New Release – Oracle Linux 7 Update 6
What’s New in Oracle Linux 7 Update 6
Oracle Linux 7 Update 6 is shipping with the below kernels:
- Unbreakable Enterprise Kernel (UEK) Release 5 (4.14.35-1818.3.3) for x86-64 and ARM
- Red Hat Compatible Kernel (3.10.0-957) for x86-64 only
Note: Unbreakable Enterprise Kernel (UEK) Release 5 is newest major version of UEK by Oracle and not a release of Linux Kernel, this kernel is based on the mainline Linux kernel version 4.14.35. Supporting 64-bit ARM (aarch64) architecture has been introduced with this version of UEK.
New Features and Changes in x86-64 Archtecture
- Pacemaker now supports path, mount, and timer systemd unit files. Although previous releases of Pacemaker supported
socketsystemd unit file, alternative units would fail. Pacemaker can now manage
timersystemd units, as well.
- Pacemaker LVM resource agent updates. New functionality and updates have been applied to the LVM resource agents for better management of shared storage across hosts. Most notably, the new
LVM-activateresource agent assists with the handling of LVM management throughout the cluster and can be configured to work either with
lvmlockd, depending on your implementation.Options available through the new
LVM-activateresource agent include:
tagging, equivalent to the
taggingprovided with the existing
clvmd, equivalent to using
clvmdwith the existing
system ID, a new option for using the system ID for volume group failover as an alternative to using
lvmlockd, a new option to use
dlmfor volume group sharing as an alternative to using
lvmresource agent has also been patched to accept the
volume_group_check_onlyparameter. This parameter can be set to limit monitoring to only volume groups, to avoid timeouts on tagged volumes. This parameter must only be used with the
lvmresource agent when you are experiencing timeout issues. Do not use this parameter with the
The following file systems features, bug fixes, and enhancements are included in this update.
- btrfs: File system deprecated in RHCK. Starting with Oracle Linux 7 Update 4, btrfs is deprecated in RHCK. Note that btrfs is fully supported with UEK R4 and on UEK R5.
- pNFS SCSI layout support in RHCK. Parallel NFS (pNFS) SCSI layouts are supported when using RHCK.
Installation and Upgrade
- In-place upgrade from Oracle Linux 6 to Oracle Linux 7. The in-place upgrade tools are updated to support upgrading from Oracle Linux 6 to Oracle Linux 7 by replacing the existing operating system. The provided tools can help to check for potential issues during upgrade and ease upgrade processes.
- Booting from an iSCSI device that is not configured by using iBFT now supported. The installer now includes a new boot option,
inst.nonibftiscsiboot. This boot option can be used to install the boot loader onto an iSCSI device that has not been configured in the iSCSI Boot Firmware Table (iBFT).
- Installing and booting from NVDIMM devices now supported. The installer is now capable of recognizing Nonvolatile Dual Inline Memory Module (NVDIMM) devices when installing or booting NVDIMM devices in sector mode and can be used to reconfigure NVDIMM devices into sector mode during installation.
- Updated kexec-tools documents for the Kdump FCoE target. The documentation for
kexec-toolshas been updated to include instructions on using a Fibre Channel over Ethernet (FCoE) target with Kdump.
- NVMe driver updated to version 4.17-rc1. The NVMe driver that ships with RHCK has been updated to version 4.17-rc1. This driver includes several bug fixes and enhancements, including a number of improvements for the use of NVMe over Remote Direct Memory Access (RDMA).
- ECMP fib_multipath_hash_policy support added to the kernel for IPv4 packets. RHCK is updated to include support for the Equal-cost multi-path routing (ECMP) hash policy by using the sysctl command with the
fib_multipath_hash_policyoption. When the value for this option is set to
1, the kernel performs an L4 hash (multipath hash on IPv4 packets). When the default value of
0is set, only an L3 hash is used.Note that if you enable
fib_multipath_hash_policy, ICMP error packets are not hashed according to the inner packet headers, which is a problem for anycast services, as the ICMP packet could be delivered to the incorrect host.
- Support for hardware time stamping on VLAN interfaces. Hardware time stamping can be used on VLAN interfaces, where the hardware and driver module supports this functionality. This feature allows applications, such as
linuxptp, to enable hardware time stamping.
- IFDOWN_ON_SHUTDOWN option available in /etc/sysconfig/network-scripts. A new option for use when configuring network interfaces in
/etc/sysconfig/network-scriptsis available. You can set the
falseto prevent a network interface from being taken down when the
networkservice is stopped or restarted.This option can be useful in preventing mount points that use networked-based file systems, such as NFS, from becoming stale if the network is stopped before the file system is cleanly unmounted.
