Red Hat Enterprise Linux 6 6.6 Release Notes Edition 6
Transcription
Red Hat Enterprise Linux 6 6.6 Release Notes Edition 6
Red Hat Enterprise Linux 6 6.6 Release Notes Release Notes for Red Hat Enterprise Linux 6.6 Edition 6 Red Hat Customer Content Services Red Hat Enterprise Linux 6 6.6 Release Notes Release Notes for Red Hat Enterprise Linux 6.6 Edition 6 Red Hat Custo mer Co ntent Services Legal Notice Co pyright © 20 14 Red Hat, Inc. This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0 Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red Hat trademarks must be remo ved. Red Hat, as the licenso r o f this do cument, waives the right to enfo rce, and agrees no t to assert, Sectio n 4 d o f CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shado wman lo go , JBo ss, MetaMatrix, Fedo ra, the Infinity Lo go , and RHCE are trademarks o f Red Hat, Inc., registered in the United States and o ther co untries. Linux ® is the registered trademark o f Linus To rvalds in the United States and o ther co untries. Java ® is a registered trademark o f Oracle and/o r its affiliates. XFS ® is a trademark o f Silico n Graphics Internatio nal Co rp. o r its subsidiaries in the United States and/o r o ther co untries. MySQL ® is a registered trademark o f MySQL AB in the United States, the Euro pean Unio n and o ther co untries. No de.js ® is an o fficial trademark o f Jo yent. Red Hat So ftware Co llectio ns is no t fo rmally related to o r endo rsed by the o fficial Jo yent No de.js o pen so urce o r co mmercial pro ject. The OpenStack ® Wo rd Mark and OpenStack Lo go are either registered trademarks/service marks o r trademarks/service marks o f the OpenStack Fo undatio n, in the United States and o ther co untries and are used with the OpenStack Fo undatio n's permissio n. We are no t affiliated with, endo rsed o r spo nso red by the OpenStack Fo undatio n, o r the OpenStack co mmunity. All o ther trademarks are the pro perty o f their respective o wners. Abstract The Release No tes pro vide high-level co verage o f the impro vements and additio ns that have been implemented in Red Hat Enterprise Linux 6 .6 . Fo r detailed do cumentatio n o n all changes to Red Hat Enterprise Linux fo r the 6 .6 update, refer to the Technical No tes. T able of Cont ent s T able of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2. . . . . . . . . . Preface . .hapt C . . . .er . .1. .. Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . . E nhanc ed SCSI Unit Attentio n Hand ling O p en vSwitc h Kernel Mo d ule l ib hug etlb fs Sup p o rt fo r IBM Sys tem z K eywo rd s fo r ip ld ev and c o nd ev in c io _ig no re Availab le fo r IBM Sys tem z 3 3 3 4 . .hapt C . . . .er . .2. .. Net . . . working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5. . . . . . . . . . C hang es to HPN Ad d -O n 5 . .hapt C . . . .er . .3. . .Securit . . . . . . y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6. . . . . . . . . . S CAP Sec urity G uid e 6 N ew lib ic a APIs 6 . .hapt C . . . .er . .4. .. Virt . . . ualiz . . . . at . . ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7. . . . . . . . . . N ew Pac kag es : hyp erv-d aemo ns 7 T ec hno lo g y Preview: Red Hat Enterp ris e Linux 6 .6 Ho s ted as a G eneratio n 2 Virtual Mac hine 7 . .hapt C . . . .er . .5. . .St . .orage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8. . . . . . . . . . E nhanc ements to d evic e-map p er 8 Q SAM Ac c es s Metho d fo r Data s haring with z /O S - Stag e 1 8 d m-era Tec hno lo g y Preview 8 . .hapt C . . . .er . .6. .. Clust . . . . .ering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9. . . . . . . . . . keep alived Fully Sup p o rted 9 H APro xy Fully Sup p o rted 9 C TDB Up g rad e 9 . .hapt C . . . .er . .7. .. Hardware . . . . . . . . .Enablement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 0. . . . . . . . . . S up p o rt fo r Intel Wild c at Po int-LP PCH 10 S up p o rt fo r VIA VX9 0 0 Med ia Sys tem Pro c es s o r 10 . .hapt C . . . .er . .8. .. Indust . . . . . .ry . . St . . andards . . . . . . . .and . . . .Cert . . . ificat . . . . .ion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 1. . . . . . . . . . FIPS 140 Revalid atio ns 11 . .hapt C . . . .er . .9. .. Aut . . . hent . . . . icat . . . .ion . . . and . . . .Int . . eroperabilit . . . . . . . . . . .y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 2. . . . . . . . . . B etter Intero p erab ility with Ac tive Direc to ry A p ac he Mo d ules fo r External Authentic atio n A uto mated s ud o Co nfig uratio n o n IPA Clients 12 12 12 . .hapt C . . . .er . .1. 