You are on page 1of 38

Red Hat Enterprise Linux 6

Migration Guide
Migrating to Red Hat Enterprise Linux 6

Migration Guide Draft

Red Hat Enterprise Linux 6 Migration Guide
Migrating to Red Hat Enterprise Linux 6
Edition 0.5

Author

Copyright © 2010 Red Hat, Inc..

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons
Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available
at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this
document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,
Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity
Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

All other trademarks are the property of their respective owners.

1801 Varsity Drive
Raleigh, NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588 Research Triangle Park, NC 27709 USA

This guide documents migration of systems running Red Hat Enterprise Linux 5 to Red Hat Enterprise
Linux 6.

Please note: This document is still under development, is subject to heavy change, and is provided
here as a preview. The content and instructions contained within should not be considered complete,
and should be used with caution.

Draft Draft

1. Introduction 1
1.1. Red Hat Enterprise Linux 6 .......................................................................................... 1

2. Installation 3
2.1. Kernel and Boot Options .............................................................................................. 3
2.2. Graphical Installer ........................................................................................................ 3
2.2.1. Devices and Disks ............................................................................................. 3
2.2.2. Networking and Kickstart ................................................................................... 4
2.3. Text-Based Installer ...................................................................................................... 4
2.4. USB media creation and installation .............................................................................. 5

3. Storage and File Systems 7
3.1. RAID ........................................................................................................................... 7
3.2. ext4 ............................................................................................................................. 7
3.3. btrfs ............................................................................................................................. 8
3.4. fusecompress ............................................................................................................... 8

4. Networking and Services 9
4.1. Interfaces and Configuration ......................................................................................... 9
4.2. IPTables/Firewalls ......................................................................................................... 9
4.3. BIND ........................................................................................................................... 9
4.4. DNSSEC ..................................................................................................................... 9
4.5. Apache ........................................................................................................................ 9
4.6. Samba ......................................................................................................................... 9
4.7. Mail ............................................................................................................................. 9
4.7.1. Sendmail ........................................................................................................... 9
4.7.2. exim-sa ........................................................................................................... 10
4.7.3. Postfix ............................................................................................................. 10
4.7.4. Dovecot .......................................................................................................... 10
4.8. MySQL ...................................................................................................................... 10
4.9. PostgreSQL ............................................................................................................... 11
4.10. Drupal ...................................................................................................................... 11
4.11. Squid ....................................................................................................................... 11
4.12. Bluetooth .................................................................................................................. 11
4.13. Service Initialisation .................................................................................................. 12

5. Command Line Tools 13
5.1. grep ........................................................................................................................... 13

6. Virtualization 15
6.1. Migrating fully-virtualized guests .................................................................................. 15
6.1.1. Preparation and host configuration .................................................................... 15
6.1.2. Upgrade procedure .......................................................................................... 15
6.1.3. Post-upgrade procedure ................................................................................... 15
6.2. Migrating para-virtualized guests ................................................................................. 15
6.2.1. Preparation and host configuration .................................................................... 15
6.2.2. Upgrade procedure .......................................................................................... 15
6.2.3. Post-upgrade procedure ................................................................................... 15

7. System Configuration 17
7.1. sysconfig .................................................................................................................... 17

8. Desktop 19

9. Security and Authentication 21

iii

.......................... System Configuration Tools Changes ....... Revision History 33 iv .....................2................................................Migration Guide Draft 9............ Package Management 23 10........2.................1........... SELinux ...1............................................4..................................4.......2..............3.......... 29 12.....yum/pup .... New signing key ..............5..................... 22 9................ 21 9........ 29 12.................1.......3...................................... 22 10........................ Systemtap ............... Converting slapd configuration ........................ RHN Package Updater ................. 31 A................... LDAP .................................................................... SSSD ........................ Bash (Bourne-Again Shell) ......................................... 22 9..... 25 12............ Package And Driver Changes 27 12......................................................................................................... Driver Changes .................................. Other Package Changes .................................................1... 27 12....................................... System Monitoring and Kernel 25 11...... Checksums ...............................3............................................................................................................................................ Pluggable Authentication Modules (PAM) ....................... 23 10................... 23 11..................................................................................................................... 21 9.............................. 21 9......1...................................................

