname option of the rsyslog
imudp module has been deprecated
inputnameoption of the
imudpmodule for the
rsyslogservice has been deprecated. Use the
SMBv1 is no longer installed with Microsoft Windows 10 and 2016 (updates 1709 and later)
Microsoft announced that the Server Message Block version 1 (SMBv1) protocol will no longer be installed with the latest versions of Microsoft Windows and Microsoft Windows Server. Microsoft also recommends users to disable SMBv1 on earlier versions of these products.
This update impacts Red Hat customers who operate their systems in a mixed Linux and Windows environment. Red Hat Enterprise Linux 7.1 and earlier support only the SMBv1 version of the protocol. Support for SMBv2 was introduced in Red Hat Enterprise Linux 7.2.
For details on how this change affects Red Hat customers, see SMBv1 no longer installed with latest Microsoft Windows 10 and 2016 update (version 1709) in Red Hat Knowledgebase.
-ok option of the
tc command has been deprecated
-okoption of the
tccommand has been deprecated and this feature will not be included in the next major version of Red Hat Enterprise Linux.
FedFS has been deprecated
Federated File System (FedFS) has been deprecated because the upstream FedFS project is no longer being actively maintained. Red Hat recommends migrating FedFS installations to use
autofs, which provides more flexible functionality.
Btrfs has been deprecated
Btrfsfile system has been in Technology Preview state since the initial release of Red Hat Enterprise Linux 6. Red Hat will not be moving
Btrfsto a fully supported feature and it will be removed in a future major release of Red Hat Enterprise Linux.
Btrfsfile system did receive numerous updates from the upstream in Red Hat Enterprise Linux 7.4 and will remain available in the Red Hat Enterprise Linux 7 series. However, this is the last planned update to this feature.
The tcp_wrappers package has been deprecated. tcp_wrappers provides a library and a small daemon program that can monitor and filter incoming requests for audit, cyrus-imap, dovecot, nfs-utils, openssh, openldap, proftpd, sendmail, stunnel, syslog-ng, vsftpd, and various other network services.
nautilus-open-terminal replaced with gnome-terminal-nautilus
Since Red Hat Enterprise Linux 7.3, the nautilus-open-terminal package has been deprecated and replaced with the gnome-terminal-nautilus package. This package provides a Nautilus extension that adds the Open in Terminal option to the right-click context menu in Nautilus. nautilus-open-terminal is replaced by gnome-terminal-nautilus during the system upgrade.
sslwrap() removed from Python
sslwrap()function has been removed from Python 2.7. After the 466 Python Enhancement Proposal was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream.
Red Hat recommends using the
ssl.SSLContextclass and the
ssl.SSLContext.wrap_socket()function instead. Most applications can simply use the
ssl.create_default_context()function, which creates a context with secure default settings. The default context uses the system's default trust store, too.
Symbols from libraries linked as dependencies no longer resolved by
ldlinker resolved any symbols present in any linked library, even if some libraries were linked only implicitly as dependencies of other libraries. This allowed developers to use symbols from the implicitly linked libraries in application code and omit explicitly specifying these libraries for linking.
For security reasons,
ldhas been changed to not resolve references to symbols in libraries linked implicitly as dependencies.
As a result, linking with
ldfails when application code attempts to use symbols from libraries not declared for linking and linked only implicitly as dependencies. To use symbols from libraries linked as dependencies, developers must explicitly link against these libraries as well.
To restore the previous behavior of
ld, use the
-copy-dt-needed-entriescommand-line option. (BZ#1292230)
Windows guest virtual machine support limited
As of Red Hat Enterprise Linux 7, Windows guest virtual machines are supported only under specific subscription programs, such as Advanced Mission Critical (AMC).
libnetlink is deprecated
libnetlinklibrary contained in the iproute-devel package has been deprecated. The user should use the
S3 and S4 power management states for KVM have been deprecated
Native KVM support for the S3 (suspend to RAM) and S4 (suspend to disk) power management states has been discontinued. This feature was previously available as a Technology Preview.
The Certificate Server plug-in udnPwdDirAuth is discontinued
udnPwdDirAuthauthentication plug-in for the Red Hat Certificate Server was removed in Red Hat Enterprise Linux 7.3. Profiles using the plug-in are no longer supported. Certificates created with a profile using the
udnPwdDirAuthplug-in are still valid if they have been approved.
Red Hat Access plug-in for IdM is discontinued
The Red Hat Access plug-in for Identity Management (IdM) was removed in Red Hat Enterprise Linux 7.3. During the update, the redhat-access-plugin-ipa package is automatically uninstalled. Features previously provided by the plug-in, such as Knowledgebase access and support case engagement, are still available through the Red Hat Customer Portal. Red Hat recommends to explore alternatives, such as the
The Ipsilon identity provider service for federated single sign-on
The ipsilon packages were introduced as Technology Preview in Red Hat Enterprise Linux 7.2. Ipsilon links authentication providers and applications or utilities to allow for single sign-on (SSO).
Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.
Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.
rsyslog options deprecated
rsyslogutility version in Red Hat Enterprise Linux 7.4 has deprecated a large number of options. These options no longer have any effect and cause a warning to be displayed.
- The functionality previously provided by the options
-6can be achieved using the
- There is no replacement for the functionality previously provided by the options
Deprecated symbols from the
The following symbols from the
memkindlibrary have been deprecated:
Options of Sockets API Extensions for SCTP (RFC 6458) deprecated
SCTP_DEFAULT_SEND_PARAMof Sockets API Extensions for the Stream Control Transmission Protocol have been deprecated per the RFC 6458 specification.
SCTP_DEFAULT_SNDINFOhave been implemented as a replacement for the deprecated options.
Managing NetApp ONTAP using SSLv2 and SSLv3 is no longer supported by
The SSLv2 and SSLv3 connections to the NetApp ONTAP storage array are no longer supported by the
libstorageMgmtlibrary. Users can contact NetApp support to enable the Transport Layer Security (TLS) protocol.
dconf-dbus-1 has been deprecated and
dconf-editor is now delivered separately
With this update, the
dconf-dbus-1API has been removed. However, the
dconf-dbus-1library has been backported to preserve binary compatibility. Red Hat recommends using the
GDBuslibrary instead of
dconf-error.hfile has been renamed to
dconf-enums.h. In addition, the dconf Editor is now delivered in the separate dconf-editor package.
FreeRADIUS no longer accepts
Auth-Type := System
FreeRADIUSserver no longer accepts the
Auth-Type := Systemoption for the
rlm_unixauthentication module. This option has been replaced by the use of the
unixmodule in the
authorizesection of the configuration file.
libcxgb3 library and the cxgb3 firmware package have been deprecated
libcxgb3library provided by the libibverbs package and the cxgb3 firmware package have been deprecated. They continue to be supported in Red Hat Enterprise Linux 7 but will likely not be supported in the next major releases of this product. This change corresponds with the deprecation of the
iw_cxgb3drivers listed above.
SFN4XXX adapters have been deprecated
Starting with Red Hat Enterprise Linux 7.4, SFN4XXX Solarflare network adapters have been deprecated. Previously, Solarflare had a single driver
sfcfor all adapters. Recently, support of SFN4XXX was split from
sfcand moved into a new SFN4XXX-only driver, called
sfc-falcon. Both drivers continue to be supported at this time, but
sfc-falconand SFN4XXX support is scheduled for removal in a future major release.
Software-initiated-only FCoE storage technologies have been deprecated
The software-initiated-only type of the Fibre Channel over Ethernet (FCoE) storage technology has been deprecated due to limited customer adoption. The software-initiated-only storage technology will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove software-initiated-based FCoE support in a future major release of Red Hat Enterprise Linux.
It is important to note that the hardware support and the associated user-space tools (such as drivers,
libfcoe) are unaffected by this deprecation notice.
For details regarding changes to FCoE support in RHEL 8, see Considerations in adopting RHEL 8.
Target mode in Software FCoE and Fibre Channel has been deprecated
- Software FCoEThe NIC Software FCoE target functionality has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. The deprecation notice indicates the intention to remove the NIC Software FCoE target functionality support in a future major release of Red Hat Enterprise Linux. For more information regarding changes to FCoE support in Red Hat Enterprise Linux 8, see Considerations in adopting RHEL 8.
- Fibre ChannelTarget mode in Fibre Channel has been deprecated and will remain supported for the life of Red Hat Enterprise Linux 7. Target mode will be disabled for the
qla2xxxdrivers in a future major release of Red Hat Enterprise Linux.
Containers using the
libvirt-lxc tooling have been deprecated
The following libvirt-lxc packages are deprecated since Red Hat Enterprise Linux 7.1:
Future development on the Linux containers framework is now based on the docker command-line interface. libvirt-lxc tooling may be removed in a future release of Red Hat Enterprise Linux (including Red Hat Enterprise Linux 7) and should not be relied upon for developing custom container management applications.
For more information, see the Red Hat KnowledgeBase article.
The Perl and shell scripts for Directory Server have been deprecated
The Perl and shell scripts, which are provided by the 389-ds-base package, have been deprecated. The scripts will be replaced by new utilities in the next major release of Red Hat Enterprise Linux.
