Chapter 1. Overview

1.1. Major changes in RHEL 9.1

Installer and image creation

Following are image builder key highlights in RHEL 9.1 GA:

  • Image builder on-premise now supports:

    • Uploading images to GCP
    • Customizing the /boot partition
    • Pushing a container image directly to a registry
    • Users can now customize their blueprints during the image creation process.

For more information, see Section 4.1, “Installer and image creation”.

RHEL for Edge

Following are RHEL for Edge key highlights in RHEL 9.1-GA:

  • RHEL for Edge now supports installing the services and have them running with the default configuration, by using the fdo-admin CLI utility

For more information, see Section 4.2, “RHEL for Edge”.

Security

RHEL 9.1 introduces Keylime, a remote machine attestation tool using the trusted platform module (TPM) technology. With Keylime, you can verify and continuously monitor the integrity of remote machines.

SELinux user-space packages have been upgraded to version 3.4. The most notable changes include:

  • Improved relabeling performance through parallel relabeling
  • Support for SHA-256 in the semodule tool
  • New policy utilities in the libsepol-utils package

Changes in the system configuration and the clevis-luks-systemd subpackage enable the Clevis encryption client to unlock also LUKS-encrypted volumes that mount late in the boot process without using the systemctl enable clevis-luks-askpass.path command during the deployment process.

See New features - Security for more information.

Shells and command-line tools

RHEL 9.1 introduces a new package xmlstarlet. With XMLStarlet, you can parse, transform, query, validate, and edit XML files.

The following command-line tools have been updated in RHEL 9.1:

  • opencryptoki to version 3.18.0
  • powerpc-utils to version 1.3.10
  • libvpd to version 2.2.9
  • lsvpd to version 1.7.14
  • ppc64-diag to version 2.7.8

For more information, see New Features - Shells and command-line tools

Infrastructure services

The following infrastructure services tools have been updated in RHEL 9.1:

  • chrony to version 4.2
  • unbound to version 1.16.2
  • frr to version 8.2.2

For more information, see New Features - Infrastructure services.

Networking

NetworkManager supports migrating connection profiles from the deprecated ifcfg format to keyfile format.

NetworkManager now clearly indicates that WEP support is not available in RHEL 9.

The MultiPath TCP (MPTCP) code in the kernel has been updated from upstream Linux 5.19.

For further details, see New features - Networking.

Dynamic programming languages, web and database servers

Later versions of the following components are now available as new module streams:

  • PHP 8.1
  • Ruby 3.1
  • Node.js 18

In addition, the Apache HTTP Server has been updated to version 2.4.53.

See New features - Dynamic programming languages, web and database servers for more information.

Compilers and development tools

Updated system toolchain

The following system toolchain components have been updated in RHEL 9.1:

  • GCC 11.2.1
  • glibc 2.34
  • binutils 2.35.2
Updated performance tools and debuggers

The following performance tools and debuggers have been updated in RHEL 9.1:

  • GDB 10.2
  • Valgrind 3.19
  • SystemTap 4.7
  • Dyninst 12.1.0
  • elfutils 0.187
Updated performance monitoring tools

The following performance monitoring tools have been updated in RHEL 9.1:

  • PCP 5.3.7
  • Grafana 7.5.13
Updated compiler toolsets

The following compiler toolsets have been updated in RHEL 9.1:

  • GCC Toolset 12
  • LLVM Toolset 14.0.6
  • Rust Toolset 1.62
  • Go Toolset 1.18

For detailed changes, see Section 4.14, “Compilers and development tools”.

Java implementations in RHEL 9

The RHEL 9 AppStream repository includes:

  • The java-17-openjdk packages, which provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
  • The java-11-openjdk packages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
  • The java-1.8.0-openjdk packages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

For more information, see OpenJDK documentation.

Java tools

RHEL 9.1 introduces Maven 3.8 as a new module stream.

See Section 4.14, “Compilers and development tools” for more information.