Reliability. 1. mobile support [RFC 3775]. Next Generation Networking Comprehensive IPv6 support (NFS 4.Draft Chapter 1. Availability. systems and the overall Red Hat open source experience. The following are some of the many improvements and new features that are included in this release: Power Management Tickless kernel and improvements through the application stack to reduce wakeups. designed for mission-critical enterprise computing and certified by top enterprise software and hardware vendors. 1 . iSCSI. ALPM). CIFS. From the desktop to the datacenter. delivers continuous value and is certified by top enterprise hardware and software vendors. and a new and improved mac80211 wireless stack. This guide is however not designed to explain all new features: it is focused on changes to the behavior of applications or components which were part of Red Hat Enterprise Linux 5 and have changed in Red Hat Enterprise Linux 6 or whose functionality has been superseded by another package. FCoE. ISATAP support). Power Management (ASPM. and adaptive system tuning by Tuned. It is sold by subscription. Red Hat Enterprise Linux 6 Red Hat Enterprise Linux is the leading platform for open source computing. This release is available as a single kit on the following architectures: • i386 • AMD64/Intel64 • System z • IBM Power (64-bit) In this release. Enterprise Linux couples the innovation of open source technology and the stability of a true enterprise-class platform. power consumption measurement by Powertop. This guide is intended to increase ease of use of Red Hat Enterprise Linux 6 by providing guidelines for changes in the product between Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat brings together improvements across the server. Draft Introduction The Migration Guide documents the migration of any version of a Red Hat Enterprise Linux 5 installation to Red Hat Enterprise Linux 6 by highlighting key behavioral changes worthy of note when migrating.1. and Serviceability System level enhancements from industry collaborations to make the most of hardware RAS capabilities and NUMA architectures. Red Hat Enterprise Linux 6 is the next generation of Red Hat's comprehensive suite of operating systems.

glibc (version 2. Enterprise Security Enhancement SELinux includes improved ease of use. Virtualization KVM includes performance improvements and new features. scalability. ABRT (simple collection of bug information).3). application sandboxing.11. while SSSD provides unified access to identity and authentication services as well as caching for off-line use. and xfs offers robustness. vms.1).1). sVirt protects the host. Introduction Draft Fine-grained Control and Management Improved scheduler and better resource management in the kernel via Completely Fair Scheduler (CFS) and Control Groups (CG). and data from a guest breach. and libvirt leverages kernel CG controller functionality. Development and Runtime Support SystemTap (allows instrumentation of a running kernel without recompilation). and high-performance.Chapter 1. and GDB (version 7. and improvements to GCC (version 4. Scalable Filesystems ext4 is the default filesystem. and significantly increased coverage of system services. SRIOV and NPIV deliver high performance virtual use of physical devices.0.4. 2 .

then Anaconda provides a warning that these partitions need to be labelled. If your RAID controller is not yet supported by mdraid. and has changed to /dev/sdX. you may need to migrate the disk to Logical Volume Manager (LVM). so Anaconda now allows you to use the ext4 file system on any partition. Depending on which release of Red Hat Enterprise Linux 5 you are migrating from. • If you have difficulties with this installation not detecting a Smart Array card. you may combine drives into RAID arrays by configuring Linux software RAID. Draft Installation This section outlines changes relating to installation of Red Hat Enterprise Linux 6 which are new or different from the installation of Red Hat Enterprise Linux 5. Anaconda uses the new libata driver in the same fashion as the rest of Red Hat Enterprise Linux.2. • Not all IDE RAID controllers are supported.1. If these labels are not present. For supported controllers. Devices and Disks • Use of the /dev/hdX device name is deprecated on the i386 and x86_64 architecture for IDE drives.2. including the /boot and root partitions. not all of the options and techniques listed here may be relevant to your environment. 2. as they may already be present in your Red Hat Enterprise Linux 5 environment. Systems that use Logical Volume Management (LVM) and the device mapper usually do not require relabeling. so it is unable to detect more than 15 partitions on an IDE disk during the installation or upgrade process. • The rdloaddriver kernel parameter is now needed to define the order of module loading. This option runs the Memtest86 stand alone memory testing software in place of the Anaconda system installer. Anaconda solves this problem by relying on partition labels. enter linux isa at the installer prompt. • Whereas older IDE drivers supported up to 63 partitions per device. If you are upgrading a system with more than 15 partitions. Graphical Installer This section describes what behaviors have changed in the graphical installer. SCSI devices are limited to 15 partitions per device.Draft Chapter 2. This change does not apply to the PPC architecture. 2. Once started. instead of the old scsi_hostadapter option. 2. Kernel and Boot Options • You may perform memory testing before you install Red Hat Enterprise Linux by entering memtest86 at the boot: prompt. This lets you manually select the required card. Memtest86 memory testing runs continually until the Esc key is pressed. including the root file system. configure the RAID functions in the computer BIOS.1. 3 . • The version of GRUB included in Red Hat Enterprise Linux 6 now supports ext4. • Support is included for installation to encrypted block devices. • A change in the way that the kernel handles storage devices means that device names like /dev/ hdX or /dev/sdX may differ from the values used in earlier releases.