0. .. Deskt . . . . . op . . . and . . . .G. raphics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. 3. . . . . . . . . . N ew Pac kag e: g d k-p ixb uf2 13 . .hapt C . . . .er . .1. 1. .. Performance . . . . . . . . . . . .and . . . .Scalabilit . . . . . . . .y. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 4. . . . . . . . . . P erfo rmanc e Co -Pilo t (PCP) 14 . .hapt C . . . .er . .1. 2. .. G . .eneral . . . . . .Updat . . . . . es . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1. 5. . . . . . . . . . N ew Pac kag es : java-1.8 .0 -o p enjd k 15 . . . . . . . . . . . Versions Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 6. . . . . . . . . . . . . . . . . . .Hist Revision . . . ory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 7. . . . . . . . . . 1 Red Hat Ent erprise Linux 6 6 .6 Release Not es Preface Red Hat Enterprise Linux minor releases are an aggregation of individual enhancement, security and bug fix errata. The Red Hat Enterprise Linux 6.6 Release Notes documents the major changes made to the Red Hat Enterprise Linux 6 operating system and its accompanying applications for this minor release. D etailed notes on changes (that is, bugs fixed, enhancements added, and known issues found) in this minor release are available in the Technical Notes. The Technical Notes document also contains a complete list of all currently available Technology Previews along with packages that provide them. Important The online Red Hat Enterprise Linux 6.6 Release Notes, which are located online here, are to be considered the definitive, up-to-date version. Customers with questions about the release are advised to consult the online Release and Technical Notes for their version of Red Hat Enterprise Linux. Capabilities and limits of Red Hat Enterprise Linux 6 as compared to other versions of the system are available in the Knowledge Base article available at https://access.redhat.com/site/articles/rhel-limits. Should you require information regarding the Red Hat Enterprise Linux life cycle, refer to https://access.redhat.com/support/policy/updates/errata/. 2 Chapt er 1 . Kernel Chapter 1. Kernel Enhanced SCSI Unit At t ent ion Handling The kernel in Red Hat Enterprise Linux 6.6 has been enhanced to enable user space to respond to certain SCSI Unit Attention conditions received from SCSI devices via the udev event mechanism. The supported Unit Attention conditions are: 3F 03 INQUIRY D ATA HAS CHANGED 2A 09 CAPACITY D ATA HAS CHANGED 38 07 THIN PROVISIONING SOFT THRESHOLD REACHED 2A 01 MOD E PARAMETERS CHANGED 3F 0E REPORTED LUNS D ATA HAS CHANGED Because SCSI Unit Attention conditions are only reported in response to a SCSI command, no conditions are reported if no commands are actively being sent to the SCSI device. Red Hat Enterprise Linux 6.6 does not provide any default udev rules for these events, but usersupplied udev rules can be written to handle them. For example: ACTION=="change", SUBSYSTEM=="scsi", ENV{SDEV_UA}=="INQUIRY_DATA_HAS_CHANGED", TEST=="rescan", ATTR{rescan}="x" causes a SCSI device to be rescanned if the inquiry data changes. The rules for the supported events should match on the following SD EV_UA environment strings: ENV{SDEV_UA}=="INQUIRY_DATA_HAS_CHANGED" ENV{SDEV_UA}=="CAPACITY_DATA_HAS_CHANGED" ENV{SDEV_UA}=="THIN_PROVISIONING_SOFT_THRESHOLD_REACHED" ENV{SDEV_UA}=="MODE_PARAMETERS_CHANGED" ENV{SDEV_UA}=="REPORTED_LUNS_DATA_HAS_CHANGED" Note that in all cases the D EVPATH environment variable in the udev rule is the path of the device that reported the Unit Attention. Also, multipath I/O currently verifies that multiple paths to a device have some of the same attributes, such as the capacity. As a consequence, automatically rescanning a device in response to a capacity change can cause that some paths to a device have the old capacity and some paths have the new capacity. In such cases, multipath I/O stops using paths with the capacity change. Open vSwit ch Kernel Module Red Hat Enterprise Linux 6.6 includes the Open vSwitch kernel module as an enabler for Red Hat's layered products. Open vSwitch is supported only in conjunction with products that contain the accompanying user-space utilities. Please note that without these required user-space utilities, Open