RHEL 7.2 Changes

Share this link

The RHEL 7.2 release brings the following main enhancements:

  • Authentication (additional details on this part are available here and here)
    • the ipa trust-add command now configures a one-way trust by default but a two-way trust can still be asked through the –two-way=true option: this command is used when users and groups in Active Directory (AD) want to access resources in Identity Management (IdM),
    • the SSSD component receives several improvements (cache avoiding reconnection in online mode, improved UID & GID user mapping, better OpenLDAP management, smart cards support for local authentication, background refresh of cache entries, initgroups operations support,
    • a Kerberos HTTPS proxy, interoperable with the Microsoft Kerberos KDC Proxy Protocol (MS-KKDCP) implementation, is now available in Identity Management, allowing clients to access the KDC and kpasswd services by using HTTPS,
    • Identity Management now uses the mod_auth_gssapi module, which uses GSSAPI calls instead of direct Kerberos calls used by the previously used mod_auth_kerb module,
    • the certmonger service now supports the Simple Certificate Enrollment Protocol (SCEP) making certificate replacement easier,
    • Identity Management system (IdM) now supports DNSSEC for DNS zones,
    • the Apache modules for Identity Management (IdM) mod_authnz_pam, mod_lookup_identity, and mod_intercept_form_submit are now fully supported,
    • there are now two types of IdM master servers: trust controllers and trust agents; trust agents only run services required to provide resolution of users and groups from trusted Active Directory forests to IdM clients enrolled with these IdM servers.
  • Clustering
    • systemd and pacemaker now coordinate correctly during system shutdown, as pacemaker resources weren’t terminated properly before,
    • the pcs resource move and pcs resource ban commands now display a warning message to clarify the commands’ behavior,
    • the new pcs resource relocate run command moves a pacemaker resource back to its original node,
    • the clufter command assists with migration from an older stack configuration to a newer configuration,
    • a new simplified method for configuring fencing for redundant power supplies is available,
    • there is a new –port-as-ip option for fencing agents.
  • File Systems
    • the gfs2-utils package moves to version 3.18 bringing improvements to the fsck.gfs2 and mkfs.gfs2 commands,
    • GFS2 now prevents users from exceeding their quotas,
    • XFS moves to version 4.1 with better logging,
    • the CIFS module has been upgraded to version 3.17 with new features for SMB2 and SMB3,
    • there is now flexible file layout support on NFSv4 clients.
  • Installation
    • Anaconda now properly handles network configuration from Kickstart files in initrd, early in the boot process,
    • Anaconda now supports creating cached logical volumes,
    • GRUB2 now correctly sorts entries with the most recent kernel version listed at the top,
    • Improved detection of device-mapper disk names now makes installation more reliable,
    • EFI System Partitions may now be created on a RAID1 device to enable system recovery when one boot disk fails,
    • text mode installation no longer crashes during network configuration due to a space when specifying nameservers,
    • it is now possible to apply Security Content Automation Protocol (SCAP) content during the installation process, ensuring that a security policy is enforced right from the start (see an example here).
  • Kernel
    • Transparent Huge Pages (THP) no longer cause memory corruption due to read and write synchronization,
    • the SCSI kernel target, LIO, moves to Linux-4.0.stable,
    • the new libevdev package provides a low-level library for the Linux kernel input event device interface used by X11,
    • the libATA subsystem and drivers have been updated,
    • the FCoE and DCB kernel components have been upgraded,
    • the perf packages move to version 4.1 adding the Intel Cache QoS Monitoring, AMD IBS Ops features and provide support for Intel Xeon v4 for compressed kernel modules, for parametrized events and support to specify breakpoint length,
    • driver-level support for version 2.0 compliant Trusted Platform Module (TPM) devices has been added,
    • maximum supported memory limit on AMD64 and Intel 64 systems has been increased from 6 TB to 12 TB,
    • live kernel patching with kpatch is now supported (see details).
  • Networking
    • TCP/IP moves to version 3.18,
    • the NetworkManager-libreswan package moves to version 1.0.6, fixing several bugs,
    • NetworkManager now supports setting the MTU of a bonded interface,
    • NetworkManager now keeps track of configured routes and avoids attempts to set conflicting routes,