3. Text-Based Installer The text-mode installation option in Red Hat Enterprise Linux 6 is significantly more streamlined than it was in earlier versions. an error may occur that indicates the file could not be retrieved. The main network interface configuration screen in Anaconda has been removed. As a workaround.iso to boot the installer.img file also needs to be extracted and/or placed into the nfs:server:/path/images/ directory. The askmethod option causes the source selection screen to appear as it did in previous releases. This can cause the installer to attempt to use a different network interface than was initially used by PXE. use the following in pxelinux. • When PXE booting and using a . Click the OK button several times without making modifications to override this error successfully. • Some systems with multiple network interfaces may not assign eth0 to the first network interface as recognized by the system BIOS. You can also use the following option. If you do not wish to use the mirrorlist URL. relating to networking and automated installations (Kickstart). which will cause the installer to use the first network device it finds that is linked to a network switch: ksdevice=link • The /tmp/netinfo file used for Kickstart network information has been removed.cfg/* configuration files: IPAPPEND 2 APPEND ksdevice=bootif • The configuration option above causes the installer to use the same network interface as the system BIOS and PXE use. The method selection screen no longer appears by default. • Anaconda is now using NetworkManager for configuration of network interfaces during installation. 2. use one of the other supported methods to retrieve Kickstart configurations. and stores configuration in the ifcfg files in /etc/ sysconfig/network-scripts/. Text-mode installation now omits the more complicated steps that were 4 . add repo=nfs:server:/path/ to the command line. Anaconda defaults to using the Red Hat Enterprise Linux mirrorlist URL as the installation source.iso file mounted via NFS for the installation media. To change this behavior. Users are only prompted for network configuration details if they are necessary during installation. Anaconda now uses NetworkManager for interface configuration. Installation Draft 2. Networking and Kickstart This section describes what behaviors have changed in the graphical installer.2. The settings used during installation are then written to the system for later use. It is possible to use this new location as a source of network settings for %pre and %post scripts. • When using a Kickstart configuration file via HTTP. • When using netinst. The install. either add repo=your-installation-source or add askmethod to the installer boot parameters.2.Chapter 2.

However. encrypted filesystems. ready to install updates and new packages. It has been consolidated into a single boot. because package selection. however the image files that are distributed have changed slightly from some versions of Red Hat Enterprise Linux 5. advanced partitioning. • Anaconda now performs bootloader configuration automatically in the text-based installer. This sections describes the changes in behavior when using the text-based installer: • Anaconda now automatically selects packages only from the base and core groups. You must therefore ensure that the kickstart file includes the packaging.iso file from the images/ directory of the Red Hat Enterprise Linux 6 file tree.iso file. You can choose to use a whole drive. 1. such as logical volume management (LVM). These packages are sufficient to ensure that the system is operational at the end of the installation process. and make sure that this disk or storage device does not contain any data that you want to keep. This section describes how to create and install from USB media. If the media has a volume name. Instructions The images/diskboot. Find the device name for your USB media. and provides you with an uncluttered and straightforward experience. partitioning. • Anaconda still presents you with the initial screen from previous versions that allows you to specify where anaconda should install Red Hat Enterprise Linux on your system.Draft USB media creation and installation previously part of the process. anaconda now automatically sets the layout of the partitions and does not ask you to add or delete partitions or file systems from this basic layout. More advanced options yet. Make sure that you specify the correct disk or USB storage device. However. or to use the free space on the drive. Introduction It is possible to install Red Hat Enterprise Linux 6 from USB media ("flash drive"). and you need the boot. and bootloader configuration are now automated in text mode. and bootloader configurations.img file is no longer included in Red Hat Enterprise Linux 6. USB media creation and installation These instructions could destroy data If you perform this procedure with a disk or USB storage device that already contains data. look up the name in /dev/disk/by-label. this data will be destroyed with no warning. Plug in your USB media. and resizable filesystems are still only available only in graphical mode and kickstart. you should perform a graphical installation over a VNC connection or a kickstart installation. • Text-mode installations using kickstart are carried out in the same way that they were in previous versions.4. 2. To prepare and install from USB media you must have the syslinux package installed. If any of this information is missing. anaconda will exit with an error message. or use the findfs command: 5 . 2. to remove existing Linux partitions. anaconda cannot prompt you for information that it requires during these steps. If you require a customized layout at installation time.

Installation Draft su -c 'findfs LABEL="MyLabel"' If the media does not have a volume name. 6 . consult the /var/log/ messages log for details: su -c 'less /var/log/messages' 3.iso of=device' where /path/to/image/file is the location of the image file that you downloaded and device is the USB media device.Chapter 2. Use the dd command to write the ISO image to the media: su -c 'dd if=/path/to/image/file/imagefile. or you do not know it.