vSwitch will not function and cannot be enabled for use. For more information, please refer to the following Knowledge Base article: https://access.redhat.com/knowledge/articles/270223. libhuget lbfs Support for IBM Syst em z 3 Red Hat Ent erprise Linux 6 6 .6 Release Not es The l i bhug etl bfs library is now supported on IBM System z architecture. The library enables transparent exploitation of large pages in C and C++ programs. Applications and middleware programs can profit from the performance benefits of large pages without changes or recompilations. Keywords for ipldev and condev in cio_ignore Available for IBM Syst em z Red Hat Enterprise Linux 6.6 enables the use of keywords for the IPL device (ipldev) and console device (condev) to make installation easier when a system uses the ci o _i g no re command to blacklist devices. Allowing pre-defined CIO blacklists prevents problems in the following cases: No default console device number is available at installation time. There are no devices other than the IPL device as a base to clone Linux guests. Performing ramdisk-based installations with no devices other than the CCW console. 4 Chapt er 2 . Net working Chapter 2. Networking Changes t o HPN Add-On Starting with Red Hat Enterprise Linux 6.6, the High Performance Networking (HPN) Add-On is no longer be available as a separate product. Instead, the functionality found in the HPN Add-On has been integrated into the base product and delivered as part of the Red Hat Enterprise Linux base channel. In addition to including the HPN functionality into the base Red Hat Enterprise Linux 6 product, the RD MA over Converged Ethernet (RoCE) implementation has also been updated. RoCE uses Global Identifier or GID -based addressing for node-to-node communication. Previously, GID s were encoded based on the Ethernet interface's MAC address along with the VLAN ID (if used). Under certain circumstances, the compute entity that runs the RoCE protocol is not aware that its traffic is VLANtagged. The compute entity can then sometimes create or assume a wrong GID , which can result in connectivity problems. The updated RoCE implementation resolves this problem by changing the way the RoCE GID s are encoded, and instead bases them off the IP addresses of the Ethernet interface. All systems that use the RoCE protocol need to be upgraded to Red Hat Enterprise Linux 6.6 to ensure connection reliability due to this change in the wire protocol format. Please refer to this Red Hat Knowledge Base article for additional information: https://access.redhat.com/site/articles/971333. 5 Red Hat Ent erprise Linux 6 6 .6 Release Not es Chapter 3. Security SCAP Securit y Guide The scap-security-guide package has been included in Red Hat Enterprise Linux 6.6 to provide security guidance, baselines, and associated validation mechanisms that use Security Content Automation Protocol (SCAP). SC AP Securi ty G ui d e contains the necessary data to perform system security compliance scans regarding prescribed security policy requirements; both a written description and an automated test (probe) are included. By automating the testing, SC AP Securi ty G ui d e provides a convenient and reliable way to verify system compliance on a regular basis. New libica APIs Red Hat Enterprise Linux 6.6 introduces new libica library APIs for supported cryptographic modes, including hardware and software indication. The APIs show cryptographic exploiters what cryptographic functions are available and if hardware or software will be used to process cryptographic requests. In the past, this information could only be obtained by using stand-alone tools primarily intended for administrators. 6 Chapt er 4 . Virt ualiz at ion Chapter 4. Virtualization New Packages: hyperv-daemons New hyperv-daemons packages have been added to Red Hat Enterprise Linux 6.6. The new packages include the Hyper-V KVP daemon, previously provided by the hypervkvpd package, the Hyper-V VSS daemon, previously provided by the hypervvssd package, and the hv_fco py daemon, previously provided by the hypervfcopyd package. The suite of daemons provided by hyperv-daemons are needed when a Linux guest is running on a Microsoft Windows host with H yp er- V. T echnology Preview: Red Hat Ent erprise Linux 6.6 Host ed as a Generat ion 2 Virt ual Machine As a Technology Preview, Red Hat Enterprise Linux 6.6 can be used as a generation 2 virtual machine in the Microsoft Hyper-V Server 2012 R2 host. In addition to the functions supported in the previous generation, generation 2 provides new functions on a virtual machine; for example: boot from a SCSI virtual hard disk, and UEFI firmware support. 