Davoud Teimouri

Virtualization & Datacenter

Top vBlog

New Release – Oracle Linux 7 Update 6

What’s New in Oracle Linux 7 Update 6

Oracle Linux 7 Update 6 is shipping with the below kernels:

  • Unbreakable Enterprise Kernel (UEK) Release 5 (4.14.35-1818.3.3) for x86-64 and ARM
  • Red Hat Compatible Kernel (3.10.0-957) for x86-64 only

Note: Unbreakable Enterprise Kernel (UEK) Release 5 is newest major version of UEK by Oracle and not a release of Linux Kernel, this kernel is based on the mainline Linux kernel version 4.14.35. Supporting 64-bit ARM (aarch64) architecture has been introduced with this version of UEK.

New Features and Changes in x86-64 Archtecture

Clustering

  • Pacemaker now supports path, mount, and timer systemd unit files.  Although previous releases of Pacemaker supported service and socketsystemd unit file, alternative units would fail. Pacemaker can now manage pathmount and timer systemd units, as well.
  • Pacemaker LVM resource agent updates.  New functionality and updates have been applied to the LVM resource agents for better management of shared storage across hosts. Most notably, the new LVM-activate resource agent assists with the handling of LVM management throughout the cluster and can be configured to work either with clvmd or lvmlockd, depending on your implementation.Options available through the new LVM-activate resource agent include:
    • tagging, equivalent to the tagging provided with the existing lvm resource agent;
    • clvmd, equivalent to using clvmd with the existing lvm resource agent;
    • system ID, a new option for using the system ID for volume group failover as an alternative to using tagging; and
    • lvmlockd, a new option to use lvmlockd and dlm for volume group sharing as an alternative to using clvmd.

    The existing lvm resource agent has also been patched to accept the volume_group_check_only parameter. This parameter can be set to limit monitoring to only volume groups, to avoid timeouts on tagged volumes. This parameter must only be used with the lvm resource agent when you are experiencing timeout issues. Do not use this parameter with the LVM-activate resource agent.

File Systems

The following file systems features, bug fixes, and enhancements are included in this update.

  • btrfs: File system deprecated in RHCK.  Starting with Oracle Linux 7 Update 4, btrfs is deprecated in RHCK. Note that btrfs is fully supported with UEK R4 and on UEK R5.
  • pNFS SCSI layout support in RHCK.  Parallel NFS (pNFS) SCSI layouts are supported when using RHCK.

Installation and Upgrade

  • In-place upgrade from Oracle Linux 6 to Oracle Linux 7.  The in-place upgrade tools are updated to support upgrading from Oracle Linux 6 to Oracle Linux 7 by replacing the existing operating system. The provided tools can help to check for potential issues during upgrade and ease upgrade processes.
  • Booting from an iSCSI device that is not configured by using iBFT now supported.  The installer now includes a new boot option,inst.nonibftiscsiboot. This boot option can be used to install the boot loader onto an iSCSI device that has not been configured in the iSCSI Boot Firmware Table (iBFT).
  • Installing and booting from NVDIMM devices now supported.  The installer is now capable of recognizing Nonvolatile Dual Inline Memory Module (NVDIMM) devices when installing or booting NVDIMM devices in sector mode and can be used to reconfigure NVDIMM devices into sector mode during installation.

Kernel

  • Updated kexec-tools documents for the Kdump FCoE target.  The documentation for kexec-tools has been updated to include instructions on using a Fibre Channel over Ethernet (FCoE) target with Kdump.
  • NVMe driver updated to version 4.17-rc1.  The NVMe driver that ships with RHCK has been updated to version 4.17-rc1. This driver includes several bug fixes and enhancements, including a number of improvements for the use of NVMe over Remote Direct Memory Access (RDMA).

Networking

  • ECMP fib_multipath_hash_policy support added to the kernel for IPv4 packets.  RHCK is updated to include support for the Equal-cost multi-path routing (ECMP) hash policy by using the sysctl command with the fib_multipath_hash_policy option. When the value for this option is set to 1, the kernel performs an L4 hash (multipath hash on IPv4 packets). When the default value of 0 is set, only an L3 hash is used.Note that if you enable fib_multipath_hash_policy, ICMP error packets are not hashed according to the inner packet headers, which is a problem for anycast services, as the ICMP packet could be delivered to the incorrect host.
  • Support for hardware time stamping on VLAN interfaces.  Hardware time stamping can be used on VLAN interfaces, where the hardware and driver module supports this functionality. This feature allows applications, such as linuxptp, to enable hardware time stamping.
  • IFDOWN_ON_SHUTDOWN option available in /etc/sysconfig/network-scripts.  A new option for use when configuring network interfaces in /etc/sysconfig/network-scripts is available. You can set the IFDOWN_ON_SHUTDOWN option to no or to false to prevent a network interface from being taken down when the network service is stopped or restarted.This option can be useful in preventing mount points that use networked-based file systems, such as NFS, from becoming stale if the network is stopped before the file system is cleanly unmounted.
  • More detail in network-scripts error messages for the bonding driver.  Error messages that are related to the failure of bonding driver installation have been made more verbose when using /etc/sysconfig/network-scripts to manage an interface.