you may install Red Hat Enterprise Linux 6 with the ext4migrate boot option if you wish to convert your legacy ext3 partitions to ext4. Draft Storage and File Systems 3. This section explains the major changes in behaviour that this new file system introduces. • Multiblock allocation is a new file block allocation method that provides faster write speeds. This is done so that these file systems will be recognized as regular ext4 file systems. 3. RAID Upgrades from DM RAID to MD RAID Performing an upgrade from DM RAID (RAID sets configured using the dmraid command) to MD RAID (with the mdadm command) is not supported. • File size limit is sixteen terabytes (16 TB). However. • Delayed allocation of blocks provides better performance and less fragmentation. It is important to note that by doing this you will not receive all of the benefits ext4 offers.2. • In some cases. A warning will be displayed when an upgrade of this type is attempted. • Extents increase performance. • The included version of the GRUB bootloader provides full support for ext4 partitions. New data will however make use of extents. Passing this boot 7 .Draft Chapter 3. The test_fs feature flag identifying these file systems as a development version can be removed with the following command: tune2fs -E ^test_fs. Behavioral changes Red Hat Enterprise Linux 6 provides full support for ext4 and it is the default file system for new installations. • No limit on number of sub-directories. • The included version of the e2fsprogs package is fully compatible with ext4. including: • File system size limit increased to one exabyte (1 EB).3 with the e4fsprogs package created an ext4dev file system type. ext4 filesystems created under Red Hat Enterprise Linux 5. The installer also allows you to place any /boot file system on an ext4 partition. ext4 Features ext4 is a new file system that brings significant new features and performance enhancements. since the data currently residing on the partition will not make use of the extents features and other changes. Migration from ext3 It is recommended that those wishing to make use of ext4 start with a freshly formatted partition. especially when using large files.1.

the fusecompress_offline1 package is required.Next-generation Linux file system Red Hat Enterprise Linux 6 makes btrfs. Red Hat Enterprise Linux 6 includes an updated version that fixes several bugs but changes the on-disk format.4. To enable btrfs. 8 . the grub package does not yet support booting from a btrfs partition. Storage and File Systems Draft option to migrate to ext4 is not recommended and it is strongly recommended that you back up file systems before attempting this migration. 3. The on-disk format may yet change and much functionality is still missing such as a fully operational file system checking method (fsck) or even proper out-of-space handling. Unless decompression is performed before upgrading.Chapter 3. 3. fusecompress fusecompress Fusecompress is a compressing filesystem mountable by unprivileged users. Users with existing fusecompress filesystems will need to migrate their data to the new format. btrfs btrfs .3. the next-generation Linux file system available as a technology preview. Users are warned that btrfs is still experimental and under heavy development. Also. ext2/3/4 should be used for the /boot partition if you wish to test btrfs. pass icantbelieveitsnotbtr as a boot option.

IPTables/Firewalls TBD 4. To grant sendmail the ability to act as a server for remote hosts.se. BIND TBD 4. The package name has changed in Red Hat Enterprise Linux 6 to reflect its functionality more accurately. when a domain supplies DNSSEC data (such as . 4. . sendmail by default only accepts connections from the local system (localhost). Mail TBD 4. 4.gov. and is an important step in making the Internet more secure for end users. the sendmail Mail Transport Agent (MTA) accepted network connections from external hosts by default. With DNSSEC enabled. unbound (recursive) DNS servers now have DNSSEC validation in their default configuration.7.conf. In Red Hat Enterprise Linux 6.1. and is fully supported in Red Hat Enterprise Linux 6. The Infiniband functionality is now distributed in the rdma package. Draft Networking and Services TBD 4. the ENUM zone or other TLD).org DLV Registry.4. This behavior can be modified in /etc/sysconfig/dnssec by changing the DNSSEC and DLV settings. The service is now called rdma. DNSSEC Lookaside Verification (DLV) is also enabled with the dlv.Draft Chapter 4. then that data will be cryptographically validated on the recursive DNS server. If validation fails due to attempts at cache poisoning.conf file) was provided by the openib package in Red Hat Enterprise Linux 5. and the configuration file is located at /etc/rdma/rdma.1.5.2. Samba TBD 4.3. DNSSEC deployment is now a widely-implemented feature. Interfaces and Configuration Infiniband support (specifically the openib start script and the openib. Apache TBD 4.6. DNSSEC As well as BIND. then the end user will not be given this forged/spoofed data.sc. perform one of the following steps: 9 .7. Sendmail In some releases of Red Hat Enterprise Linux 5.

exim-sa The exim-sa package is deprecated. The resulting apr-util-mysql package is now included in the Red Hat Enterprise Linux 6 software repositories. The master configuration file /etc/dovecot. you can test your configuration and list which options have been renamed. Since the sa_exim feature was not enabled in the default configuration.7.d/*.7.exim.mc and change the DAEMON_OPTIONS line to also listen on network devices • Comment out the DAEMON_OPTIONS line in /etc/mail/sendmail. or otherwise changed in this new version with the following command: doveconf [-n] -c /old/dovecot.mc. 10 . However. however. The majority of the configuration is the same and is compatible with this new version. Postfix TBD 4. Users who have modified their configuration to use sa_exim features should either reconfigure to use Exim's full content scanning abilities or rebuild the package for themselves to include the exim-sa subpackage.org/exim-html-current/doc/html/spec_html/ch40. the package can normally be safely uninstalled to allow Exim to be upgraded.x has changed. Then install the sendmail- cf package and regenerate /etc/mail/sendmail. refer to the Exim documentation: http://www.conf and other parts of Dovecot configuration have moved to /etc/dovecot/conf.3.8. that functionality is rather limited. Networking and Services Draft • Edit /etc/mail/sendmail.4. exim-sa was used as the original implementation of SpamAssassin integration with Exim.conf.Chapter 4.7. and was functionally similar to sendmail milters or postfix filters.2. removed. Dovecot Dovecot configuration The configuration for Dovecot 2. fully integrated into its general-purpose Access Control Lists.conf has moved to /etc/dovecot/dovecot.html 4.cf by running the following commands: su -c 'yum install sendmail-cf' su -c 'make -C /etc/mail' 4. and Exim now has far better support for content checking. For further details on Exim's built-in content scanning. MySQL DBD Driver The MySQL DBD driver has been dual-licensed and the related licensing issues have been resolved.conf 4.

