The following clustering features, bug fixes, and enhancements are included in this update. See Oracle Linux 7: Administrator's Guide for more information on clustering technology and support limitations.

• Pacemaker now supports path, mount, and timer systemd unit files

  Although previous releases of Pacemaker supported service and socket systemd unit file, alternative units would fail. Pacemaker can now manage path, mount and timer systemd units, as well.

• Pacemaker LVM resource agent updates

  New functionality and updates have been applied to the LVM resource agents for better management of shared storage across hosts. Most notably, the new LVM-activate resource agent assists with the handling of LVM management throughout the cluster and can be configured to work either with clvmd or lvmlockd, depending on your implementation.

  Options available through the new LVM-activate resource agent include:

  • tagging, equivalent to the tagging provided with the existing lvm resource agent;

  • clvmd, equivalent to using clvmd with the existing lvm resource agent;

  • system ID, a new option for using the system ID for volume group failover as an alternative to using tagging; and

  • lvmlockd, a new option to use lvmlockd and dlm for volume group sharing as an alternative to using clvmd.

  The existing lvm resource agent has also been patched to accept the volume_group_check_only parameter. This parameter can be set to limit monitoring to only volume groups, to avoid timeouts on tagged volumes. This parameter must only be used with the lvm resource agent when you are experiencing timeout issues. Do not use this parameter with the LVM-activate resource agent.

The following file systems features, bug fixes, and enhancements are included in this update.

• btrfs: File system deprecated in RHCK

  Starting with Oracle Linux 7.4, btrfs is deprecated in RHCK. Note that btrfs is fully supported with UEK R4 and on UEK R5.

• pNFS SCSI layout support in RHCK

  Parallel NFS (pNFS) SCSI layouts are supported when using RHCK.

The following installation and upgrade features, bug fixes, and enhancements are included in this update:

• In-place upgrade from Oracle Linux 6 to Oracle Linux 7

  The in-place upgrade tools are updated to support upgrading from Oracle Linux 6 to Oracle Linux 7 by replacing the existing operating system. The provided tools can help to check for potential issues during upgrade and ease upgrade processes. See Upgrading from Oracle Linux 6 for more information.

• Booting from an iSCSI device that is not configured by using iBFT now supported

  The installer now includes a new boot option, inst.nonibftiscsiboot. This boot option can be used to install the boot loader onto an iSCSI device that has not been configured in the iSCSI Boot Firmware Table (iBFT).

• Installing and booting from NVDIMM devices now supported

  The installer is now capable of recognizing Nonvolatile Dual Inline Memory Module (NVDIMM) devices when installing or booting NVDIMM devices in sector mode and can be used to reconfigure NVDIMM devices into sector mode during installation.

  This update also includes an extension to the kickstart scripts for the installer, to facilitate new commands for handling NVDIMM devices. Other updates were applied to system components, such as grub2, efibootmgr and efivar, to handle booting from these devices.

The following changes are specific to RHCK. For more information, refer to latest versions of the release notes for Oracle Linux Unbreakable Enterprise Kernel Release 5 in Unbreakable Enterprise Kernel documentation.

• Updated kexec-tools documents for the Kdump FCoE target

  The documentation for kexec-tools has been updated to include instructions on using a Fibre Channel over Ethernet (FCoE) target with Kdump.

• NVMe driver updated to version 4.17-rc1

  The NVMe driver that ships with RHCK has been updated to version 4.17-rc1. This driver includes several bug fixes and enhancements, including a number of improvements for the use of NVMe over Remote Direct Memory Access (RDMA).

MySQL Community packages are not included on the provided ISO in this release. This change ensures that the ISO size is appropriate for use on typical DVD-ROM media. The MySQL Community 8.0, MySQL Community 5.7, MySQL Community 5.6, and MySQL Community 5.5 packages continue to be available on the Unbreakable Linux Network (ULN) and the Oracle Linux yum server.

You can install MySQL Community packages directly from ULN or from the Oracle Linux yum server by enabling the appropriate channel or repository. For example, you would enable the ol7_MySQL57 repository on the Oracle Linux yum server to install the MySQL Community 5.7 packages as follows:

sudo yum-config-manager --enable ol7_MySQL57

The following networking features, bug fixes, and enhancements are included in this update:

• ECMP fib_multipath_hash_policy support added to the kernel for IPv4 packets

  RHCK is updated to include support for the Equal-cost multi-path routing (ECMP) hash policy by using the sysctl command with the fib_multipath_hash_policy option. When the value for this option is set to 1, the kernel performs an L4 hash (multipath hash on IPv4 packets). When the default value of 0 is set, only an L3 hash is used.

  Note that if you enable fib_multipath_hash_policy, ICMP error packets are not hashed according to the inner packet headers, which is a problem for anycast services, as the ICMP packet could be delivered to the incorrect host.

• Support for hardware time stamping on VLAN interfaces

  Hardware time stamping can be used on VLAN interfaces, where the hardware and driver module supports this functionality. This feature allows applications, such as linuxptp, to enable hardware time stamping.

• IFDOWN_ON_SHUTDOWN option available in /etc/sysconfig/network

  A new option for use when configuring networking in /etc/sysconfig/network is available. You can set the IFDOWN_ON_SHUTDOWN option to no or to false to prevent all network interfaces from being taken down when the system is shut down. If this parameter is set to the default value of true, network interfaces are taken down during system shut down.

  This option can be useful in preventing mount points that use networked-based file systems, such as NFS, from becoming stale if the network is stopped before the file system is cleanly unmounted.

• More detail in network-scripts error messages for the bonding driver

  Error messages that are related to the failure of bonding driver installation have been made more verbose when using /etc/sysconfig/network-scripts to manage an interface.

The following security features, bug fixes, and enhancements are included in this update:

• Clevis support for TPM 2.0

  The Clevis automated encryption framework that can automatically encrypt or decrypt data or unlock LUKS volumes, is updated to support the encryption of keys in a Trusted Platform Module 2.0 (TPM2) chip. Note that this feature is only available for x86_64 platform systems.

• gnutls version updated to 3.3.29

  The GNU Transport Layer Security package, gnutls, has been upgraded to 3.3.29 to include numerous bug fixes and enhancements. Notably, DSA support has been added to p11tool, providing a stricter requirement around DER encoding to reduce BER rule complexity. In addition, the legacy HMAC-SHA384 cipher is disabled by default, and security improvements have been implemented to counter TLS Cipher Block Chaining (CBC) record padding attacks.

• audit version updated to 2.8.4

  The Linux Audit system is updated to version 2.8.4 to provide bug fixes and enhancements. Notable changes include the addition of a facility to track software updates and installations by using the rpm or yum command. The updated version of audit also includes improvements to remote logging, and an option to dump internal state to /var/run/auditd.state by using the SIGCONT signal. Run the service auditd state command to trigger a dump of the internal state and view the output.

• Package installation and upgrade with rpm can be tracked by using audit events

  The RPM package manager is updated to provide audit events so that software package installation and updates can be tracked by the Linux Audit system. This update also means that software installation and upgrades with the yum command are also tracked.

• SELinux extended_socket_class policy introduced

  The new extended_socket_class policy enables SELinux object classes to support all known network socket address families. The policy also supports separate security classes for ICMP and SCTP sockets that were previously covered in the rawip_socket class.

• SELinux file permission check for mmap() usage

  SELinux can check file permissions on an mmap() system call to prohibit memory mapping for files that require access validation on each subsequent access. This is a requirement in environments where files are often relabeled at runtime to reflect state changes.

The following virtualization features, bug fixes, and enhancements are included in this update:

• Paravirtualized clock support

  The paravirtualized sched_clock() function is now integrated into RHCK and enabled by default. The paravirtualized clock is also available in the UEK release. The addition of this support improves the performance of Oracle Linux virtual machines that are running on some hypervisors, such as KVM, which supports this functionality in the kvm_clock driver.

• QEMU guest agent diagnostics enhanced

  New QEMU guest agent commands have been added to improve diagnostic capabilities that are in line with Virtual Desktop and Server Management daemon requirements. These improvements include the addition of the following commands: qemu-get-host-name, qemu-get-users, qemu-get-osinfo, and qemu-get-timezone.

• VNC console support for GPU-based mediated devices

  GPU-based devices, including NVIDIA vGPU, can now be used for the real-time rendering of a virtual machine's graphical output through a VNC console.

Features that are currently under technology preview when using UEK R4U6 are described in Unbreakable Enterprise Kernel: Release Notes for Unbreakable Enterprise Kernel Release 4 Update 6 (4.1.12-112).

For RHCK, the following features are currently under technology preview:

• Systemd: Importd features for container image imports and exports.

• File Systems:

  • Block and object storage layouts for parallel NFS (pNFS).

  • DAX (Direct Access) for direct persistent memory mapping from an application. This feature is under technical preview for the ext4 and XFS file systems.

  • ima-evm-utils package, which provides utilities for labeling file systems and verifying the integrity of the system at run time.

  • OverlayFS remains in technical preview.

• Kernel:

  • Heterogeneous memory management (HMM).

  • No-IOMMU mode virtual I/O feature.

• Networking:

  • Cisco VIC InfiniBand kernel driver, which provides similar functionality to RDMA on proprietary Cisco architectures.

  • nftables and libnftnl network filtering and classification functionality.

  • Single-Root I/O virtualization (SR-IOV) in the qlcnic driver.

  • Support for a Cisco proprietary User Space Network Interface Controller in UCM servers provided in the libusnic_verbs driver.

  • Trusted Network Connect support.

• Storage:

  • Multi-queue I/O scheduling for SCSI (scsi-mq). This functionality is disabled by default.

  • Plug-in for the libStorageMgmt API used for storage array management. The libStorageMgmt API is now fully supported, but the plug-in is under technology preview.

Oracle Linux maintains user-space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version that underlies the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 5 (UEK R5) and no re-certifications are needed for RHEL certified applications.

To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R5 will remain unchanged in all subsequent updates to the initial release. UEK R5 contains changes to the kernel ABI relative to UEK R4 that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor.