Chapter 4. RHEL 8.0.1 release

4.1. New features

RHEL System Roles updated

The rhel-system-roles packages, which provide a configuration interface for RHEL subsystems, have been updated. Notable changes include:

  • Handling of absent profiles in the network role has been improved. When deleting an existing NetworkManager on-disk profile configuration by setting the persistent state to absent, only the persistent configuration for the profile is now removed, and the current runtime configuration remains unchanged. As a result, the corresponding network device is no longer brought down in the described situation.
  • Specifying a Maximum Transmission Unit (MTU) size for VLAN and MACVLAN interfaces in the network role has been fixed. As a result, setting MTU size on VLAN and MACVLAN interfaces using the network role no longer fails with the following error message:

    failure: created connection failed to normalize: nm-connection-error-quark:
    connection.type: property is missing (6)
  • The selinux and timesync roles now include all their documented input variables in their defaults files (defaults/main.yml). This makes it easy to determine what input variables are supported by the roles by examining the content of their respective defaults files.
  • The kdump and timesync roles have been fixed to not fail in check mode.

(BZ#1685902, BZ#1674004, BZ#1685904)

sos-collector rebased to version 1.7

The sos-collector packages have been updated to version 1.7 in RHEL 8.0.1. Notable changes include:

  • sos-collector can now collect sosreports from Red Hat Enterprise Linux CoreOS (RHCOS) nodes in the same way as from regular RHEL nodes. Users do not need to make any changes to the way they run sos-collector. Identification of when a node is RHCOS or RHEL is automatic.
  • When collecting from RHCOS nodes, sos-collector will create a temporary container on the node and use the support-tools container to generate a sosreport. This container will be removed after completion.
  • Using the --cluster-type=none option allows users to skip all cluster-related checks or modifications to the sosreport command that gets run on the nodes, and simply collect from a static list of nodes passed through the --nodes parameter.
  • Red Hat Satellite is now a supported cluster type to allow collecting sosreports from the Satellite and any Capsules.

(BZ#1695764)

Upgraded compiler toolsets

The following compiler toolsets, distributed as Application Streams, have been upgraded with RHEL 8.0.1:

  • Rust Toolset, which provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries, to version 1.35
  • Go Toolset, which provides the Go (golang) programming language tools and libraries, to version 1.11.6.

(BZ#1731500)

Enabling and disabling SMT

Simultaneous Multi-Threading (SMT) configuration is now available in RHEL 8. Disabling SMT in the web console allows you to mitigate a class of CPU security vulnerabilities such as:

(BZ#1713186)

4.2. Known issues

Performance deterioration in IPSec tunnels

Using the aes256_sha2 or the aes-gcm256 IPSec cipher set in RHEL 8.0.1 has a negative performance impact on IPSec tunnels. Users with specific VPN settings will experience 10% performance deterioration for IPSec tunnels. This regression is not caused by Microarchitectural Data Sampling (MDS) mitigations; it can be observed with the mitigations both on and off.

(BZ#1731362)