Supported Processor Architectures

• 64-bit AMD/Intel (x86_64)

• 64-bit ARM (aarch64)

• IBM POWER, little endian (ppc64le)

• IBM Z (s390x)

RHEL 8 for ARM64 Support

• Red Hat Enterprise Linux for ARM (aarch64).

• 64-bit ARMv8 processors are supported.

• Targeted at server-optimized SoCs for cloud, hyperscale, telco, HPC, and edge computing.

• Goal is a single operating platform across multiple ARM suppliers.

RHEL 8 for IBM POWER

• RHEL 8 for IBM Power Systems supports little endian mode only (ppc64le).

• POWER8 and POWER9 processors are supported.

• Can be a KVM guest on Red Hat Virtualization for Power, PowerVM, and PowerNV (bare metal).

Selected Changes in RHEL 8

• The following discussion is a review of selected changes in RHEL 8.

• Not every change or new feature in RHEL 8 will be covered in this course.

• For more information, see the Release Notes on https://access.redhat.com/.

Overview of Installation Changes

• Restructure of channels into "BaseOS" and "AppStream".

• "System Purpose" to indicate planned purpose for entitlement and support level.

• Enhancements to Kickstart directives.

• Can install and boot from NVDIMM devices (using either Anaconda and Kickstart).

BOOM Boot Manager

• Simplifies process of creating boot entries.

• Adds entries, does not modify them.

• Simplified CLI and API.

Enabling Secure-boot Guests

• RHEL 8 supports secure-boot guests which use cryptographically signed images.

• RHEL 8 relies on the Open Virtual Machine Firmware (OVMF) using the edk2 codebase (edk2-ovmf) to provide support for secure firmware to virtual machines.

• Images are signed by trusted third-party organizations to ensure integrity.

Packaging Changes

• kernel-core provides the core kernel.

• kernel-modules and kernel-modules-extra contain kernel modules matching the kernel-core package version.

• kernel is now a meta-package that ensures kernel-core and kernel-modules are installed.

Memory Management

• New 5-level paging model.

• 57-bit virtual memory addressing (128 PiB usable address space).

• 52-bit physical memory addressing (theoretically up to 4 PiB RAM).

• Actual physical support limits might vary depending on hardware.

Enabling Early Kdump at Boot

• RHEL 7, and previous RHEL releases start the kdump.service as part of multi-user.target of the boot process. Problems that occur prior to this service event may not be able to be captured.

• RHEL 8 provides early Kdump, by storing the vmlinuz and initramfs of the crash kernel inside the initramfs of the booting kernel. These components are loaded directly into reserved memory (crashkernel) during the early initramfs stage, allowing kernel crash dump capture during all phases of booting.

Enhancing the Process Scheduler

• The CFS process scheduler remains the default process scheduler in RHEL 8.

• CFS in RHEL 8 provides a new process scheduling class, SCHED_DEADLINE, which enables predictable task scheduling based on application deadlines.

• SCHED_DEADLINE is based on the Earliest Deadline First (EDF) and Constant Bandwidth Server (CBS) algorithms.

• SCHED_DEADLINE is suitable for real-time applications, such as multimedia or industrial control, and provides improved performance on machines with NUMA capabilities.

• Under SCHED_DEADLINE, processes use specific system calls to inform the scheduler of their estimated runtime, deadline, and period.

Firewall Changes

• nftables is the default firewall backend.

• nftables is the successor to iptables, ip6tables, arptables, ebtables, and ipset.

• Still recommend using firewall-cmd to manage firewall; use nft directly only for complex configurations.

• iptables compatibility tools are available.

NetworkManager and Network Scripts

• nmcli is the preferred tool to manage network configuration through NetworkManager.

• New versions of ifup and ifdown require NetworkManager.

• Legacy network scripts like ifup-local are deprecated and not available by default.

NTP Time Synchronization

• Chrony (chronyd) is the default NTP service implementation.

• Chrony performs better in a wide range of conditions, and synchronizes faster with better accuracy.

• Migration tools are available in /usr/share/doc/chrony/.

Enhancements to TCP

• Update to version 4.16 of the TCP stack.

• Improved performance for TCP server with high ingress connection rate.

• New BBR and NV congestion control algorithms.

Removed Network Drivers

• Certain obsolete network drivers have been removed or are no longer supported in RHEL 8.

• The e1000 driver is no longer supported, but e1000e is still supported.

• The tulip driver has been removed, impacting "Generation 1" VMs on Microsoft Hyper-V.

Modules

• Modules are installed independently of the underlying Operating System major version.

