Six weeks after the announcement of RHEL 7.4, it is now time for the release of CentOS 7.4, also called CentOS 7 (1708).
The release doesn’t only concern x86_64 architecture but also aarch64, armhfp, ppc64 and ppc64le (see download directory here).
In the Releases Notes appear the following major changes:
- SSH1 support has been removed from the SSH server (see details here). Along with this move, all cryptographic protocols and algorithms which are considered insecure have been deprecated (see details here).
- OpenSSL now supports DTLS (TLS via UDP) and ALPN.
- NVMe Over Fabric is now supported in the NVM-Express kernel driver.
- There have been various changes/enhancements to cryptographic abilities of various packages. I.e. sendmail now supports ECDHE, OpenSSH now using SHA2 for public key signatures, … among others.
- Various packages have been rebased. Some of those are openLDAP, samba, clufter, ipmitool, tcpdump, shim, GNOME, NetworkManager, Kernel-GRE-module, openssh, openSSL, libreswan, chrony, rsyslog, sudo and libvirt.
Some issues have already been reported:
- The http-parser and http-parser-devel packages have been removed from the EPEL repository and added to the CentOS/RHEL main repository causing potential problems (see details here).
- The NFS mount behavior has changed, trying NFS vers=4.1 by default. Also, rather than trying 4.0 after failing on 4.1, RHEL/CentOS 7.4 fails down to NFS 3. To get the previous behavior, force vers=4.0 (see details here).
- There is an issue with using iptables and ip6tables where the iptables service fails to start and affects systems where firewalld is disabled and BOTH iptables AND ip6tables are enabled (see details here).
- VirtualBox (currently at 5.1.26) is not fully compatible with CentOS 7 (1708). The fix is in the beta release (see details here).
- Samba may fail with “symbol krb5_get_init_creds_opt_set_pac_request, not defined“. This is because of a missing dependency for a newer version of krb5-libs. The issue is resolved by installing krb5-libs-1.15.1-8.el7 (see details here).
- Samba share with sssd authentication is broken. This is being worked on upstream. A workaround is to downgrade the Samba packages to an earlier version (sssd-1.15.2-50.el7_4.3.1 should solve the problem; see details here).
- At least 1024 MB RAM is required to install and use CentOS 7 (1708). When using the Live ISOs for install, 1024 MB RAM produces very slow results and even some install failures. At least 1344 MB RAM is recommended for LiveGNOME or LiveKDE installs.
- VMware Workstation/VMware ESXi allow to install two different virtual SCSI adapters: BusLogic and LsiLogic. However the default kernel from CentOS 7 does not include the corresponding driver for any of them thus resulting in an unbootable system if you install on a SCSI disk using the defaults for CentOS Linux. If you select ‘Red Hat Enterprise Linux‘ as OS, the paravirtualized SCSI adapter is used, which works.
- Commonly used utilities such as ifconfig/netstat have been marked as deprecated for some considerable time and the ‘net-tools‘ package is no longer part of the @core group so will not be installed by default. Use nmcli c up ifname <interfacename> to get your network up and running and use yum to install the package if you really need it. Kickstart users can pull in the net-tools package as part of the install.
The CentOS 7 (1708) distribution can be downloaded here as usual.