Red Hat has officially made its corporate Red Hat Enterprise Linux (RHEL) 9 distribution available for download. Based on CentOS Stream for the first time, the system aims to be the manufacturer’s global tool for all application areas from data center to peripheral installations and embedded devices, and comes with many changes in detail.
CentOS Stream 9 as a base
Previous RHEL releases always started their life cycle as a snapshot of the Fedora Linux release. However, Red Hat has already said goodbye to this development model at the end of 2020: instead, it uses the rolling release distribution that the manufacturer maintains permanently, called CentOS Stream. Unlike before, all changes from Fedora are no longer automatically sent to RHEL – instead, Red Hat handles only individual jobs as required. To the annoyance of many administrators, the classic CentOS, which was previously a free version of RHEL that could run without manufacturer support, had to nibble the dust.
Above all, Red Hat expects the changing development model to accelerate enterprise distribution development, even though existing systems will not directly benefit from this. However, the release cycle of RHEL must be significantly shortened by the new base, which means that RHEL systems can be run with software that is on average more modern than before. There were at least four years between RHEL 7 and RHEL 8 – Canonical has, by comparison, two years between the two LTS versions.
The kernel is the new RHEL 9 Linux 5.14, which was released at the end of 2021 and is therefore not completely new anymore. It’s well known that the kernel of systems with long-term support is a thing anyway: they often have little in common with the parent kernel, especially in the later stages of their life cycle. Instead, manufacturers regularly go to great lengths in port patches from later kernels to standard kernels for their enterprise distribution. Once RHEL 9 is installed, the kernel, which is nominally version 5.14, should contain a number of patches from a later kernel – from the point of view of the administrator, however, this is difficult to understand.
New kernel feature: basic scheduling
RHEL 9 finally ends support for the classic IDE bus. What is new, however, is core scheduling support: this is a kernel feature by which processes in a userland can be combined into logical groups, which the kernel then reliably processes on the same cores. This feature is practical in terms of performance and security. On the other hand, processes can be reliably protected from each other via scheduling groups; On the other hand, many applications benefit in terms of performance from running on the same cores.
The upcoming iX 7/2022 will take a closer look at the new features of RHEL 9. Grab our free newsletter in time to publish the new issue, which introduces iX’s hottest topics in July and contains exclusive interviews with authors and editors. You can subscribe to it at heise.de/s/NY1E.
Stable APIs, ARM64, Cloud Support
Red Hat has put a lot of effort into all the technologies that make the distribution ready for virtualization, cloud computing, and edge computing. RHEL was already the basis for other Red Hat products such as OpenShift or RHEV; RHEL 9 brings a variety of updates to all system components required for this purpose. Docker version 4.0.0 of the Podman alternative is newly included with RHEL 9; For the first time, this supports the IPv6 IP standard and the two-stack configurations of IPv4 and IPv6 for containers. The developers are also introducing an update for QEMU – moreover, in RHEL 9 QEMU is compiled with Clang instead of GCC, which allows the use of additional security features such as SafeStack. With these changes, Red Hat is making it more difficult for attackers to break into the host system than running KVM VMs.
However, the manufacturer’s Wohl isn’t just looking for RHEL 9 on classic servers in a data center. Instead, depending on the provider, the distribution must grow to a base length of all conceivable Linux applications. For the ultra-large scale, Red Hat offers images structured in the Image Builder Service as well as a small system of embedded hardware. In line with this, RHEL 9 significantly expands the support for AARCH64 systems, that is, for 64-bit systems with ARM CPUs, which are especially popular in embedded devices. Red Hat also provides ready-to-use RHEL 9 containers in three different sizes as the basis for user images.
For developers in distributed environments, Red Hat also promises stable APIs for the life of RHEL 9 on all supported platforms. OpenShift plays an important role in this, as standardized APIs are enabled on a container basis. This would particularly facilitate the development of an application that can be used on the server in the data center as well as in the edge machine. In line with this, Red Hat is also upgrading its lifecycle management tools, which can now handle more targeted platforms and additional deployment scenarios, such as those in high-end environments. This includes, for example, a web interface built directly into RHEL and providing a quick overview of a number of system parameters as well as basic configuration tasks.
