You can install Oracle Linux 7 on x86-64 systems with up to 2048 logical CPUs and 64 TB of memory. The theoretical upper limit is 5120 logical CPUs and 64 TB of memory, but this configuration is not supported. A minimum of 2 logical CPUs and 1 GB of memory per logical CPU is recommended. Although the minimum disk space required for installation is 1GB, a minimum of 5 GB is recommended.

The following table lists the maximum file size and maximum file system size for the btrfs, ext4, and XFS file systems.

The maximum supported size for a bootable LUN is 50 TB. GPT and UEFI support are required for LUNs larger than 2 TB.

The maximum size of the address space that is available to each process is 128 TB.

Oracle Linux 7 is shipped with the following kernels:

• Red Hat Compatible Kernel (RHCK), based on mainline Linux version 3.10.

• Unbreakable Enterprise Kernel Release 3 (UEK R3), starting with 3.8.13, based on mainline Linux version 3.8. This is the default kernel.

The Anaconda installer has been enhanced and includes the following notable features:

• An enhanced graphical interface.

• A new text interface that can be used in a write-only mode.

• Support for non-partitioned, directly-formatted devices.

• tmpfs configuration.

• LVM thin provisioning.

• Configuration of btrfs or XFS for the root file system. Note that the file system type for /boot cannot be btrfs.

• The default file system type is XFS, which replaces ext4.

• Encryption of swap and all file systems except for /boot. For a btrfs file system, the encryption applies to all subvolumes.

• Bonding and teaming of network interfaces.

Apache HTTP Server version 2.4 provides the following notable features:

• The event Multi-Processing Module (MPM) and integrated proxy module support for the FastCGI protocol allow the server to serve more concurrent requests.

• Improvements to asynchronous read and write handling.

• Embedded Lua scripting.

For more information see https://httpd.apache.org/docs/2.4/new_features_2_4.html.

Oracle Linux 7 introduces the following notable authentication features:

• If POSIX attributes are defined, authentication can obtain a user or group ID from Active Directory instead of using an ID generated from a Security Identifier. Clients must be running Oracle Linux 5 Update 9 and later, Oracle Linux 6 Update 3 and later, or Oracle Linux 7.

• The slapi-nis package contains the following plug-ins:

  • nisserver-plugin enables a directory server to act as a NIS server.

  • schemacompat-plugin enables a directory server to modify how entries in the directory information tree (DIT) are presented to clients.

  These plug-ins are designed to help transition a network from NIS to LDAP.

The GRUB2 boot loader in Oracle Linux 7 provides the following notable enhancements over the previous version of GRUB:

• Support for the BIOS, EFI, and Open Firmware.

• Support for GPT.

• Support for additional file system types, including HFS+ and NTFS.

The Linux Containers (LXC) feature allows you to safely and securely run multiple applications or instances of an operating system on a single host without risking them interfering with each other. Containers are lightweight and resource-friendly, which saves both rack space and power. For more information, see Oracle Linux 7: Administrator's Guide.

LXC is supported for both UEK R3 and RHCK. You can configure both 32-bit and 64-bit guest containers. However, some applications might not be supported for use with these features.

Oracle Linux 7 includes the Keepalived and HAProxy technologies for balancing access to network services while maintaining continuous access to those services.

Keepalived uses the IP Virtual Server (IPVS) kernel module to provide transport layer (Layer 4) load balancing, redirecting requests for network-based services to individual members of a server cluster. IPVS monitors the status of each server and uses the Virtual Router Redundancy Protocol (VRRP) to implement high availability.

HAProxy is an application layer (Layer 7) load balancing and high availability solution that you can use to implement a reverse proxy for HTTP and TCP-based Internet services.

For more information, see Oracle Linux 7: Administrator's Guide.

In the initial release of Oracle Linux 7, the MySQL Community 5.6 packages were provided on the Oracle Linux 7 full installation DVD image but were not installable using the Anaconda installer or kickstart. The ISO image for update 1 to Oracle Linux 7 provides support for installing either MySQL 5.6 or MariaDB by using either the Anaconda installer or kickstart. For more information, see Oracle Linux 7: Release Notes for Oracle Linux 7.1 .

