Just installed it in a VM, changes that jumped out at me:
• No Python (that you should develop against) installed out of the box. There's a /usr/libexec/platform-python (3.6) that yum (dnf) runs against, and then python2/python3 packages you can optionally install if you want to run python scripts.
• Kernel 4.18
• No more ntpd, chrony only
• /etc/sysconfig/network-scripts is a ghost town, save for a lonely ifcfg file for my network adapter. No more /etc/init.d/network, so /etc/init.d is finally cleaned out. It looks like static routes still go in route-<adapter> and you ifdown/ifup to pull those in (it calls nmcli).
• Pretty colors when running dmesg!
Neat, but a great isolated example of the ancient software people who use RHEL have to deal with. RHEL 7 has dmesg from util-linux 2.23, the "colors by default" feature[1] first came out with 2.24 released on October 21st, 2013, which is around the time[3] the first beta of RHEL 7 came out.
1. https://github.com/karelzak/util-linux/commit/9bc2b51a06dc9c...
2. https://github.com/karelzak/util-linux/releases/tag/v2.24
3. https://en.wikipedia.org/wiki/Red_Hat_Enterprise_Linux#RHEL_...
Some examples:
- OpenSSL rebase to 1.0.2k (for HTTP/2 support).
- overlayfs2 kernel support.
- Kernel eBPF instrumentation.
- Introduction of podman and friends.
- Ansible is kept up-to-date.
- GCC 7 and Python 3.6 via Software Collections.
This includes extensive testing. I have non-production systems on Fedora which run mainline kernels and have seen my fair share of performance regressions and crashes.
I'm assuming there was no notable customer demand for colorful dmesg output.
Reminds me of the time I wrote a script that called 'hostname -x' on SunOS instead of Solaris and it changed the hostname to '-x' and broke X11. RHEL is the nostalgia Linux.
But seriously, has anyone ever empirically verified that the Debian Stable/RHEL model of shipping a bunch of really old packages and then layering years of patches over top actually generates more stable, more secure code?
My intuition after a couple decades of software dev is that bugs will fester longer in the old version and the patches themselves will start having bugs as the top of tree diverges more and more from the shipped package over time.
Python: This is about the module system. Modules let you install different versions of parts of the stack. For example, different Python, different Apache version, different QEMU. These will move much faster than base RHEL because they're now decoupled. You can install one version of each module from a choice of several versions available at any one time -- it's not parallel install (for that there is still Software Collections). The reason for not having parallel install is basically because people use containers or VMs so they don't really need it, and parallel install brings a lot of complexity.
For Python we tried to remove all the Python dependencies from the base image, didn't quite do it because of dnf (although that is in the works with at least the base dnf 3 being rewritten in C++). So we need a reliable System Python which isn't in a module (else dnf would break if you install modular Python 2.7). Basically don't use System Python unless you're writing base system utilities, instead "yum install python3" should pull in the right module.
Kernel: As usual the version number isn't that interesting, as a lot of work will be done through backports.
ntpd: Can't say I'm very happy about this myself :-(
Network scripts: It's NetworkManager all the way. Again, mixed feelings about this, but I can't say I loved network scripts either.
Why aren't you happy with the ntpd->chrony move?
Do you know why? I think it would be cool to not have any interpreted languages in the base image and FreeBSD manages to do that but I don't consider it that critical. For me it would be more interesting to not have Perl at all than Python...
I guess the situation with Python 2.7 on RHEL 7 was/is that painful?
https://developers.redhat.com/blog/2019/05/07/what-no-python...
This is an instance of what they're calling application streams, as explained in another post:
https://developers.redhat.com/blog/2018/11/15/rhel8-introduc...
You already have that on CentOS/RHEL 7 with Software Collections, and App Streams make it a first-class citizen.
It probably made sense when disk space was a lot more constrained.
Not surprising. I've been preferring Chrony to ntpd on systems without systemd-timesyncd (like CentOS 6 and 7) for at least two years since I read this Core Infrastructure article about Chrony:
https://www.coreinfrastructure.org/blogs/securing-network-ti...
Back when the ntpd security became a thing I evaluated chrony and openntpd as replacements and went with openntpd. It seemed to be simpler, used fewer system resources and had the openbsd teams reputation behind it.
OpenNTPD's goals are to be "good enough" and provide "reasonable accuracy". On an OpenBSD laptop and several "play" VMs (running OpenBSD), it was indeed "good enough". For individual desktops or laptops and the random "standalone" machine, OpenNTPD is simpler and "just works" (I like that it can "verify" the time using HTTPS hosts of my choosing).
Nowadays, only my stratum 1 NTP servers still run the reference implementation. Everything else -- especially hosts which I may need to correlate events based on timestamps -- runs chrony.
A comparison of the three implementations [0] is available on chrony's website. From a quick glance, I don't see anything blatantly incorrect or "biased. The comparison was discussed here on HN ~18 months ago [1].
Basically, if accuracy to the second is good enough, OpenNTPD is fine. If you want more precision than that, go with chrony. It'll be MUCH more accurate and it really isn't any "harder" than OpenNTPD. You'll probably want to stick with ntpd if you're using reference clocks, although chrony supports a subset of them. If you're a nerd that wants the absolutely most accurate time you can get, Google "PTP 1588" as well.
My most disliked feature. The colors in everything always clashes with both my background color (the best one for my eyes) and my vision in general. The first thing I do on any new system is to figure out how to turn of the colors. Otherwise I can't see any of the output.
Great news, don't like Python by default. All Linux basic services works great without it.
https://access.redhat.com/documentation/en-us/red_hat_enterp...
Bad news: ...without ext/sodium
That's a frankly irresponsible decision for Red Hat to make.
You say that without knowing anything at all about the situation? If you're a Red Hat customer, you could file a support ticket to get it pulled back in.
Historically speaking, Red Hat is rather conservative about the number of crypto libraries they pull into their system because of the requirement to validate the system for certifications. But if there are legitimate requirements to have it included and managed by the base system, then usually they'll work to fix this if they are informed that it's needed.
Again, if no one has officially requested it, then why would they pull it in?
It can also help to file bugs on RHEL 8 in the Red Hat Bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%...
found by removing the query part
In the promo vid on their site, there are a couple of people gaming. Is this alluding to the fact that you can game on RHEL or that it powers the backend of games?
Just curious...
2) Steam now bundles Wine and lots of games are tested and semi-officially supported with it now, bumps the playable fraction to more like 60-70%—and you can enable it for all games with a settings checkbox, too, and more often than not it works.
You can game on RHEL but it wouldn't be my first choice of distro for it - IMO, Ubuntu and Fedora are both better-suited for that task.
It's rolling release, including the whole stack that's supporting games. And they have a wrapper package that will install steam and its dependencies.
We basically packaged our own RHEL8 on top of 7 and I’m glad we don’t have to do that for 95% of the packages anymore.
https://access.redhat.com/containers/?tab=images#/registry.a...
Following the pattern of https://access.redhat.com/containers/?tab=images#/registry.a... and https://access.redhat.com/containers/?tab=images#/registry.a...
grep -rli 'centos' * | xargs -i @sed -i 's/centos]/Oracle\ Unbreakable\ Linux/gi' @
done
Quick question: how do I differentiate between freely available and subscription-only containers on the Red Hat Registry?
I'm also looking to know what packages are available in RHEL8 that are not available to UBI containers. I'm not able to find information as to what subset of the RHEL package universe is available to UBI containers. If you're aware of information on this I'd love to be pointed to it.
IBM has zero incentive to interfere with CentOS, it's the best advertising for RHEL they can get.
You haven't been around a merger & acquisition process, I take it. It's usually like the scorpion and frog parable:
A scorpion asks a frog to carry it across a river. The frog hesitates, afraid of being stung by the scorpion, but the scorpion argues that if it did that, they would both drown. The frog considers this argument sensible and agrees to transport the scorpion. The scorpion climbs onto the frog's back and the frog begins to swim, but midway across the river, the scorpion stings the frog, dooming them both. The dying frog asks the scorpion why it stung the frog, to which the scorpion replies "I couldn't help it. It's in my nature."
(from https://en.wikipedia.org/wiki/The_Scorpion_and_the_Frog )