• The module system supports multiple versions of an application simultaneously.

• A module is tied to an application stream.

Updates to RPM and YUM

• DNF is a technology rewrite of Yum and is the new standard package management functionality for RPM packages in RHEL 8.

• The yum command (v4) is retained as the recommended command-line utility, symbolically linked to dnf to facilitate backward script and operator compatibility.

• Yum v4 supports modules that enable software modularity.

• Yum v4 now understands weak and boolean dependencies.

• Yum v4 provides a broad collection of plug-ins and add-on tooling.

Stratis Storage Manager

• Ability to create pools of one or multiple block devices.

• Create dynamic and flexible file systems within those pools.

• Stratis supports file system snapshotting. Snapshots are independent from the source file systems.

Virtual Data Optimizer (VDO)

• VDO reduces data footprint on storage on three phases: zero-block elimination, deduplication of redundant blocks, and data compression.

• VDO removes blocks which only include zeros, and keeps their metadata.

• Virtual disks for virtual machines are a good use case of VDO volumes.

XFS Copy-on-Write Extents

• Copy-on-Write (CoW) is enabled by default when file system is created.

• Adds support to XFS to allow two or more files to share the same data blocks.

• If one file changes, sharing is broken and separate blocks are tracked.

• Efficient file cloning, per-file snapshots, and operation of NFS and Overlayfs.

• RHEL 7 can only mount XFS with CoW extents in read-only mode.

Supporting SCSI-3 Persistent Reservations with Virtio-SCSI

• On RHEL 8, both qemu and libvirt support SCSI-3 persistent reservations on storage-devices presented to VMs through Virtio-SCSI backed by direct-attached LUNs.

• Virtual machines can share Virtio-SCSI storage devices and use SCSI-3 PRs to control access.

• Storage devices managed with device-mapper-multipath can be passed through to VMs to use SCSI-3 PRs, and the host manages PR actions across all paths.

Other Storage Features

• New LUKS2 on-disk format for encrypted storage replaces LUKS1.

• Block devices now use multiqueue scheduling and the scsi-mq driver is enabled by default for better SSD performance.

Removed Storage Features

• Some old storage drivers have been entirely removed.

• Some old storage drivers are no longer supported, but they are still available.

• The Btrfs file system has been removed.

• Software-managed Fibre Channel over Ethernet (FCoE) support has been removed.

System-wide Cryptographic Policy

• System-wide crypto policy for TLS/IPSec/SSH/DNSSEC/Kerberos.

• Allows admin to update list of protocols and algorithms to follow recommended practice for many services consistently.

• Several policies are provided and may be applied using the update-crypto-policies command.

• DEFAULT policy provides reasonable default compatible with PCI-DSS.

Improving sosreport Capabilities

• RHEL 8 includes the 3.6 version of the sosreport tool, which supports new profiles, for example containers, user and policy defined command line presets, and size limits for external commands

• This version of sosreport also supports a large collection of new plugins, for example ansible, buildah, and runc

• The sos-collector utility is available in RHEL 8, and collects sosreports from multi-host environments like a RHV cluster, or a RHEL High Availability cluster

Other Security Changes

• Audit subsystem updated to version 3.0.

• rsyslog update to 8.37.0 with additional new features and fixes.

• OpenSSH 7.8p1 rebase, removed support for weak ciphers and the obsolete SSH version 1 protocol.

• OpenSCAP CLI improvements, draft OSPP profile version 4.2 for RHEL 8.

• tcp_wrappers support has been removed.

Graphical Desktop Changes

• Wayland is the default display server; Xorg is still available.

• Updated to GNOME 3.28.

• KDE removed from the distribution.

Virtual Machine Management

• Packages for virtualization are in the virt module stream.

• New interface in the web console to manage virtual machines.

• virt-manager is deprecated but still available.

Updated KVM Hardware Model

• KVM now defaults to Q35 hardware model (newer hardware emulation).

• Better support of PCI Express passthrough, supports secure boot.

• The previous Intel 440FX emulation is still available for older operating systems.

• Similar concept to "Generation 1" and "Generation 2" virtual machines in Microsoft Hyper-V.

Updates to HA Clustering

• Pacemaker upgraded to version 2.0.0

• pcs has new features, Corosync 3 support, some syntax changes

• A detailed list of changes is available at https://access.redhat.com/articles/3681151/.

New Container Tools

• The Podman container engine is daemonless and supports the execution of containers.

• Buildah supports the build of containers images, including building those images from scratch, or from a Dockerfile.

• You can copy and inspect container images in registries with Skopeo.