- More detail in network-scripts error messages for the bonding driver. Error messages that are related to the failure of bonding driver installation have been made more verbose when using
/etc/sysconfig/network-scriptsto manage an interface.
- Clevis support for TPM 2.0. The Clevis automated encryption framework that can automatically encrypt or decrypt data or unlock LUKS volumes, is updated to support the encryption of keys in a Trusted Platform Module 2.0 (TPM2) chip. Note that this feature is only available for
- gnutls version updated to 3.3.29. The GNU Transport Layer Security package,
gnutls, has been upgraded to 3.3.29 to include numerous bug fixes and enhancements. Notably, DSA support has been added to p11tool, providing a stricter requirement around DER encoding to reduce BER rule complexity. In addition, the legacy
HMAC-SHA384cipher is disabled by default, and security improvements have been implemented to counter TLS Cipher Block Chaining (CBC) record padding attacks.
- audit version updated to 2.8.4. The Linux Audit system is updated to version 2.8.4 to provide bug fixes and enhancements. Notable changes include the addition of a facility to track software updates and installations by using the rpm or yum command. The updated version of audit also includes improvements to remote logging, and an option to dump internal state to
/var/run/auditd.stateby using the
SIGCONTsignal. Run the service auditd state command to trigger a dump of the internal state and view the output.
- Package installation and upgrade with rpm can be tracked by using audit events. The RPM package manager is updated to provide
auditevents so that software package installation and updates can be tracked by the Linux Audit system. This update also means that software installation and upgrades with the yum command are also tracked.
- SELinux extended_socket_class policy introduced. The new
extended_socket_classpolicy enables SELinux object classes to support all known network socket address families. The policy also supports separate security classes for ICMP and SCTP sockets that were previously covered in the
- SELinux file permission check for mmap() usage. SELinux can check file permissions on an
mmap()system call to prohibit memory mapping for files that require access validation on each subsequent access. This is a requirement in environments where files are often relabeled at runtime to reflect state changes.
- Paravirtualized clock support. The paravirtualized
sched_clock()function is now integrated into RHCK and enabled by default. The paravirtualized clock is also available in the UEK release. The addition of this support improves the performance of Oracle Linux virtual machines that are running on some hypervisors, such as KVM, which supports this functionality in the
- QEMU guest agent diagnostics enhanced. New QEMU guest agent commands have been added to improve diagnostic capabilities that are in line with Virtual Desktop and Server Management daemon requirements. These improvements include the addition of the following commands:
- VNC console support for GPU-based mediated devices. GPU-based devices, including NVIDIA vGPU, can now be used for the real-time rendering of a virtual machine’s graphical output through a VNC console.
- Systemd: Importd features for container image imports and exports.
- File Systems:
- Block and object storage layouts for parallel NFS (pNFS).
- DAX (Direct Access) for direct persistent memory mapping from an application. This feature is under technical preview for the ext4 and XFS file systems.
ima-evm-utilspackage, which provides utilities for labeling file systems and verifying the integrity of the system at run time.
- OverlayFS remains in technical preview.
- Heterogeneous memory management (HMM).
- No-IOMMU mode virtual I/O feature.
- Cisco VIC InfiniBand kernel driver, which provides similar functionality to RDMA on proprietary Cisco architectures.
libnftnlnetwork filtering and classification functionality.
- Single-Root I/O virtualization (SR-IOV) in the
- Support for a Cisco proprietary User Space Network Interface Controller in UCM servers provided in the
- Trusted Network Connect support.
- Multi-queue I/O scheduling for SCSI (
scsi-mq). This functionality is disabled by default.
- Plug-in for the
libStorageMgmtAPI used for storage array management. The
libStorageMgmtAPI is now fully supported, but the plug-in is under technology preview.
- Multi-queue I/O scheduling for SCSI (
For more details on these and other new features and changes, please consult the Oracle Linux 7 Update 6 Release Notes and the Oracle Linux 7 Update 6 (aarch64) Release Notes in the Oracle Linux Documentation Library.
Btrfs continues to be fully supported in Oracle Linux 7 Update 6 with UEK R5. Btrfs support is deprecated in the Red Hat Compatible Kernel.
Download Oracle Linux 7 Update 6
You can find the individual RPM packages on both th Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub.