2.4. System Management

Read this section for a summary of changes made to system management tools and processes between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

2.4.1. Default process maximums (ulimit)

In Red Hat Enterprise Linux 6, non-root users were restricted to a total of 1024 processes per PAM session. In Red Hat Enterprise Linux 7, this has been increased to 4096 processes per PAM session by default.
The default value is specified in the /etc/security/limits.d/*-nproc.conf file (usually /etc/security/limits.d/20-nproc.conf on Red Hat Enterprise Linux 7). If this file is not present, the maximum number of processes that a non-root user can own is determined programmatically, as described in https://access.redhat.com/solutions/218383.
You can find out the current number of processes available to non-root users per PAM session by running the ulimit -u command.

2.4.2. Configuration File Syntax

In Red Hat Enterprise Linux 6, the export command was used in configuration files to export the values defined in those files. Variables that did not use the export command were not exported and were used only as configuration values for the corresponding init script. This is an example /etc/sysconfig/sshd file:
In Red Hat Enterprise Linux 6, only the values of SSH_USE_STRONG_RNG and OPENSSL_DISABLE_AES_NI were exported to the environment of the ssh daemon. The variable AUTOCREATE_SERVER_KEYS was used to tell the init script to automatically create RSA and DSA server private and public keys.
In Red Hat Enterprise Linux 7, the export command is no longer required for these values to be exported to the environment of the service being configured. Therefore the following example /etc/sysconfig/sshd file exports all three values to the environment of the ssh daemon:

2.4.3. New Logging Framework

Red Hat Enterprise Linux 7 introduces a new logging daemon, journald, as part of the move to systemd. journald captures the following types of message for all services:
  • syslog messages
  • kernel messages
  • initial RAM disk and early boot messages
  • messages sent to standard output and standard error output
It then stores these messages in native journal files: structured, indexed binary files that contain useful metadata and are faster and easier to search.
Journal files are not stored persistently by default. The amount of data logged depends on the amount of free memory available; when the system runs out of space in memory or in the /run/log/journal directory, the oldest journal files will be removed in order to continue logging.
On Red Hat Enterprise Linux 7, rsyslog and journald coexist. The data collected by journald is forwarded to rsyslog, which can perform further processing and store text-based log files. By default, rsyslog only stores the journal fields that are typical for syslog messages, but can be configured to store all the fields available to journald. Red Hat Enterprise Linux 7 therefore remains compatible with applications and system configurations that rely on rsyslog.
For further details about the logging subsystem, see the Red Hat Enterprise Linux 7 System Administrator's Guide.

2.4.4. Localization Settings

As part of the move to the new init system, systemd, localization settings have moved from /etc/sysconfig/i18n to /etc/locale.conf and /etc/vconsole.conf.

2.4.5. Hostname Definition

In Red Hat Enterprise Linux 6, the hostname variable was defined in the /etc/sysconfig/network configuration file. In Red Hat Enterprise Linux 7, as part of the move to the new init system (systemd), the hostname variable is defined in /etc/hostname.

2.4.6. Updates to Yum

Red Hat Enterprise Linux 7 includes an updated version of yum, which includes a number of changes and enhancements. This section lists changes that may affect yum users moving from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7.
  • yum group and yum groups are now top level commands, to improve the consistency of command line yum use. For example, where previously you would use yum groupinfo, you can now use yum group info.
  • yum group list now includes additional optional parameters to alter its output. The new options are language and ids.
  • The default value for the group_command parameter in /etc/yum.conf has been changed from compat to objects. Previously, the default behavior of yum group install was to install all members of a package group and upgrade both previously installed packages and packages that had been added to the group since the previous upgrade. The new default behavior is that yum keeps track of the previously installed groups and distinguishes between packages installed as a part of the group and packages installed separately.
  • The yum-security and yum-presto plug-ins have been integrated into yum.
  • yum can now download multiple packages simultaneously.
  • yum now includes support for environment groups. This allows you to install and remove multiple package groups listed under an environment group as a single entity.
  • yum can now treat a repository as a set of packages, allowing users to treat all packages in a repository as a single entity, for example, to install or remove all packages in that repository. This capability is provided by the repository-packages subcommand.
  • yum now includes a --disableincludes option, which allows you to disable include statements defined in your configuration files. You can either disable all include statements with the all value, or disable the include statements defined for a specific repository by providing that repository identifier.
  • yum now includes an --assumeno option, which assumes that the answer to any question asked by yum is 'no'. This option overrides the --assumeyes option, but is still subject to the behavior prescribed by alwaysprompt.
For further information about yum, see the man page:
$ man yum

2.4.7. Updates to RPM Package Manager (RPM)

Red Hat Enterprise Linux 7 provides an updated version of RPM Package Manager. This update includes a number of changes to behavior that may affect migration.
  • Conflict detection is now stricter and more correct. Some packages that would have installed on Red Hat Enterprise Linux 6 may not install on Red Hat Enterprise Linux 7 because of this heightened conflict sensitivity.
  • A package that conflicts with other versions of itself can now be set up as a singleton using alternatives, so that multiple versions of a single package can be installed alongside each other.
  • If an installed package lists another package as obsolete, the second package is not installed.
  • Obsolete rules now include all matching packages regardless of other attributes such as architecture.
  • Dependency calculations no longer consider files that were not installed or files that were replaced, for example, with the --nodocs, --noconfig, or --force options, as being provided.
  • There is no longer a need to manually execute rm -f /var/lib/rpm/__db. when rebuilding a panicked (DB_RUNRECOVER) RPM Package Manager database.
  • Public keys created with OpenPGP 3 are no longer supported.
  • The --info option now outputs individual tag–value pairs per line to improve human readability. Any scripts that rely on the previous --info format need to be rewritten.
  • The spec parser is now stricter and more correct, so some previously-accepted spec files may fail to parse, or give warnings.
  • %license can now be used to mark files in the %files section of a spec file as licenses that must be installed even when --nodocs is specified.
  • Version comparison now supports the dpkg-style tilde (~) operator to handle pre-release software better. For example, foo-2.0~beta1 is considered older than foo-2.0, removing the need for tricks with the Release field to handle these common upstream version practices.
  • The automatic dependency generator has been rewritten into an extensible, customizable rule-based system with built in filtering.
This update also includes the following enhancements:
  • It is now possible to query the files installed from a package (INSTFILENAMES), the number of hard links to a file (FILENLINKS), package version control system details (VCS), and formatted dependency string shortcuts (PROVIDENEVRS, REQUIRENEVRS, CONFLICTNEVRS, OBSOLETENEVRS).
  • A number of new commands are provided, including:
    • rpmkeys
    • rpmdb
    • rpmspec
    • rpmsign
  • RPM Package Manager now includes new switches to scriptlets to enable runtime macro expansion or runtime query format expansion.
  • Pre- and post-transaction scriptlet dependencies can now be correctly expressed with Requires(pretrans) and Requires(posttrans).
  • RPM Package Manager now includes the OrderWithRequires tag to allow users to supply additional ordering information. This new tag uses the same syntax as the Requires tag, but does not generate dependencies. If mentioned packages are present in the same transaction, the ordering hints are treated like Requires when calculating transaction order.
  • Line continuations and macro expansions in spec files are no longer limited to a specified length.
  • RPM Package Manager now allows users to specify upstream version control repository information.
  • RPM Package Manager now includes an %autosetup macro to assist in automating the process of applying patches.

2.4.8. New Format of ifconfig

The format of output from the deprecated ifconfig tool has changed in Red Hat Enterprise Linux 7. Scripts that parse ifconfig output may be affected by these changes, and may need to be rewritten.
Red Hat recommends using the ip utility and its subcommands (ip addr, ip link) instead of the deprecated ifconfig tool.

