RHEL7: Changes between versions.

Share this link

Presentation

The RHEL 7 release brought many changes from RHEL 6, some of them breaking backward compatibility (Systemd, etc). Unfortunately, such changes happened between versions of RHEL 7 too.
Here you will find a non-exhaustive list of such changes.

NFS

The RHEL 7.1 release completely changed the way the various NFS services worked.

The nfs-secure-server service doesn’t work the same way anymore, the nfs-idmap service has a new brother, nfs-idmapd, and the Kerberos NFS client gets a new nfs-client.target.

Most of this is not really explained in the official Red Hat documentation!

Hopefully, there is a Kerberos NFS tutorial that took a long time to update!

NetworkManager

In RHEL 7.0, you could write:

# nmcli con mod myConn ipv4.addresses "10.0.0.10/24 10.0.0.1"

Since RHEL 7.1, you have to do it in two steps:

# nmcli con mod myConn ipv4.addresses 10.0.0.10/24
# nmcli con mod myConn ipv4.gateway 10.0.0.1

Systemd

With RHEL 7.2, Systemd moves from v208 to v219. It’s still too early to say if changes breaking backward compatibility happened.

At least one change has already been reported concerning execution of Docker containers. You can read an article on the CentOS blog about Fixing CentOS 7 systemd conflicts with docker.

A new option called RemoveIPC was introduced in RHEL 7.2 through Systemd v219. When set to yes, this option forces a cleanup of all allocated inter-process communication (IPC) resources linked to a user leaving his last session. If a daemon is running as a user with a uid number >=1000, it may crash.

This option should always be set to no by default but, due to the logic of package upgrade, it is highly advisable to set RemoveIPC=no in the /etc/systemd/logind.conf file followed by # systemctl restart systemd-logind (source).

Certificate Verification in Python

The Python standard library includes multiple modules that provide HTTP client functionality, including httplib, urllib, urllib2, and xmlrpclib. While these modules support HTTPS connections, they traditionally performed no verification of certificates presented by HTTPS servers, and offered no way to easily enable such verification (source).

In RHEL 7.0 and RHEL 7.1, there was no certificate verification.

In RHEL 7.2, a new file was created called /etc/python/cert-verification.cfg with verify=disable as main content.

In RHEL 7.3, the same file now displays verify=platform_default: this means that certificate verification depends on hard-coded value in the ssl module. According to the ssl module used, certificate verification will happen or not. However, it is perfectly possible to assign enable or disable to the verify directive to define the wanted behavior.

Other Compatibility Problems?

Leave a comment if you find another problem not listed here.

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

RHCSA7: Task of the day

Allowed time: 10 minutes.
Archive and compress the content of the /opt directory (create files if none exists).
Uncompress and unarchive the resulting file in /root

RHCE7: Task of the day

Allowed time: 10 minutes.
Set up a default secure MariaDB database called maria with a user named muser with all privileges.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...