Identity Management

Identity Management (IdM) in RHEL 9.1 introduces a Technology Preview where you can delegate user authentication to external identity providers (IdPs) that support the OAuth 2 Device Authorization Grant flow. When these users authenticate with SSSD, and after they complete authentication and authorization at the external IdP, they receive RHEL IdM single sign-on capabilities with Kerberos tickets.

For more information, see Technology Previews - Identity Management

Red Hat Enterprise Linux System Roles

Notable new features in 9.1 RHEL System Roles:

  • RHEL System Roles are now available also in playbooks with fact gathering disabled.
  • The ha_cluster role now supports SBD fencing, configuration of Corosync settings, and configuration of bundle resources.
  • The network role now configures network settings for routing rules, supports network configuration using the nmstate API, and users can create connections with IPoIB capability.
  • The microsoft.sql.server role has new variables, such as variables to control configuring a high availability cluster, to manage firewall ports automatically, or variables to search for mssql_tls_cert and mssql_tls_private_key values on managed nodes.
  • The logging role supports various new options, for example startmsg.regex and endmsg.regex in files inputs, or template, severity and facility options.
  • The storage role now includes support for thinly provisioned volumes, and the role now also has less verbosity by default.
  • The sshd role verifies the include directive for the drop-in directory, and the role can now be managed through /etc/ssh/sshd_config.
  • The metrics role can now export postfix performance data.
  • The postfix role now has a new option for overwriting previous configuration.
  • The firewall role does not require the state parameter when configuring masquerade or icmp_block_inversion. In the firewall role, you can now add, update, or remove services using absent and present states. The role can also provide Ansible facts, and add or remove an interface to the zone using PCI device ID. The firewall role has a new option for overwriting previous configuration.
  • The selinux role now includes setting of seuser and selevel parameters.

1.2. In-place upgrade

In-place upgrade from RHEL 8 to RHEL 9

The supported in-place upgrade paths currently are:

  • From RHEL 8.6 to RHEL 9.0 on the following architectures:

    • 64-bit Intel
    • 64-bit AMD
    • 64-bit ARM
    • IBM POWER 9 (little endian)
    • IBM Z architectures, excluding z13
  • From RHEL 8.6 to RHEL 9.0 on systems with SAP HANA

To ensure your system remains supported after upgrading to RHEL 9.0, either update to the latest RHEL 9.1 version or enable the RHEL 9.0 Extended Update Support (EUS) repositories.

For instructions on performing an in-place upgrade, see Upgrading from RHEL 8 to RHEL 9.

For instructions on performing an in-place upgrade on systems with SAP environments, see How to in-place upgrade SAP environments from RHEL 8 to RHEL 9.

Notable enhancements include:

  • In-place upgrades on Microsoft Azure and Google Cloud Platform with Red Hat Update Infrastructure (RHUI) are now possible.
  • The OpenSSH and OpenSSL configurations are now migrated during the in-place upgrade.

In-place upgrade from RHEL 7 to RHEL 9

It is not possible to perform an in-place upgrade directly from RHEL 7 to RHEL 9. However, you can perform an in-place upgrade from RHEL 7 to RHEL 8 and then perform a second in-place upgrade to RHEL 9. For more information, see Upgrading from RHEL 7 to RHEL 8.

1.3. Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are:

1.4. Additional resources

Capabilities and limits of Red Hat Enterprise Linux 9 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.

Information regarding the Red Hat Enterprise Linux life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.

The Package manifest document provides a package listing for RHEL 9, including licenses and application compatibility levels.

Application compatibility levels are explained in the Red Hat Enterprise Linux 9: Application Compatibility Guide document.

Major differences between RHEL 8 and RHEL 9, including removed functionality, are documented in Considerations in adopting RHEL 9.

Instructions on how to perform an in-place upgrade from RHEL 8 to RHEL 9 are provided by the document Upgrading from RHEL 8 to RHEL 9.

The Red Hat Insights service, which enables you to proactively identify, examine, and resolve known technical issues, is available with all RHEL subscriptions. For instructions on how to install the Red Hat Insights client and register your system to the service, see the Red Hat Insights Get Started page.