2.4.9. Changes to Control Groups

The kernel uses control groups to group processes for the purpose of system resource management. Red Hat Enterprise Linux 7 introduces a number of changes to control groups.
  • Control groups are now mounted under /sys/fs/cgroup instead of /cgroup.
  • Some file systems are now mounted by default.
  • systemd does not yet fully support migration from libcgroup to systemd. As such, the cgred service should be used only to move processes to groups not managed by systemd. The cgconfig.conf file should be used to configure a control group hierarchy for file systems or file controllers not managed by systemd.
For further information about these changes, see the Red Hat Enterprise Linux 7 Resource Management Guide, available from http://access.redhat.com/site/documentation/Red_Hat_Enterprise_Linux/.

2.4.10. Changes to Kernel Crash Collection (Kdump)

The kernel crash collection tool, kdump, previously generated an initial RAMDisk (initrd) for the kdump capture kernel with a custom mkdumprd script. In Red Hat Enterprise Linux 7 the initial RAMDisk is generated with dracut, making the process of generating the initial RAMDisk easier to maintain.
As a result of this move, the following changes have been made to kdump and its configuration files.
  • The net directive is no longer supported. Users must now explicitly define either ssh or nfs.
  • The blacklist option is no longer supported. Instead, users can specify rd.driver.blacklist as a parameter in the /etc/sysconfig/kdump file of their capture kernel.
  • The default mount_root_run_init action, which was performed if dumping to an intended target failed, has been replaced by the dump_to_rootfs action. Instead of mounting the real root file system, running init scripts, and attempting to save the vmcore when the kdump service has started, this new action mounts the root file system and saves the vmcore to it immediately.
  • A new directive, dracut_args, allows you to specify additional dracut arguments when configuring kdump.
  • The debug_mem_level option is no longer included in kdump. This functionality has been moved to dracut. Users can achieve the same functionality by specifying rd.memdebug as a parameter in the /etc/sysconfig/kump file of their capture kernel.
  • The options directive was previously used to include parameters specific to the kernel module in the initial ram file system (initramfs). This method is not supported in Red Hat Enterprise Linux 7. Instead, users can specify relevant parameters in the /etc/sysconfig/kdump file of their capture kernel.
  • The link_delay and disk_timeout parameters are no longer necessary or supported, as dracut contains udev, which addresses the use case for which these parameters were previously required.
  • Any file system back-end dump targets must be mounted in the crashed kernel before the kdump service is started and the initial RAMDdisk image is created. You can achieve this by adding these targets to /etc/fstab to be automatically mounted at boot time.
  • If you specify a path, but do not specify a target, and any directory in the path that you specify is a mount point for a separate device, the vmcore is saved to the path, not the device mounted somewhere along that path. Therefore when your system reboots, and the device mounts, the vmcore is inaccessible, because the device has mounted over the top of its location. Red Hat Enterprise Linux 7 now warns about this issue when you specify a path without specifying a target.
For further details about kdump, see the Red Hat Enterprise Linux 7 Kernel Crash Dump Guide, available from http://access.redhat.com/site/documentation/Red_Hat_Enterprise_Linux/

2.4.11. Changes to usermod behavior

In Red Hat Enterprise Linux  6, the -g option of the usermod command did not manipulate group ownership. From Red Hat Enterprise Linux  7.0 to Red Hat Enterprise Linux  7.2 release, the -g option modified the group ownership of the files in the /home directory tree. Starting from Red Hat Enterprise Linux  7.3, usermod changes the group ownership of the files inside of the user’s home directory only if the home directory user ID matches the user ID being modified.

2.4.12. Changes to System accounts

The default range of IDs for system users, normal users and groups has changed in Red Hat Enterprise Linux  7 release as follows:

Table 2.4. ID layout

RangeRed Hat Enterprise Linux  6Red Hat Enterprise Linux  7
System accounts0-4990-999
User accounts500-60,0001,000-60,000
This change might cause problems when migrating to Red Hat Enterprise Linux  7 with existing users having UIDs and GIDs between 500 and 999. The default ranges of UID and GID can be manually changed in the /etc/login.defs file.