7 Red Hat Ent erprise Linux 6 6 .6 Release Not es Chapter 5. Storage Enhancement s t o device-mapper Several significant enhancements to d evi ce-mapper have been introduced in Red Hat Enterprise Linux 6.6: The d m-cache device-mapper target, which allows fast storage devices to act as a cache for slower storage devices, has been added as a Technology Preview. See the lvmcache manual page for more information. The device-mapper-multipath ALUA priority checker no longer places the preferred path device in its own path group if there are other paths that could be used for load balancing. The fast_i o _fai l _tmo parameter in the mul ti path. co nf file now works on iSCSI devices in addition to Fibre Channel devices. Better performance can now be achieved in setups with a large number of multipath devices due to an improved way in which the device-mapper multipath handles sysfs files. A new fo rce_sync parameter in mul ti path. co nf has been introduced. The parameter disables asynchronous path checks, which can help limit the number of CPU contention issues on setups with a large number of multipath devices. QSAM Access Met hod for Dat a sharing wit h z /OS - St age 1 Red Hat Enterprise Linux 6.6 introduces a new interface that enables Linux applications like D ata Stage to access and process (read-only) data in physical sequential data sets owned by z/OS without interfering with z/OS. By avoiding FTP or NFS transfer of data from z/OS, the turnaround time for batch processing is significantly reduced. dm-era T echnology Preview The device-mapper-persistent-data package now provides tools to help use the new d m-era device mapper functionality released as a Technology Preview. The d m-era functionality keeps track of which blocks on a device were written within user-defined periods of time called an era. This functionality allows backup software to track changed blocks or restore the coherency of a cache after reverting changes. 8 Chapt er 6 . Clust ering Chapter 6. Clustering keepalived Fully Support ed The keepalived package is now fully supported. The keepalived package provides simple and robust facilities for load-balancing and high-availability. The load-balancing framework relies on the wellknow and widely used Linux Virtual Server kernel module providing Layer4 network load-balancing. The keepal i ved daemon implements a set of health checkers to load-balanced server pools according to their state. The keepalived daemon also implements the Virtual Router Redundancy Protocol (VRRP), allowing router or director failover to achieve high availability. HAProxy Fully Support ed The haproxy package is now fully supported. HAP ro xy is a stand-alone, layer-7, high-performance network load balancer for TCP and HTTP-based applications which can perform various types of scheduling based on the content of the HTTP requests. CT DB Upgrade Red Hat Enterprise Linux 6.6 contains a new version of the CTD B agent, in which some internal operations have changed to improve stability and reliability. As a consequence, the new version cannot be mixed with older versions running in parallel in the same cluster. To update CTD B in an existing cluster, CTD B must be stopped on all nodes in the cluster before the upgrade starts, and the nodes can then be updated one by one and started again. 9 Red Hat Ent erprise Linux 6 6 .6 Release Not es Chapter 7. Hardware Enablement Support for Int el Wildcat Point -LP PCH Broadwell-U PCH SATA, HD Audio, TCO Watchdog, and I2C (SMBus) device ID s have been added for the drivers, which enables support for the next generation mobile platform in Red Hat Enterprise Linux 6.6. Support for VIA VX900 Media Syst em Processor VIA VX900 Media System Processor is supported in Red Hat Enterprise Linux 6.6. 