Chapter 23. Red Hat Enterprise Linux Atomic Host 7.5.0

23.1. Atomic Host

OStree update:

New Tree Version: 7.5.0 (hash: 5df677dcfef08a87dd0ace55790e184a35716cf11260239216bfeba2eb7c60b0)
Changes since Tree Version 7.4.5 (hash: 6cb4d618030f69aa4a5732aa0795cb7fe2c167725273cffa11d0357d80e5eef0)

Updated packages:

  • openscap-daemon-0.1.10-1.el7
  • rpm-ostree-client-2018.1-1.atomic.el7

23.2. Extras

Updated packages:

  • buildah-0.15-1.gitd1330a5.el7
  • cockpit-160-3.el7
  • container-selinux-2.55-1.el7
  • container-storage-setup-0.9.0-1.rhel75.gite0997c3.el7
  • docker-1.13.1-58.git87f2fab.el7
  • docker-latest-1.13.1-58.git87f2fab.el7
  • dpdk-17.11-7.el7
  • etcd-3.2.15-2.el7
  • flannel-0.7.1-3.el7
  • ostree-2018.1-4.el7
  • rhel-system-roles-0.6-3.el7 *
  • skopeo-0.1.29-1.dev.gitb08350d.el7

The asterisk (*) marks packages which are available for Red Hat Enterprise Linux only.

23.2.1. Container Images

Updated:

  • Red Hat Enterprise Linux 7 Init Container Image (rhel7/rhel7-init)
  • Red Hat Enterprise Linux 7.5 Container Image (rhel7.5, rhel7, rhel7/rhel, rhel)
  • Red Hat Enterprise Linux Atomic Identity Management Server Container Image (rhel7/ipa-server)
  • Red Hat Enterprise Linux Atomic Image (rhel-atomic, rhel7-atomic, rhel7/rhel-atomic)
  • Red Hat Enterprise Linux Atomic Net-SNMP Container Image (rhel7/net-snmp)
  • Red Hat Enterprise Linux Atomic OpenSCAP Container Image (rhel7/openscap)
  • Red Hat Enterprise Linux Atomic SSSD Container Image (rhel7/sssd)
  • Red Hat Enterprise Linux Atomic Support Tools Container Image (rhel7/support-tools)
  • Red Hat Enterprise Linux Atomic Tools Container Image (rhel7/rhel-tools)
  • Red Hat Enterprise Linux Atomic cockpit-ws Container Image (rhel7/cockpit-ws)
  • Red Hat Enterprise Linux Atomic etcd Container Image (rhel7/etcd)
  • Red Hat Enterprise Linux Atomic flannel Container Image (rhel7/flannel)
  • Red Hat Enterprise Linux Atomic open-vm-tools Container Image (rhel7/open-vm-tools)
  • Red Hat Enterprise Linux Atomic rsyslog Container Image (rhel7/rsyslog)
  • Red Hat Enterprise Linux Atomic sadc Container Image (rhel7/sadc)

23.3. New Features

  • overlay2 is now the default storage driver

    The default storage driver for Docker has changed from devicemapper to overlay2. In existing installations of versions of Atomic Host prior to 7.5.0, devicemapper remains the default driver. Upgrading such existing installations does not change the configured driver.

    For more information on the overlay2 driver and for instructions on switching from devicemapper to overlay2, see Using the Overlay Graph Driver.

  • Red Hat container registry will require authentication

    In future, the Red Hat container registry will move from registry.access.redhat.com to registry.redhat.io. As part of this change, containers will eventually become available only to subscribed and authenticated systems.

    For more information, see Red Hat Container Registry Authentication.

  • Buildah is now fully supported

    The buildah tool has been upgraded from a Technology Preview to a fully supported feature.

    The buildah tool facilitates building of OCI container images. It enables you to:

    • Create a working container, either from scratch or using an image as a starting point.
    • Create an image, either from a working container or using the instructions in a Dockerfile.
    • Build both Docker and OCI images.
    • Mount a working container’s root filesystem for manipulation.
    • Unmount a working container’s root filesystem.
    • Use the updated contents of a container’s root filesystem as a filesystem layer to create a new image.
    • Delete a working container or an image.

    See Building container images with buildah for more information and usage instructions.

  • User namespaces in docker now fully supported

    While the user namespaces features is fully supported beginning with the RHEL 7.4 kernel, the implementation of user namespaces associated with the docker service was a Technology Preview until RHEL Atomic Host 7.5. Now it is fully supported.

    See User namespaces options for more information and usage instructions.

  • Manual setup of Kubernetes is deprecated

    As announced earlier, beginning with RHEL 7.5 and RHEL Atomic Host 7.5 Red Hat will no longer support the manual setup of Kubernetes. Manual Kubernetes setups from previous releases, likewise, are not supported. Components impacted by this change include the following deprecated Kubernetes RPM packages, images, and associated documentation:

    RPM Packages:

    • kubernetes
    • kubernetes-devel
    • kubernetes-client
    • kubernetes-master
    • kubernetes-node
    • kubernetes-unit-test
    • cadvisor

    Container Images:

    • registry.access.redhat.com/rhel7/kubernetes-apiserver
    • registry.access.redhat.com/rhel7/kubernetes-controller-mgr
    • registry.access.redhat.com/rhel7/kubernetes-scheduler
    • registry.access.redhat.com/rhel7/pod-infrastructure

    Documentation:

    From now on, none of the software or documentation listed will be updated. For information on Red Hat’s officially supported Kubernetes-based products, see the following documentations sets:

  • docker-latest deprecated, to be removed later

    The docker-latest version of Docker is still available, but is now deprecated. In a later release, it will be removed.

  • docker and docker-latest are now the same version (1.13)

    docker and docker-latest are now the same version, which is 1.13.

  • ansible removed from the Extras channel

    Ansible and its dependencies have been removed from the Extras channel. Instead, the Red Hat Ansible Engine product has been made available and will provide access to the official Ansible Engine channel. Customers who have previously installed Ansible and its dependencies from the Extras channel are advised to enable and update from the Ansible Engine channel, or uninstall the packages as future errata will not be provided from the Extras channel.

    Ansible was previously provided in Extras (for AMD64 and Intel 64 architectures, and IBM POWER, little endian) as a runtime dependency of, and limited in support to, the Red Hat Enterprise Linux (RHEL) System Roles. Ansible Engine is available today for AMD64 and Intel 64 architectures, with IBM POWER, little endian availability coming soon.

    Note that Ansible in the Extras channel was not a part of the Red Hat Enterprise Linux FIPS validation process.

    The following packages have been deprecated from the Extras channel:

    • ansible
    • ansible-doc
    • libtomcrypt
    • libtommath
    • libtommath-devel
    • python2-crypto
    • python2-jmespath
    • python-httplib2
    • python-paramiko
    • python-paramiko-doc
    • python-passlib
    • sshpass

    The python2-crypto, libtomcrypt, and libtommath packages are no longer needed as Ansible dependencies in the new Red Hat Ansible Engine product and will probably not be updated. Customers are advised to uninstall them.

    For more information and guidance, see this Knowledgebase article.

    Note that Red Hat Enterprise Linux System Roles, available as a Technology Preview, continue to be distributed through the Extras channel. Although Red Hat Enterprise Linux System Roles no longer depend on the ansible package, installing ansible from the Ansible Engine repository is still needed to run playbooks that use Red Hat Enterprise Linux System Roles.