    • improvements have been made in multihomed connections and default route managements,
    • NetworkManager now supports Wake On Lan,
    • there is improved support for firewalld zones with VPN connections,
    • Fair Queue packet scheduler is now supported by the tc (traffic controller) utility,
    • latency when receiving network frames has been reduced,
    • it is now possible to define different congestion control algorithms on a per route basis, with the congctl parameter in the ip route command,
    • DCTCP, a feature for solving TCP congestion problems in data centers, is now supported,
    • TCP Pacing is now supported, allowing greater control of throughput rate,
    • the TCP Fast Open feature has been added,
    • handling of duplicated TCP ACKs has been improved,
    • basic multihoming support has been added to SCTP,
    • the kernel tunneling drivers have been updated to kernel 4 to deal with VXLAN,
    • several improvements in the tunnel/VXLAN management have been made,
    • the network bonding driver has been updated,
    • the Data Plane Development Kit (DPDK) has been added, making possible to rapidly develop low-latency and high throughput custom applications capable of direct packet processing in user space for NFV and other use cases.
  • Security
    • GSSAPI key-exchange algorithms can now be selectively disabled,
    • SELinux policy for Red Hat Gluster Storage has been added,
    • the openscap and scap-security-guide packages have been respectively upgraded to versions 1.2.5 and 0.1.25, providing new features,
  • Services
    • the mod_nss packages have been upgraded to version 1.0.11,
    • Apache HTTP Server now supports UPN (Microsoft User Principal Name) through the SSLUserName directive available in mod_ssl environment variables,
    • the Apache HTTP mod_proxy_wstunnel module is now enabled by default and supports WebSockets.
  • Storage
    • Device Mapper (DM) has been upgraded to version 4.2, providing a significant DM crypt performance update and DM core update to support Multi-Queue Block I/O Queueing Mechanism (blk-mq),
    • there is a new multiple queue I/O scheduling mechanism for block devices known as blk-mq, improving performance by allowing certain device drivers to map I/O requests to multiple hardware or software queues,
    • the multipath.conf file receives new options (delay_watch_checks, delay_wait_checks and config_dir),
    • a new smq dm-cache policy has been written that the reduces memory consumption and improves performance for most use cases,
    • LVM volume groups can now be assigned an owner, protecting them from other hosts when used on shared devices,
    • the new lvmpolld daemon provides a polling method for long-running LVM commands making them more reliable,
    • the default value for the max_report_luns parameter has been increased from 511 to 16393.
  • Virtualization
    • qemu-kvm supports better virtual machine shutdown trace events, making isolating and debugging KVM guest problems easier during shutdown,
    • qemu-kvm now allows the Intel Memory Protection Extensions (MPX) feature to be exposed to the guest,
    • the dump-guest-memory command now makes it possible to analyze a guest memory dump from the qemu-kvm core in case of a guest kernel failure,
    • the virt-v2v command line tool is fully supported,
    • it is now possible to use Thin Provisioned Hyper-V virtual hard disk (VHDX) with support to shrink the underlining VHDX files for Microsoft Hyper-V virtual machines to actual used size,
    • KVM can now use the tcmalloc library, providing a significant performance improvement in I/O operations per second.
  •  Miscellaneous
    • the libcurl library now implements a non-blocking SSL handshake,
    • the Name Server Caching Daemon (nscd) now correctly detects changes to its configuration and reloads the data,
    • OpenJDK 7 supports Elliptic Curve Cryptography (ECC),
    • GNOME moves to version 3.14,
    • systemd moves to version 219 (see the Systemd bug fix and enhancement update or the Systemd changelog),
    • a fstrim service has been added to provide SSD clean-up,
    • support for Intel Xeon® Processor E3-12XX V4 C226 Chipset, Intel Xeon® Processor E3-12XX V5, Intel Xeon® Processor E5-26XX/46XX V4 C610 Chipset, Intel Xeon® Processor E7-88XX/48XX V4 C610 Chipset and Intel Xeon® Processor (Broadwell-DE SOC) D-15xx/25xx.

Sources: Red Hat RHEL 7.2 announcement and RHEL 7.2 Release Notes.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)

RHCSA7: Task of the day

Allowed time: 5 minutes.
Add 100MB of swap space to the machine using a new logical volume.

RHCE7: Task of the day

Allowed time: 8 minutes.
Set up an iScsi target based on a block backstore of 100MB called lv_iscsi with basic authentication, ext4 filesystem and standard firewall configuration.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...