due to changes in the data format.Draft PostgreSQL 4. refer to: http://drupal. Squid does not require the setting of the setuid flag for these helpers. and repeat for any additional sites' settings. Bluetooth Bluetooth Service On Demand In order to support Bluetooth devices.2. Upgrading Databases Before upgrading an existing Red Hat Enterprise Linux 6 system with a PostgreSQL database.4/interactive/ install-upgrading. 4.2 Remember to log in to your site as the admin user.php files. This change has been made because of the security risks present when running setuid flags. Squid Squid has been updated. and disable any third-party modules before upgrading this package. the Bluetooth service is started on demand when needed and automatically stops 30 seconds after the use of the device has stopped. For more information.12. refer to the Squid release notes. For details.postgresql. the Bluetooth background service was started by default in previous versions of Red Hat Enterprise Linux. it could be necessary to follow the procedure described here: http://www.x series to 6.10. Drupal Drupal has been updated from the 5.postgresql.11. Otherwise the data may be not accessible by the new version of PostgreSQL. as elevated privileges were needed to access system files needed for authentication. The permissions of these helpers has changed in Red Hat Enterprise Linux 6.org/drupal-6. 11 . The configuration files are not entirely backwards compatible with some older versions. In this release. refer to http:// wiki. PostgreSQL New Release This release includes an updated version of PostgreSQL.org/docs/8.php to run the upgrade script. Previous releases enabled the setuid flag for the ncsa_auth and pam_auth.php. This reduces overall initial startup time and resource consumption.9. Squid provides the ability to authenticate users via ncsa_auth and pam_auth helpers. Normal functionality has been maintained without setting these flags.php.rpmsave to /etc/drupal/default/ settings. 4. Now. 4. For further details. After upgrading the package: • Copy /etc/drupal/default/settings. • Browse to http://host/drupal/update.html. in Red Hat Enterprise Linux 6.org/wiki/WhatsNew84.

13.Chapter 4. Upstart is very well documented via man pages. 12 . Upstart provides the following behavioral changes in Red Hat Enterprise Linux 6: • /etc/inittab is used only for setting up the default runlevel. • File descriptor limit can also now be changed on a per-service basis. • Active virtual consoles are set by the ACTIVE_CONSOLES variable (such as ACTIVE_CONSOLES=/dev/tty[1-6]) in /etc/sysconfig/init and they are run by /etc/init/ start-ttys. Upstart The upstart package provides Upstart. The changes in xinetd are related to the allowed limit of open file descriptors: • The listening mechanism has changed from select() to poll(). With this change. the limit of open file descriptors used by xinetd can be changed.conf. This can be done in the configuration file for the service via the rlimit_files directive. Service Initialisation xinetd Xinetd is the parent daemon in Red Hat Enterprise Linux used to start network services on demand. The value can be a positive integer or UNLIMITED. Other configuration is done via upstart jobs in the /etc/init directory. • Primary serial console is handled by /etc/init/serial. an event-based replacement for the /sbin/init daemon that handles the starting of tasks and services during boot. Command overview is in init(8) and job syntax is described in init(5). stopping them during shutdown and supervising them while the system is running.conf. Processes are known to Upstart as jobs and are defined by files in the /etc/init directory. Networking and Services Draft 4.

in Red Hat Enterprise Linux 6.[[:upper:]] format.Draft Chapter 5. This change can significantly affect output. 13 . the recommended way of interval searching is to use the [[:lower:]]. grep The behavior of the grep command has changed with regards to searching for upper and lower case strings.1. You can set LC_COLLATE=C to preserve old behavior and to achieve proper results when performing interval searching with this method. 5. so scripts and processes should be reviewed to continue to achieve the correct results. Draft Command Line Tools This section descibes the behavioral changes of command-line tools in Red Hat Enterprise Linux 6. however. Using interval searching in the [a-z] format is dependent on the LC_COLLATE variable.

14 .

Upgrade procedure TBD 6.2.1.1.2. Draft Virtualization 6. Preparation and host configuration TBD 6.3. Migrating para-virtualized guests TBD 6.1.1.2.2.1. Migrating fully-virtualized guests TBD 6.3. Preparation and host configuration TBD 6.1. Upgrade procedure TBD 6. Post-upgrade procedure TBD 15 .2. Post-upgrade procedure TBD 6.2.Draft Chapter 6.

16 .

Draft System Configuration TBD 7. sysconfig TBD 17 .1.Draft Chapter 7.

18 .

Draft Desktop TBD 19 .Draft Chapter 8.

20 .

Those applications therefore no longer need to make their own connections to remote domains. allowing two or more identity servers to act as separate user namespaces. Samba. it will offer the opportunity to organize user information better. LDAP. For performance and scalability reasons.2. 9. and PAM.3. SSSD runs as a suite of services. etc. The following section details an example on how to convert the old configuration file to work with the new directory: 1 http://www. offers improved performance.. The slapd configuration in Red Hat Enterprise Linux 6 is now stored in a special LDAP directory (/etc/ openldap/slapd.html#Configuration%20Layout 21 . NIS. In previous versions. Collected information is available to applications on the front-end through standard PAM and NSS interfaces. including SELinux. or even be aware of which is being used. multiple LDAP providers) and allows domain-qualified identity requests to be resolved by those different providers. 9. Multiple identity providers are supported. which may serve as the source of a provider’s identity information. As such. The long-term plan is that SSSD will operate as a unified source of identity information. knowing a keyboard layout before login can simplify the authentication process). Draft Security and Authentication This chapter covers behavioral changes for security and authentication.Draft Chapter 9. IPA. Robust local caching of identity and group membership information allows operations regardless of where identity comes from (e. SSSD also allows the use of multiple providers of the same type (e.. A domain is a database containing user information.. DB..conf file. slapd was configured via the /etc/openldap/slapd. SSSD SSSD (System Security Services Daemon) offers access to remote identity and authentication mechanisms. abstracting the local and network identity and authentication sources and allowing any kind of identity data provider to be plugged in. independent of the applications that use it.d/) with a pre-defined schema and Directory Information Tree (DIT).org/doc/admin24/slapdconf2. NSS and PAM responders) running in the context of the SSSD.1.g. Over time. normalized information via a D-BUS interface that is designed to meet application needs. LDAP OpenLDAP The configuration required for the OpenLDAP service has changed in Red Hat Enterprise Linux 6. It allows those providers to be plugged in as SSSD back-ends.org . referred to as providers. Checksums.openldap. SSSD will evolve to offer richer.g. SSSD. Further 1 details of this configuration schema can be found at openldap.). LDAP.g. SELinux TBD 9. and make it available during authentication (e. and allows authentication to be performed even when operating offline and online authentication is unavailable. the NSS and PAM modules provided by SSSD are thin and just pass information to special daemons (viz.

Authentication modules are now also written into additional PAM configuration files: /etc/pam. Security and Authentication Draft 9.1. Checksums Red Hat Enterprise Linux now uses the SHA-256 digest algorithm for data verification and authentication in more places than before.d/ password-auth-ac. etc/pam.d • Once the service is confirmed to be working in the new configuration directory.conf -F /etc/openldap/slapd.conf and the new directory for OpenLDAP configuration is located at /etc/ openldap/slapd.d/ directory: # rm -rf /etc/openldap/slapd. remove the old configuration file: rm -rf /etc/openldap/slapd. The PAM module for sshd and other remote services such as ftpd now include the /etc/pam.3.d/fingerprint- auth-ac.d/system-auth-ac file.4. 9.Chapter 9. 22 .d/smartcard-auth-ac and /etc/pam. upgrading from the cryptographically weaker SHA-1 and MD5 algorithms.d chmod -R 000 /etc/openldap/slapd.d/system-auth. Pluggable Authentication Modules (PAM) Common configuration for PAM services is located in the /etc/pam. • Remove the contents of the new /etc/openldap/slapd.5.d/* • Run slaptest to check the validity of the configuration file and specify the new configuration directory: slaptest -f /etc/openldap/slapd.d • Configure permissions on the new directory: chown -R ldap:ldap /etc/openldap/slapd.d/.d/ password-auth file in Red Hat Enterprise Linux 6 instead of /etc/pam.d chmod -R u+rwX /etc/openldap/slapd.conf 9. Converting slapd configuration This example assumes that the file to convert from the old slapd configuration is located at /etc/ openldap/slapd.

1.2. Draft Package Management TBD 10. New signing key TBD 10.Draft Chapter 10.yum/pup TBD 23 . RHN Package Updater .

24 .

1.Draft Chapter 11. Systemtap TBD 25 . Draft System Monitoring and Kernel TBD 11.

26 .

Draft Chapter 12. Comprehensive BIND documentation is installed as part of the bind package in /usr/share/doc/ bind-x. Full documentation for configuring GRUB can be found at the GRUB homepage: http:// www. system-config-boot The system-config-boot tool allowed graphical configuration of the GRUB bootloader. sample configurations can be found in the /usr/share/doc/bind-x.y. or the packages and drivers may represent out-of- date hardware and are removed. The default GRUB configuration is sufficient for many users. generate standard BIND configuration. Editing the name server configuration manually via the named. system-config-cluster The system-config-cluster tool has been deprecated and removed without replacement. so depending on your environment it is possible to migrate to the version of BIND found in Red Hat Enterprise Linux 6 by moving old configuration files to the correct location and performing sufficient testing.gnu. as well as those that have been deprecated and discontinued (removed).conf) in the default X server installation as display management is now done dynamically via one of the following menu options: GNOME: System -> Preferences -> Display KDE: System Settings -> Computer Administration -> Display 27 . Also. and ricci and luci (from the conga project) is recommended. This chapter lists the new and updated packages and drivers in Red Hat Enterprise Linux 6.y. Draft Package And Driver Changes The list of included packages and system drivers undergoes regular changes in Red Hat Enterprise Linux releases. This is done for a number of reasons: packages and drivers are added or updated in the operating system to provide new functionality.conf file.z/ sample directory. The upstream project for the packages and drivers might no longer be maintained.z. however if manual changes are required.conf file is recommended in Red Hat Enterprise Linux 6. In Red Hat Enterprise Linux 6 it has been deprecated and removed without replacement. the boot configuration can be accessed and changed in the grub.1. located in the /boot/grub directory. or hardware-specific packages and drivers are no longer supported by a hardware vendor and are removed. The system-config-bind tool from previous versions does. however. Using ctdb with Samba configurations. There is no explicit configuration file (xorg. System Configuration Tools Changes system-config-bind The system-config-bind tool has been deprecated and removed without replacement. 12.org/software/grub/. system-config-display The system-config-display tool has been replaced by XRandr configuration tools as found in both supported desktops: GNOME and KDE.

The main configuration file is located at /etc/httpd/conf/httpd. The root password can be set in the system-config-users tool by unchecking the "Hide system users and groups" option in the Preferences dialog. Package And Driver Changes Draft Note: The command line utility (xrandr) can be also used for display configuration. however if required. system-config-securitylevel The system-config-securitylevel tool has been obsoleted by the system-config-firewall tool. system-config-rootpassword The system-config-rootpassword tool has been replaced by the system-config-users tool .org/NetworkManager/. system-config-netboot The system-config-netboot tool has been deprecated and removed without replacement.gnome. system-config-samba The system-config-samba tool has been deprecated and removed without replacement. Sound card detection and configuration is done automatically. system-config-soundcard The system-config-soundcard tool has been removed. is recommended. Configuration can be done in the /etc/httpd directory. Using Cobbler. system-config-nfs The system-config-nfs tool has been deprecated and removed without replacement. This file is well documented with detailed comments in the file for most server configurations.a modern and powerful network configuration tool. Users should configure web servers manually.conf. The root user will now be shown in the main listing. See the xrandr --help command or the manual page via the man xrandr command for further details. system-config-httpd The system-config-httpd tool has been deprecated and removed without replacement. Users should set up NFS server configuration manually. See the NetworkManager home page for further information: http://projects. NetworkManager-applet (nm-applet) is installed by default in both supported desktop environments and can be found in the system tray panel area. 28 . the complete Apache web server documentation is shipped in the httpd-manual package. system-config-network The system-config-network tool has been replaced by NetworkManager .Chapter 12. system-config-lvm The system-config-lvm tool has been deprecated.a powerful user management and configuration tool. Users should perform management of logical volumes via the gnome-disk-util or the lvm tools. a Linux installation server. Users should set up SMB server configuration manually. and the password can be modified like any other user.

0 and later. the shell acts as if it received the interrupt. • Since Bash-4. and each process subsitution will have to be separately entered. so programmable completion and readline should be more consistent.1 uses the current locale when comparing strings using operators to the [[ command. which also causes variables to be set to the empty string if there is not enough input. Previous versions discarded the characters read.0 behavior attempts to capture the consensus at the time of release. • In Bash-4. rather than the set of shell metacharacters. • The programmable completion code uses the same set of delimiting characters as readline when breaking the command line into words.1 of Bash as its default shell. as Posix specifies. Postfix is the preferred and default MTA (Mail Transfer Agent) in Red Hat Enterprise Linux 6. (source) builtin to search the current directory for its filename argument. This can be reverted to the previous behavior by setting one of the compatNN shopt options.0 and later now follows Posix rules for finding the closing delimiter of a $() command substitution. • Bash-4. when one of the commands in a pipeline is killed by a SIGINT while executing a command list. it will not behave as previous versions did. • Bash-4. • Bash-4. This is not as Posix specifies. even if ". it attempts to assign any input read to specified variables. • Bash-4. • When the read builtin times out. so the SIGCHLD trap is no longer always invoked once per exiting child if you are using `wait' to wait for all children. 12. If you are using another MTA. Posix says that the shell shouldn't look in the PWD variable in this case.0 and later now allows process substitution constructs to pass unchanged through brace expansion.3. it should be configured manually according to its specific configuration files and techniques. so any expansion of the contents will have to be separately specified.0 and later now allows SIGCHLD to interrupt the wait builtin.Draft Bash (Bourne-Again Shell) system-config-switchmail The system-config-switchmail tool has been deprecated and removed without replacement.0 and later fixes a Posix mode bug that caused the . Other Package Changes New Packages TBD 29 .0 and later versions change the handling of the set -e option so that the shell exits if a pipeline fails (and not just if the last command in the failing pipeline is a simple command). There is work underway to update this portion of the standard. but will catch more syntax and parsing errors before spawning a subshell to evaluate the command substitution.2. • Bash-4. 12." is not in the system PATH. Bash (Bourne-Again Shell) Red Hat Enterprise Linux 6 includes version 4. the Bash-4. This section describes the compatibility issues that this version introduces over previous versions.

Chapter 12. Discontinued Package Replaced By amanda-server aspell hunspell. Table 12.3 30 . Can still be used if manually created. AMD Family 11h processors. Applications that want to use spell- checking must use hunspell. Cell-specific packages no longer supported by IBM libspe2-devel None. Package And Driver Changes Draft Updated Packages The following table lists updated packages in Red Hat Enterprise Linux 6 and a description of noteworthy changes.2 openmotif-2. Updated Package Discontinued Packages The following table lists discontinued (removed) packages in Red Hat Enterprise Linux 6 and their replacements.5. and the Instruction Based Sampling (IBS) feature in AMD Family 10h. beecrypt NSS/OpenSSL crash-spu-commands None.conf does not exist by default. pam_ldap openmotif-2.1. aspell is only provided as a build dependency.9. This newer version includes support for Intel Atom and i7 processors. Cell-specific packages no longer supported by IBM linuxwacom xorg-x11-drv-wacom mkinitrd dracut nss_ldap nss_pam_ldapd. module-init-tools /etc/modprobe. Updated Packages Description OProfile OProfile has been updated to 0. Cell-specific packages no longer supported by IBM gnbd iSCSI recommended for use instead gnome-vfs gvfs ipsec-tools Openswan kmod-gnbd iSCSI recommended for use instead lam openmpi libspe2 None. Cell-specific packages no longer supported by IBM dhcpv6/dhcpv6-client dhcp/dhclient binaries now have IPv6 capability built in elfspe2 None.

however gcj is not likely to be included in future releases. Please note that all drivers are now loaded to initramfs by default. Cell-specific packages no longer supported by IBM switchdesk The session management performed by both supported session managers: GDM and KDM syslog rsyslog SysVinit upstart vixie-cron cronie Table 12.Included in Red Hat Enterprise Linux 6 for performance reasons.2. Driver Changes This section describes the driver changes in Red Hat Enterprise Linux 6. 12.4. New Drivers TBD Updated Drivers TBD Discontinued Drivers • aic7xxx_old • atp870u • cpqarray • DAC960 • dc395x • gdth • hfs • hfsplus 31 .Draft Driver Changes Discontinued Package Replaced By pidgin empathy RPM Tools TBD spu-tools None. Discontinued Packages Deprecated Packages • qt3 • GFS1 • gcj .

one that includes PAE. Hence in Red Hat Enterprise Linux 6. • HFS .Network Block Device supplanted by iSCSI in Red Hat Enterprise Linux 6. • Tux . It is replaced by the CFQ (Completely Fair Queueing) I/O scheduler.Previous versions of Red Hat Enterprise Linux contained multiple kernels for the i686 architecture: a kernel with. 32 . Customers using the Anticipatory I/O scheduler are encouraged to test their workload using CFQ and file bugs for any performance issues observed. While the goal is to make CFQ perform on par with the Anticipatory I/O scheduler in all tested workloads.Web Server accelerator discontinued in Red Hat Enterprise Linux 6. there is only be a single kernel. • Non-PAE x86 kernel .Chapter 12. and a kernel without PAE. Package And Driver Changes Draft • megaraid • net/tokenring/ • paride • qla1280 • sound/core/oss • sound/drivers/opl3/* • sound/pci/nm256 Deprecated Drivers • aacraid • aic7xxx • i2o • ips • megaraid_mbox • mptlan • mptfc • sym53c8xx Discontinued Kernel Components • NBD .Apple filesystem support discontinued in Red Hat Enterprise Linux 6. It has been many years since non- PAE hardware was sold in volume. which has been the default I/ O scheduler in the Linux kernel since 2006. Red Hat cannot guarantee that there will be no outliers. • The Anticipatory I/O scheduler is deprecated and is not present in Red Hat Enterprise Linux 6.

Revision History Revision 0.com Minor fixes.5 Thu Jun 24 2010 Scott Radvan sradvan@redhat.com Review for Beta 2 Revision 0.4 Thu Jun 3 2010 Scott Radvan sradvan@redhat.com Import sys-conf tools description Revision 0.1 Fri Feb 5 2010 Scott Radvan sradvan@redhat.com Review existing content for Beta Revision 0.2 Sun Apr 18 2010 Scott Radvan sradvan@redhat.3 Mon Apr 19 2010 Scott Radvan sradvan@redhat. Final build for Beta Revision 0.com Initial creation of guide by Publican 33 .Draft Draft Appendix A.

34 .