Lots of little things
It also seems that a number of changes are not clear, but they have significant consequences for the administrator and his day-to-day work. Most system components will experience major updates compared to RHEL 8. OpenSSL version 3.0 is included with RHEL 9, which – as with Ubuntu – leads to better performance, but also implicitly eliminates some algorithms that are considered obsolete. GCC 11 is the default translator; Go 1.16.6, Rust 1.54, PHP 8, Python 3.9, and Ruby 3 provide plenty of scripting languages. Classic server software such as MariaDB (10.5), PostgreSQL (13) or Redis (6.2) are also available in RHEL 9 in a renewed form.
There are many innovations in terms of security. sudo can now be unlocked using a smart card on the command line; At the same time, administrators no longer have to worry about not allowing an SSH login as root. Because this is automatically deactivated again for the first time since 2001 in the RHEL release. According to the manufacturer, SELinux should remain active. According to a Red Hat statement, this is no longer up to 25% faster in RHEL 9 than before, and it no longer allows itself to pass
/etc/selinux/config Turn off. Alternatively, SELinux can only be used as an option
selinux=0 in the Linux kernel command line at system startup.
Red Hat’s automatic installer, Anaconda, has many new features. From Anaconda, the system can now be registered directly with Red Hat using the subscription manager; Previously there was an excerpt from the shell for this in
%post– Instructions needed for installation. On the other hand, it’s time to say goodbye to staff, an alternative to kernel binding devices. Red Hat has officially deprecated the old iptables interfaces in RHEL 9, so it should be missing in RHEL 10; In the form of nftables, however, the official successor has been available since RHEL 8 – so it’s hard to anticipate problems here. If you haven’t converted your old iptables rule set to nftables yet, you should start now.
Another point of contention: Systemd
The change in RHEL 9, which seems inconspicuous in the change, is likely to cause some controversy, especially among more conservative system administrators. Because the network scripts package is finally no longer included in RHEL 9. Even RHEL 7 which displays files known in the . format
/etc/sysconfig/network-scripts Through which the network interfaces of the system can be configured. In RHEL 8, the packet is already marked as deprecated, and instead users must use systemd-networkd to configure their network settings. However, the crux of the matter was that the systemd network manager could not create all the configurations that were previously supported by the scripts. Also, it’s not entirely suspicious that the CLI tools for using systemd-networkd are particularly intuitive. This is probably one of the reasons why many administrators are using scripts again. RHEL 9 finally puts an end to this freedom of choice: systemd-network is the only option left to configure NICs in the system, and now you have to deal with the new approach to system configuration at the latest. The provider at least assures that all the settings built into the network scripts can also be made using systemd-networkd.
Updates also for desktop
While desktop users are not the primary target of RHEL, Red Hat Enterprise Linux runs on the end user’s computer occasionally. There are also some changes here in RHEL 9. The standard desktop is already GNOME 40 out of date, which comes with the usual office applications like Firefox or LibreOffice in versions that are no longer completely new. Pipewire also replaces the previous audio framework, PulseAudio.
For a number of components, users can also hope to receive updated packages during the release cycle of RHEL 9 – because, as in RHEL 8, Red Hat also supports several options in version 9 for installing additional software on the system. So new versions of classic desktop applications can be modified later via Flatpak without losing support for the entire system. Flatpaks also offers some interesting applications for servers with the blessing of Red Hat or even directly from Red Hat itself.
As usual, Red Hat gives its users a preview of the features that can be expected for the foreseeable future – which the manufacturer does not officially support yet. In RHEL 9, this includes the kernel’s VPN implementation, WireGuard, as well as support for full and semi-virtual virtual machines on systems with a 64-bit ARM CPU, and for desktop users, GIMP image processing.
Conclusion: an accurate update
For the first time in a long time, Red Hat is leaving a row of stones on top of each other between two versions of RHEL. Unlike switching from, say, RHEL 7 to 8, anyone who is used to running RHEL 8 does not have to get used to a whole host of new tools, discard existing knowledge and learn new knowledge. Instead, RHEL 9 comes as a cautious update that won’t pose many challenges for administrators.
As usual, RHEL 9 can be obtained directly from Red Hat. Developers can use the distribution for the first time at no cost with an active subscription.