10 Chapt er 8 . Indust ry St andards and Cert ificat ion Chapter 8. Industry Standards and Certification FIPS 14 0 Revalidat ions Federal Information Processing Standards Publications (FIPS) 140 is a U.S. government security standard that specifies the security requirements that must be satisfied by a cryptographic module utilized within a security system protecting sensitive, but unclassified information. The standard provides four increasing, qualitative levels of security: Level 1, Level 2, Level 3, and Level 4. These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include cryptographic module specification, cryptographic module ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. The following targets have been fully validated: NSS FIPS-140 Level 1 Suite B Elliptic Curve Cryptography (ECC) The following targets have been revalidated: OpenSSH (Client and Server) Openswan dm-crypt OpenSSL Suite B Elliptic Curve Cryptography (ECC) Kernel Crypto API AES-GCM, AES-CTS, and AES-CTR ciphers 11 Red Hat Ent erprise Linux 6 6 .6 Release Not es Chapter 9. Authentication and Interoperability Bet t er Int eroperabilit y wit h Act ive Direct ory Added functionality of System Securi ty Servi ces D aemo n (SSSD) enables better interoperability of Red Hat Enterprise Linux clients with Active D irectory, which makes identity management easier in Linux and Windows environments. The most notable enhancements include resolving users and groups and authenticating users from trusted domains in a single forest, D NS updates, site discovery, and using NetBIOS name for user and group lookups. Apache Modules for Ext ernal Aut hent icat ion A set of Apache modules has been added to Red Hat Enterprise Linux 6.6 as a Technology Preview. The mo d _authnz_pam, mo d _i ntercept_fo rm_submi t, and mo d _l o o kup_i d enti ty Apache modules in the respective packages can be used by Web applications to achieve tighter interaction with external authentication and identity sources, such as Identity Management in Red Hat Enterprise Linux. Aut omat ed sudo Configurat ion on IPA Client s In Red Hat Enterprise Linux 6.6, the i pa-cl i ent-i nstal l script configures the sud o utility on IPA clients by default. FreeIPA sudo integration is a widely popular feature, which can, however, pose some configuration challenges. The integration is now seamless, and i pa-cl i ent-i nstal l leverages a newly added IPA provider in sssd. 12 Chapt er 1 0 . Deskt op and G raphics Chapter 10. Desktop and Graphics New Package: gdk-pixbuf2 The gdk-pixbuf2 package, previously a part of the gtk2 package, has been added to Red Hat Enterprise Linux 6.6. The gdk-pixbuf2 package contains an image-loading library that can be extended by loadable modules for new image formats. The library is used by toolkits such as GTK+ or Clutter. Note that downgrading the libraries included in the gdk-pixbuf2 and gtk2 packages can fail. 13 Red Hat Ent erprise Linux 6 6 .6 Release Not es Chapter 11. Performance and Scalability Performance Co-Pilot (PCP) Performance Co-Pilot (PCP) provides a framework and services to support system-level performance monitoring and management. Its light-weight, distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Performance metrics can be added using the Python, Perl, C++ and C interfaces. Analysis tools can use the client APIs (Python, C++, C) directly, and rich web applications can explore all available performance data using a JSON interface. For further information, consult the extensive manual pages in the pcp and pcp-libs-devel packages. The pcp-doc package installs comprehensive documentation in the /usr/share/d o c/pcp-d o c/* directory. PCP also provides a manual page for every tool; type man toolname on the command line to view the manual page for that tool. 14 Chapt er 1 2 . G eneral Updat es Chapter 12. General Updates New Packages: java-1.8.0-openjdk New java-1.8.0-openjdk packages, which contain the OpenJD K 8 Java Runtime Environment and the OpenJD K 8 Java Software D evelopment Kit, are now available in Red Hat Enterprise Linux 6.6 as a Technology Preview. 15 Red Hat Ent erprise Linux 6 6 .6 Release Not es Component Versions This appendix is a list of components and their versions in the Red Hat Enterprise Linux 6.6 release. T ab le A.1. C o mp o n en t Versio n s C o mp o n en t Versio n Kernel QLogic q l a2xxx driver QLogic ql2xxx firmware 2.6.32-494 8.07.00.08.06.6-k ql23xx-firmware-3.03.27-3.1 ql2100-firmware-1.19.38-3.1 ql2200-firmware-2.02.08-3.1 ql2400-firmware-7.03.00-1 ql2500-firmware-7.03.00-1 Emulex l pfc driver iSCSI initiator utils D M-Multipath LVM 16 10.2.8020.1 iscsi-initiator-utils-6.2.0.873-11 device-mapper-multipath-libs-0.4.9-80 lvm2-2.02.108-1 Revision Hist ory Revision History R evisio n 0.0- 0.4 T u e O ct 14 2014 Release of the Red Hat Enterprise Linux 6.6 Release Notes. Milan N avrát il 17