Chapter 1. Overview
Installer and image creation
In RHEL 8.3, you can configure a root password and create a user account before you begin the installation. Previously, you configured a root password and created a user account after you began the installation process. You can also create customized images based on a much more reliable backend and also push images to clouds through the RHEL web console.
RHEL for Edge
RHEL 8.3 introduces RHEL for Edge for remotely installing RHEL on Edge servers. RHEL for Edge is an rpm-ostree image that you can compose using Image Builder. You can install the image using a Kickstart file and then manage the image to include image updates and to roll back an image to a previous functional state.
Following are RHEL for Edge key highlights:
- Atomic upgrades, where the state of each update is known and no changes are seen until you reboot the device.
- Custom health checks and intelligent rollbacks to ensure resiliency.
- Container-focused workflows, where you can separate core OS updates from the application updates, and test and deploy different versions of applications.
- Optimized OTA payloads for low-bandwidth environments.
For more information, see Section 5.2, “RHEL for Edge”.
The Tuned system tuning tool has been rebased to version 2.13, which adds support for architecture-dependent tuning and multiple include directives.
RHEL 8.3 provides Ansible roles for automated deployments of Policy-Based Decryption (PBD) solutions using Clevis and Tang, and this version of the
rhel-system-roles package also contains an Ansible role for RHEL logging through Rsyslog.
scap-security-guide packages have been rebased to version 0.1.50, and OpenSCAP has been rebased to version 1.3.3. These updates provide substantial improvements, including a profile aligned with the CIS RHEL 7 Benchmark v2.2.0 and a profile aligned with the Health Insurance Portability and Accountability Act (HIPAA) that is required by North-American healthcare organizations.
With this update, you can now generate result-based remediation roles from tailored profiles using the
SCAP Workbench tool.
The USBGuard framework now provides its own SELinux policy, it notifies desktop users in GUI, and the version 0.7.8 contains many other improvements and bug fixes.
Dynamic programming languages, web and database servers
Later versions of the following components are now available as new module streams:
- nginx 1.18
- Node.js 14
- Perl 5.30
- PHP 7.4
- Ruby 2.7
The following components have been updated in RHEL 8.3:
- Git to version 2.27
- Squid to version 4.11
See Section 5.11, “Dynamic programming languages, web and database servers” for more information.
The following compiler toolsets have been updated in RHEL 8.3:
- GCC Toolset 10
- LLVM Toolset 10.0.1
- Rust Toolset 1.45.2
- Go Toolset 1.14.7
See Section 5.12, “Compilers and development tools” for more information.
The Rivest Cipher 4 (RC4) cipher suite, the default encryption type for users, services, and trusts between Active Directory (AD) domains in an AD forest, has been deprecated in RHEL 8. For compatibility reasons, this update introduces a new cryptographic policy,
DEFAULT:AD-SUPPORT, to enable support for the deprecated RC4 encryption type. The new policy allows you to use RC4 with RHEL Identity Management (IdM) and SSSD Active Directory integration solutions on top of the
DEFAULT cryptographic policy.
In the context of IdM-AD cross forest trusts and Samba, domain member administrators can activate the new
DEFAULT:AD-SUPPORT policy when AD is not configured to use Advanced Encryption Standard (AES) with the following command:
update-crypto-policies --set DEFAULT:AD-SUPPORT.
Alternatively, to upgrade trusts between AD domains in an AD forest so that they support strong AES encryption types, see the following Microsoft article: AD DS: Security: Kerberos "Unsupported etype" error when accessing a resource in a trusted domain.
See Section 5.13, “Identity Management” for more information.
The web console
The web console provides an option to switch between administrative access and limited access from inside of a user session.
Virtual machines (VMs) hosted on IBM Z hardware can now use the IBM Secure Execution feature. This makes the VMs resistant to attacks if the host is compromised, and also prevents untrusted hosts from obtaining information from the VM. In addition, DASD devices can now be assigned to VMs on IBM Z.
Desktop and graphics
You can now use the GNOME desktop on IBM Z systems.
The Direct Rendering Manager (DRM) kernel graphics subsystem has been rebased to upstream Linux kernel version 5.6. This version provides a number of enhancements over the previous version, including support for new GPUs and APUs, and various driver updates.
In-place upgrade and OS conversion
In-place upgrade from RHEL 7 to RHEL 8
With the general availability of RHEL 8.3, the supported in-place upgrade path is unchanged:
- From RHEL 7.9 to RHEL 8.2 on the 64-bit Intel, IBM POWER 8 (little endian), and IBM Z architectures
- From RHEL 7.6 to RHEL 8.2 on architectures that require kernel version 4.14: 64-bit ARM, IBM POWER 9 (little endian), and IBM Z (Structure A). Note that these architectures remain fully supported in RHEL 7 but no longer receive minor release updates since RHEL 7.7.
To ensure your system remains supported, either update to the latest RHEL 8.3 version or enable the RHEL 8.2 Extended Update Support (EUS) repositories.
For more information, see Supported in-place upgrade paths for Red Hat Enterprise Linux. For instructions on performing an in-place upgrade, see Upgrading from RHEL 7 to RHEL 8.
Notable enhancements include:
Leappnow supports user input by generating true/false questions to determine how to proceed with the upgrade.
- You can now upgrade multiple hosts simultaneously using the Satellite web UI.
- The in-place upgrade is now supported for on-demand instances on AWS and Microsoft Azure, using Red Hat Update Infrastructure (RHUI).
In-place upgrade from RHEL 6 to RHEL 8
To upgrade from RHEL 6.10 to RHEL 8.2, follow instructions in Upgrading from RHEL 6 to RHEL 8.
Conversion from a different Linux distribution to RHEL
If you are using CentOS 8 or Oracle Linux 8, you can convert your operating system to RHEL 8 using the
Convert2RHEL utility. For more information, see https://red.ht/migrate.
If you are using an earlier version of CentOS or Oracle Linux, namely versions 6 or 7, you can convert your operating system to RHEL and then perform an in-place upgrade to RHEL 8.
.NET 5 is now available on RHEL 8 as a Technology Preview
.NET 5 is now available as a Technology Preview on Red Hat Enterprise Linux 8 and OpenShift Container Platform. .NET 5 includes new language versions: C# 9 and F# 5.0. Significant performance improvements were made in the base libraries, GC and JIT. .NET 5 has
single file applications, which allows you to distribute .NET applications as a single executable, with all dependencies included. UBI8 images for .NET 5 are available from Red Hat container registry and can be used with OpenShift.
To use .NET 5, install the
$ sudo dnf install -y dotnet-sdk-5.0
For more information, see the .NET 5 documentation.
OpenJDK 11 is now available
New version of Open Java Development Kit (OpenJDK) is now available. For more information about the features introduced in this release and changes in the existing functionality, see OpenJDK features.
- Capabilities and limits of Red Hat Enterprise Linux 8 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
- Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
- The Package manifest document provides a package listing for RHEL 8.
- Major differences between RHEL 7 and RHEL 8 are documented in Considerations in adopting RHEL 8.
- Instructions on how to perform an in-place upgrade from RHEL 7 to RHEL 8 are provided by the document Upgrading to RHEL 8.
- The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is now available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.
Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:
- Registration Assistant
- Product Life Cycle Checker
- Kickstart Generator
- Kickstart Converter
- Red Hat Enterprise Linux Upgrade Helper
- Red Hat Satellite Upgrade Helper
- Red Hat Code Browser
- JVM Options Configuration Tool
- Red Hat CVE Checker
- Red Hat Product Certificates
- Load Balancer Configuration Tool
- Yum Repository Configuration Helper