Security

  • Clevis support for TPM 2.0.  The Clevis automated encryption framework that can automatically encrypt or decrypt data or unlock LUKS volumes, is updated to support the encryption of keys in a Trusted Platform Module 2.0 (TPM2) chip. Note that this feature is only available for x86_64 platform systems.
  • gnutls version updated to 3.3.29.  The GNU Transport Layer Security package, gnutls, has been upgraded to 3.3.29 to include numerous bug fixes and enhancements. Notably, DSA support has been added to p11tool, providing a stricter requirement around DER encoding to reduce BER rule complexity. In addition, the legacy HMAC-SHA384 cipher is disabled by default, and security improvements have been implemented to counter TLS Cipher Block Chaining (CBC) record padding attacks.
  • audit version updated to 2.8.4.  The Linux Audit system is updated to version 2.8.4 to provide bug fixes and enhancements. Notable changes include the addition of a facility to track software updates and installations by using the rpm or yum command. The updated version of audit also includes improvements to remote logging, and an option to dump internal state to /var/run/auditd.state by using the SIGCONT signal. Run the service auditd state command to trigger a dump of the internal state and view the output.
  • Package installation and upgrade with rpm can be tracked by using audit events.  The RPM package manager is updated to provide audit events so that software package installation and updates can be tracked by the Linux Audit system. This update also means that software installation and upgrades with the yum command are also tracked.
  • SELinux extended_socket_class policy introduced.  The new extended_socket_class policy enables SELinux object classes to support all known network socket address families. The policy also supports separate security classes for ICMP and SCTP sockets that were previously covered in therawip_socket class.
  • SELinux file permission check for mmap() usage.  SELinux can check file permissions on an mmap() system call to prohibit memory mapping for files that require access validation on each subsequent access. This is a requirement in environments where files are often relabeled at runtime to reflect state changes.

Virtualization

  • Paravirtualized clock support.  The paravirtualized sched_clock() function is now integrated into RHCK and enabled by default. The paravirtualized clock is also available in the UEK release. The addition of this support improves the performance of Oracle Linux virtual machines that are running on some hypervisors, such as KVM, which supports this functionality in the kvm_clock driver.
  • QEMU guest agent diagnostics enhanced.  New QEMU guest agent commands have been added to improve diagnostic capabilities that are in line with Virtual Desktop and Server Management daemon requirements. These improvements include the addition of the following commands: qemu-get-host-nameqemu-get-usersqemu-get-osinfo, and qemu-get-timezone.
  • VNC console support for GPU-based mediated devices.  GPU-based devices, including NVIDIA vGPU, can now be used for the real-time rendering of a virtual machine’s graphical output through a VNC console.

Technology Preview

  • Systemd: Importd features for container image imports and exports.
  • File Systems:
    • Block and object storage layouts for parallel NFS (pNFS).
    • DAX (Direct Access) for direct persistent memory mapping from an application. This feature is under technical preview for the ext4 and XFS file systems.
    • ima-evm-utils package, which provides utilities for labeling file systems and verifying the integrity of the system at run time.
    • OverlayFS remains in technical preview.
  • Kernel:
    • Heterogeneous memory management (HMM).
    • No-IOMMU mode virtual I/O feature.
  • Networking:
    • Cisco VIC InfiniBand kernel driver, which provides similar functionality to RDMA on proprietary Cisco architectures.
    • nftables and libnftnl network filtering and classification functionality.
    • Single-Root I/O virtualization (SR-IOV) in the qlcnic driver.
    • Support for a Cisco proprietary User Space Network Interface Controller in UCM servers provided in the libusnic_verbs driver.
    • Trusted Network Connect support.
  • Storage:
    • Multi-queue I/O scheduling for SCSI (scsi-mq). This functionality is disabled by default.
    • Plug-in for the libStorageMgmt API used for storage array management. The libStorageMgmt API is now fully supported, but the plug-in is under technology preview.

     

For more details on these and other new features and changes, please consult the Oracle Linux 7 Update 6 Release Notes and the Oracle Linux 7 Update 6 (aarch64) Release Notes in the Oracle Linux Documentation Library.

Btrfs continues to be fully supported in Oracle Linux 7 Update 6 with UEK R5. Btrfs support is deprecated in the Red Hat Compatible Kernel.

Download Oracle Linux 7 Update 6

You can find the individual RPM packages on both th Unbreakable Linux Network (ULN) and the Oracle Linux yum server. ISO installation images will soon be available for download from the Oracle Software Delivery Cloud and Docker images will soon be available via Oracle Container Registry and Docker Hub.

See Also

Oracle Linux Yum Server

KSPLICE: Zero Downtime Updates For Oracle Linux

840 total views, 41 views today

New Release – Oracle Linux 7 Update 6

Davoud Teimouri is as a professional blogger, vExpert 2015/2016/2017/2018, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Teimouri.net © 2012 Frontier Theme
Read previous post:
HPE Service Pack For ProLiant (HPE SPP)
HPE Service Pack For ProLiant 2018.09.0 (HPE SPP)

HPE has release “HPE Service Pack For ProLiant 2018.09.0 (HPE SPP)” for production servers and it’s available to download. The Service Pack for...

Close