Oracle Linux 7 provides the following notable enhancements to support networking:

• The chronyd service enables mobile systems and virtual machines to update their system clock after a period of suspension or disconnection from a network. You can use the chronyc command to manage the chronyd service. For more information, see the chronyc(1) manual page.

• Domain Name System Security Extensions (DNSSEC) allow a DNS client to verify the authenticity of a DNS server and to check that responses to DNS queries have not been modified.

• The firewalld service provides a dynamically managed firewall that allows applications and system services to add firewall rules. By default, the firewalld service is enabled and the iptables and ip6tables services are disabled. For more information, see https://fedoraproject.org/wiki/FirewallD.

• The nmcli utility notifies the NetworkManager about configuration changes. By default, NetworkManager now does not monitor configuration file for changes. However, it still responds to any changes made using the D-Bus API. For more information, see the nmcli(1) manual page.

• OpenLMI provides an infrastructure for configuring, managing, and monitoring hardware, operating system software, and services on Linux systems, including bare-metal servers and virtual machine guests, as well as storage systems and networks. OpenLMI abstracts the complexity of system management and presents a simpler administration interface. The Open LMI agents on a managed system are accessible via the OpenLMI controller, which also provides access to client applications using C/C++, Java, Python, or the CLI. For more information, see http://www.openlmi.org.

The Red Hat Compatible Kernel (RHCK) is based on mainline Linux version 3.10 and provides the following notable features:

• Compression of swap memory to reduce I/O overhead (zram).

• Crash dumps can be recorded on systems with up to 3 TB of memory.

• DynTick support for suspending the system tick when there is only a single runnable task.

• Hardware Error Reporting Mechanism (HERM), which replaces mcelog and EDAC.

• NUMA-aware scheduling and memory allocation for improving the performance of NUMA systems.

Oracle Linux 7 introduces the following notable security features:

• The SSH 2 AuthenticationMethods option specifies one or more comma-separated lists of authentication methods. If only one list is specified, a user is granted access if he or she successfully completes all of the methods in the list. If several lists are specified, a user must complete at least one of the lists. Each listed authentication method must be enabled in /etc/ssh/sshd_config.

  The available methods are hostbased, keyboard-interactive, password, and publickey. You can use the keyboard-interactive method to invoke authentication mechanisms such as Pluggable Authentication Modules (PAM). You can configure PAM modules that use authentication methods such as GSSAPI, Kerberos, hardware tokens, or biometric matching.

  The following example configuration requires either public-key authentication followed by PAM-defined authentication or connection from a trusted host followed by public-key authentication:

  AuthenticationMethods "publickey,keyboard-interactive:pam hostbased,publickey"

• To overcome the inherent vulnerability of processes sharing a system key table, applications can use the GSS Proxy system service to set up a unique Kerberos context.

• The selinuxuser_use_ssh_chroot variable must be set for confined SELinux users (for example, guest_u, staff_u, or user_u). To ensure high security when specifying the Open SSH ChrootDirectory option, configure chrooted users as the confined user guest_u.

• Version 3.15.2 and later of the nss packages support the following AES-GCM cipher suites with TLS 1.2:

  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_RSA_WITH_AES_128_GCM_SHA256

• OCSP and CRLs no longer accept MD2, MD4, and MD5 signatures.

Oracle Linux 7 introduces the following notable features for managing storage and file systems:

• Oracle Linux 7 with both UEK R3 and RHCK uses the Linux-IO (LIO) Target to provide the block-storage SCSI target for FCoE, iSCSI, and Mellanox InfiniBand (iSER and SRP). To manage LIO, you can use the targetcli shell, which accepts plug-ins that support additional fabric types and functionality. For more information, see the targetcli(8) manual page and http://linux-iscsi.org/wiki/Targetcli. Note that Mellanox InfiniBand is only supported with UEK.

• The System Storage Manager command-line utility (ssm) unifies the configuration and management of storage and file systems by subsuming the functionality of commands such as btrfs, cryptsetup, dmsetup, fsck, lv*, mdadm, mkfs, mount, pv*, tune2fs, vg*, and xfs_*. For more information, see the ssm(8) manual page and http://storagemanager.sourceforge.net.

• Oracle Linux 7 provides the temporary file system (tmpfs), which is configured in volatile memory and whose contents do not persist after a system reboot. To mount this file system on /tmp, use the systemctl command to enable the tmp.mount systemd mount point unit. The tmpfs file system is suitable for use by non-privileged processes that need to store small quantities of temporary data.

• The snapper command allows you to manage read-only snapshots of btrfs file systems and thinly-provisioned LVM logical volumes. For more information, see the snapper(8) manual page and http://snapper.io/documentation.html.

The following features are still under development, but are made available for testing and evaluation purposes with UEK R3.

• DRBD (Distributed Replicated Block Device)

  A shared-nothing, synchronously replicated block device (RAID1 over network), designed to serve as a building block for high availability (HA) clusters. It requires a cluster manager (for example, pacemaker) for automatic failover.

• Transcendent memory

  Transcendent Memory (tmem) provides a new approach for improving the utilization of physical memory in a virtualized environment by claiming underutilized memory in a system and making it available where it is most needed. From the perspective of an operating system, tmem is fast pseudo-RAM of indeterminate and varying size that is useful primarily when real RAM is in short supply. To learn more about this technology and its use cases, see the Transcendent Memory project page at https://oss.oracle.com/projects/tmem/.

For the RHCK, the following features are currently under technology preview:

• Active Directory and LDAP sudo providers.

• Block and object storage layouts for parallel NFS (pNFS).

• Block device caching by LVM, which allows small, fast devices to act as caches for large, slow devices.

• btrfs file system. Oracle supports btrfs with UEK R3.

• Crash kernel can be configured to boot with more than a single CPU.

• DIF/DIX for data integrity checking on SCSI devices.

• LSI Syncro CS feature in the megaraid_sas driver to support High-Availability Direct-Attached storage (HA-DAS) adapters.

• LVM API.

• More than 32 PCI slots can be configured with PCI Bridge in QEMU.

• OpenLMI Software Provider.

• PCI Express Bus, AHCI Bus, and USB 3.0 host adapter emulation are provided for KVM guests.

• SCAP Workbench and the OSCAP Anaconda add-on.

• Single-Root I/O virtualization (SR-IOV) in the qlcnic driver.

• Storage array management, which includes a command-line interface and the libStorageMgmt API.

• The dm-era device-mapper target records changes made to blocks over a specified time period.

• Trusted Network Connect.

• virtio-blk-data-plane in Quick EMUlator (QEMU) improves block I/O performance.

Oracle Linux maintains user-space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 3 (UEK R3) and no re-certifications are needed for RHEL certified applications.

To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R3 will remain unchanged in all subsequent updates to the initial release. UEK R3 contains changes to the kernel ABI relative to UEK R2 that require recompilation of third-party kernel modules on the system. Before installing UEK R3, verify its support status with your application vendor.

The following Emulex LightPulse HBA devices are being desupported by Emulex and are not supported for use with Oracle Linux 7:

• LP10000 (VID:10DF, DID:FA00)

• LP10000S (VID:10DF, DID:FC00)

• LP101 (VID:10DF, DID:F0A1)

• LP1050 (VID:10DF, DID:F0A5)

• LP11000S (VID:10DF, DID:FC10)

• LP11000-S (VID:10DF, DID:FD11)

• LP111 (VID:10DF, DID:F0D1)

• LP6000 (VID:10DF, DID:1AE5)

• LP7000 (VID:10DF, DID:F700)

• LP8000 (VID:10DF, DID:F800)

• LP9002 (VID:10DF, DID:F900)

• LP952 (VID:10DF, DID:F095)

• LP9802 (VID:10DF, DID:F980)

• LP982 (VID:10DF, DID:F098)

• LPe1000 (VID:10DF, DID:F0F5)

• LPe1000-SP (VID:10DF, DID:F0F5)

• LPe1002-SP (VID:10DF, DID:F0F7)

• LPe11000S (VID:10DF, DID:FC20)

• LPx1000 (VID:10DF, DID:FB00)

• LPx1000 (VID:10DF, DID:FB00)

The following sections describe the most notable changes in Oracle Linux 7 from Oracle Linux 6.