The Shell Scripts and Perl Scripts sections in the Red Hat Directory Server Command, Configuration, and File Reference have been updated. The descriptions of affected scripts contain now a note that they are deprecated.
libguestfs can no longer inspect ISO installer files
libguestfslibrary does no longer support inspecting ISO installer files, for example using the
virt-inspectorutilities. Use the
osinfo-detectcommand for inspecting ISO files instead. This command can be obtained from the libosinfo package.
Creating internal snapshots of virtual machines has been deprecated
Due to their lack of optimization and stability, internal virtual machine snapshots are now deprecated. In their stead, external snapshots are recommended for use. For more information, including instructions for creating external snapshots, see the Virtualization Deployment and Admnistration Guide.
IVSHMEM has been deprecated
The inter-VM shared memory device (IVSHMEM) feature has been deprecated. Therefore, in a future major release of RHEL, if a virtual machine (VM) is configured to share memory between multiple virtual machines in the form of a PCI device that exposes memory to guests, the VM will fail to boot.
The gnome-shell-browser-plugin subpackage has been deprecated
Since the Firefox Extended Support Release (ESR 60), Firefox no longer supports the Netscape Plugin Application Programming Interface (NPAPI) that was used by the gnome-shell-browser-plugin subpackage. The subpackage, which provided the functionality to install GNOME Shell Extensions, has thus been deprecated. The installation of GNOME Shell Extensions is now handled directly in the gnome-software package.
The VDO read cache has been deprecated
The read cache functionality in Virtual Data Optimizer (VDO) has been deprecated. The read cache is disabled by default on new VDO volumes.
In the next major Red Hat Enterprise Linux release, the read cache functionality will be removed, and you will no longer be able to enable it using the
--readCacheoption of the
cpuid has been deprecated
cpuidcommand has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using
cpuidto dump the information about CPUID instruction for each CPU. To obtain similar information, use the
KDE has been deprecated
KDE Plasma Workspaces (KDE), which has been provided as an alternative to the default GNOME desktop environment has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support using KDE instead of the default GNOME desktop environment.
virt-install with NFS locations is deprecated
With a future major version of Red Hat Enterprise Linux, the
virt-installutility will not be able to mount NFS locations. As a consequence, attempting to install a virtual machine using
virt-installwith a NFS address as a value of the
--locationoption will fail. To work around this change, mount your NFS share prior to using
virt-install, or use a HTTP location.
lwresd daemon has been deprecated
lwresddaemon, which is a part of the bind package, has been deprecated. A future major release of Red Hat Enterprise Linux will no longer support providing name lookup services to clients that use the BIND 9 lightweight resolver library with
The recommended replacements are:
nss-resolveAPI, provided by the systemd package
unboundlibrary API and daemon, provided by the unbound and unbound-libs packages
/etc/sysconfig/nfs file and legacy NFS service names have been deprecated
A future major Red Hat Enterprise Linux release will move the NFS configuration from the
Red Hat Enterprise Linux 7 currently supports both of these files. Red Hat recommends that you use the new
/etc/nfs.conffile to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.
Additionally, the following NFS service aliases will be removed and replaced by their upstream names:
nfs.service, replaced by
nfs-secure.service, replaced by
rpcgssd.service, replaced by
nfs-idmap.service, replaced by
rpcidmapd.service, replaced by
nfs-lock.service, replaced by
nfslock.service, replaced by
The openvswitch-2.0.0-7 package in the RHEL 7 Optional channel has been deprecated
RHEL 7.5 introduced the openvswitch-2.0.0-7.el7 package in the RHEL 7 Optional channel as a dependency of the NetworkManager-ovs package. This dependency no longer exists and, as a result, openvswitch-2.0.0-7.el7 is now deprecated.
Note that Red Hat does not support packages in the Optional channel and that openvswitch-2.0.0-7.el7 will not be updated in the future. For this reason, do not use this package in production environments.
Deprecated PHP extensions
The following PHP extensions have been deprecated:
Deprecated Apache HTTP Server modules
The following modules of the Apache HTTP Server have been deprecated:
Apache Tomcat has been deprecated
The Apache Tomcat server, a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies, has been deprecated. Red Hat recommends that users requiring a servlet container use the JBoss Web Server.
The DES algorithm is deprecated in IdM
Due to security reasons, the Data Encryption Standard (DES) algorithm is deprecated in Identity Management (IdM). The MIT Kerberos libraries provided by the krb5-libs package do not support using the Data Encryption Standard (DES) in new deployments. Use DES only for compatibility reasons if your environment does not support any newer algorithm.
Red Hat also recommends to avoid using RC4 ciphers over Kerberos. While DES is deprecated, the Server Message Block (SMB) protocol still uses RC4. However, the SMB protocol can also use the secure AES algorithms.
For further details, see: